A new report by blockchain security company Beosin revealed that the total amount of crypto assets lost to exit scams and rug pulls was higher than the amount stolen from decentralized finance (DeFi) projects through exploits and attacks last month. Beosin also discovered that losses from the exploits in May were down 79% compared to...Read More
The non-custodial decentralized crypto wallet Atomic Wallet – with a reported user base of over five million customers – said some of its users complained about having their digital assets drained. Later reports suggested that numerous users had six figures worth of crypto wiped out, while the largest victim lost nearly $3 million worth of...Read More
Arbitrum-based liquidity platform – Jimbos Protocol – revealed working with multiple security researchers and on-chain analysts after suffering an exploit of around $7.5 million over the weekend. According to the latest update, Jimbos said the team will engage with law enforcement agencies after 4 PM UTC on Monday if the exploiter failed to return the...Read More
A good number of high-profile attacks on the crypto ecosystem took place last year, targeting everything and everyone from Phantom wallets to smart contracts themselves. A common choice of target was cross-chain bridges, which allowed hackers to make off with serious bounties, most notably in the case of Harmony. Sharp Decrease in Attacks However, times...Read More
The United States Department of Justice (DOJ) plans to direct crackdowns against rogue crypto trading platforms and such investment scams, a top official said. Recently, an FBI report revealed that American citizens lost $2.5 billion to crypto scams in 2022. DОJ to Target Rogue Exchanges Eun Young Choi, director of the National Cryptocurrency Enforcement Team...Read More
According to an undisclosed White House official, North Korea has funded approximately half of its missile tests through crypto theft and cyberattacks. A recent Chainalysis report suggested that North Korean hackers embezzled $1.7 billion of digital assets in 2022. Arguably the most notorious local hacking collective – the Lazarus Group – stood behind numerous exploits...Read More
Joseph James O’Connor, a 23-year-old British citizen extradited from Spain to the United States on April 26, pleaded guilty to multiple charges, including hacking the social media platform Twitter in 2020. O’Connor, who also uses the online name PlugwalkJoe, has been charged with stealing cryptocurrencies worth $794,000 from a Manhattan-based company through a SIM Swap...Read More
According to the blockchain and smart contract security firm Certified Kernel Tech (better known as CertiK), crypto-related exploits, hacks, and scams in April resulted in losses worth $103 million. The figures for last month are a lot less than the $211 million worth of digital assets which wrongdoers siphoned throughout March 2023. Summarizing the Incidents...Read More
Blockchain security firm CertiK and zk-Sync decentralized exchange (DEX) Merlin are working towards a plan to reimburse users affected by a recent exploit that drained almost $2 million from the latter. Merlin revealed on Thursday that the incident, which was widely believed to be an exploit, was, in fact, a rug pull by several rogue...Read More
Ethereum-based decentralized exchange (DEX) Merlin, which uses zero-knowledge sync (zkSync), has lost more than $1.8 million in a liquidity pool exploit hours after smart contract security firm CertiK audited its code. The hack occurred on Wednesday morning during the public sale of Merlin’s native token, MAGE, with the attacker siphoning several assets, including USD Coin...Read More
The United States Department of Treasury sanctioned three individuals who helped the notorious hackers Lazarus Group to process the conversion of stolen cryptocurrency to fiat, allegedly for the funding of the Democratic People’s Republic of Korea’s (DPRK) illicit weapons of mass destruction (WMD) and ballistic missile programs. An earlier report by Chainalysis claimed that Lazarus...Read More
KuCoin’s Twitter account was briefly compromised, causing the platform’s users to lose over 22,000 USDT to hackers through fake activity. The crypto exchange was able to recover its account and promised to reimburse affected users. KuCoin revealed that hackers took over its Twitter account for 45 minutes to promote a fake activity on Monday, April...Read More
Web3 wallet provider, MetaMask took Twitter to deny claims that a “massive wallet-draining operation” originated from an exploit of its wallet. The update comes after Taylor Mohanan alleged that an attacker was “sending” transactions via MetaMask, draining crypto from long-time users and employees. Mohanan, who also happens to be a MetaMask developer, later confirmed that...Read More
Tornado Cash has, once again, found itself as the nexus of pilfered funds from a DeFi protocol. An Ethereum wallet address associated with the exploiter of the DAO Maker breach from 2021 sent $600,000 worth of DAI stablecoin through the controversial coin mixer. According to the blockchain security firm, PeckShield, the wallet had been dormant...Read More
Cryptocurrency exchange Bitrue was exploited today, with the perpetrator being able to withdraw approximately $23 million worth of cryptocurrency. The exploit was officially confirmed. In a Twitter thread posted today, Bitrue revealed that the exchange suffered a “brief exploit” in one of their hot wallets earlier. 1/4: We have identified a brief exploit in one...Read More
Ethereum-based decentralized exchange (DEX) SushiSwap released an update about its plans to return stolen funds to users affected by the $3.3 million exploit over the weekend. According to an announcement from the exchange’s official Twitter handle, users whose assets were taken by white hat security teams would be refunded quicker than those who lost theirs...Read More
As DeFi hacks continue, the latest protocols to be targeted by exploiters are Aave and Yearn Finance, according to blockchain security firm PeckShield. Aave’s version 1 was impacted, while versions 2 and 3 remained unaffected. The oldest version has been frozen since December 2022, and the team behind the lending protocol said it is monitoring...Read More
Hackers drained almost $13 million worth of digital assets from the South Korean cryptocurrency platform GDAC. This is the latest in a string of setbacks the industry went through. The Latest Victim The exchange’s team notified its users on April 9 that hackers exploited the Gdac Hot Wallet and transferred a significant amount of cryptocurrencies...Read More
Terraport Finance, a decentralized finance (DeFi) platform on the Terra Classic network, has lost over $2 million worth of digital assets through an exploit on its liquidity wallet. According to an announcement from the project’s official Twitter handle on April 10, the Terraport team is still investigating the hack and trying to secure the protocol....Read More
The blockchain security resource PeckShield was the first to inform about the exploit against SushiSwap’s approval contract. According to the firm, all 1,800 ETH (worth about $3.3 million) were drained from a single user – @0xsifu. The “RouterProcessor2” contract in question is used to execute trade routing on the popular decentralized exchange. It seems the...Read More
The multichain token bridge Allbridge, which was recently hacked, said that 1,500 BNB (worth around $465,000) was returned to its team. The rest of the funds will be considered a white hat bounty to the exploiter, according to the statement. The cross-chain bridge enables digital asset transfer from one blockchain network to another via liquidity...Read More
The exploiter behind the multi-million dollar Euler Finance attack has returned all recoverable funds, the decentralized finance (DeFi) lending protocol announced Tuesday. In a Twitter post, the project’s development team disclosed that the hacker returned all the funds after successful negotiations. Euler Finance Receives Stolen Funds Recall that Euler lost roughly $200 million on March...Read More
The blockchain security company – PeckShield – outlined that wrongdoers siphoned $211.5 million worth of cryptocurrencies last month via 26 attacks. The Euler Finance exploit accounted for the bigger part of the amount after hackers stole $197 million in staked ETH, USDC, wrapped BTC, and DAI. March Was Not All Sunshine and Roses The revival...Read More
A large Ethereum MEV bot was targeted in a sandwich attack on Sunday, netting an attacking validator roughly $25 million in funds. A sandwich attack is when an attacker places a large trade on either side of a target’s transaction, manipulating the price and profiting from the price change. In this case, the money was...Read More
Decentralized finance (DeFi) project SafeMoon saw its liquidity pool (LP) compromised on Tuesday through a public token bug, with the attacker draining wrapped BNB (WBNB) from the protocol. SafeMoon announced the attack on Twitter, disclosing it was working to resolve the issue as soon as possible. However, the platform did not share details of the...Read More
The hacker behind DeFi protocol Euler Finance’s $200 million exploit earlier this month has publicly communicated through the blockchain to apologize for his crime. The exploiter, going by the name “Jacob,” has gradually been returning funds related to the hack, now totalling $177 million. In an encoded blockchain message on Monday, the hacker promised to...Read More
The hacker behind the largest DeFi exploit of 2023 continues to demonstrate controversial behavior, as this time, they returned the majority of the funds stolen from Euler Finance. In two separate transactions, the perpetrator sent back over $100 million worth of ETH to the protocol. CryptoPotato reported the flash loan attack, which took place earlier...Read More
Omniscia, the auditing partner of Euler Finance, has released a post-mortem report on the same which stated that the vulnerability that was exploited by the malicious hackers originated from the decentralized finance lending protocol’s incorrect donation mechanism that failed to account for the donator’s debt health. The vulnerable code introduced in eIP-14 brought about several...Read More
As if the traditional banking system isn’t causing enough troubles, a DeFi lending protocol called Euler Finance was also hit by a flash-loan attack. The damage equates to almost $200 million worth of staked ether, USDC, wrapped BTC, and DAI. Euler Finance is a decentralized lending protocol that was most recently exploited for a whopping...Read More
Decentralized proof-of-stake (PoS) blockchain Hedera finally confirmed a security breach. In an update, the team behind the platform revealed that attackers managed to exploit the Smart Contract Service code of the protocol’s mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own. It said the root cause of the issue has...Read More
