hackers

Anonymous hacker served with restraining order via NFT

Law firms Holland & Knight and Bluestone have served a defendant in a hacking case with a temporary restraining order through a nonfungible token, marking the first known legal process to be facilitated by an NFT. The so-called “service token” or “service NFT” was served to an unnamed defendant in a hacking case involving LCX, a Liechtenstein-based cryptocurrency exchange that was hacked in January for almost $8 million. As Cointelegraph reported at the time, the attack compromised the platform’s hot wallets, resulting in the loss of Ether (ETH), USD Coin (USDC) and other cryptocurrencies. Holland & Knight has become the first law firm to serve a defendant by #NFT, which was created and airdropped by our #AssetRecovery Team. Learn more from our client @LCX. https://t.co/wWs2cOVVY1 ...

Yuga Labs’ BAYC, OtherSide Discord groups breached, over 145 ETH stolen

Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing. OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs. BAYC & OtherSide discords got compromised‼️ Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W — OKHotshot (@NFTherder) June 4, 2022 According to OKH...

Axie Infinity’s Discord bot compromised, hackers issue fake minting message

Axie Infinity, the popular play-to-earn nonfungible token (NFT) game, faced another attack on its Discord server earlier on Wednesday, leading to a compromise of its MEE6 bot. MEE6 is a popular discord bot mainly used for automating roles and messages and is used by numerous crypto projects. The attackers used the compromised bot to add permissions to a fake Jiho account and later issued a fake announcement regarding a mint. The developers managed to remove the compromised MEE6 bot from the main server and deleted the fake messages as well. However, the official Twitter account of the project warned that many users might still see the fake message until they restart their Discord. 2/ The announcements have been deleted but some users may still see the message until they restart their Disco...

Etherscan, CoinGecko warn against ongoing MetaMask phishing attacks

Popular crypto analytics platforms Etherscan and CoinGecko have parallelly issued an alert against an ongoing phishing attack on their platforms. The firms began investigating the attack after numerous users reported unusual MetaMask pop-ups prompting users to connect their crypto wallets to the website.  Based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting to integrate their crypto wallets via MetaMask once they access the official websites. Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU — CoinGecko (@coingeck...

DeFi attacks are on the rise — Will the industry be able to stem the tide?

The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to why these groups are drawn to the sector is the sheer amount of funds that decentralized finance platforms hold. Top DeFi platforms process billions of dollars in transactions e...

Has New York State gone astray in its pursuit of crypto fraud?

The Empire State made two appearances on the regulatory stage last week, and neither was entirely reassuring.  On April 25, bill S8839 was proposed in the New York State (NYS) Senate that would criminalize “rug pulls” and other crypto frauds, while two days later, the state’s Assembly passed a ban on non-green Bitcoin (BTC) mining. The first event was met with some ire from industry representatives, while the second drew negative reviews, too. However, this may have been more of a reflex response given that the “ban” was temporary and principally aimed at energy providers. The fraud bill, sponsored by State Senator Kevin Thomas, looked to steer a middle course between protecting the public from scam artists while encouraging continued innovation in the crypto and blockchain sector. It...

Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot

Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 — nearly $80 million. On Saturday, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a “no questions asked” commitment. We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage. To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds. — Fei Protocol (@feiprotocol) April 30, 2022 While the exact losses from the explo...

STEPN impersonators stealing users’ seed phrases, warn security experts

Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user’s dashboard where they may connect their stolen wallets to their own or “claim” a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic....

Finance Redefined: Hacker bungles DeFi exploit, dYdx’s decentralization goals, and more

The decentralized finance (DeFi) ecosystem was filled with ups and downs —mostly the latter— this week, with two very distinct hack attempts and a heartbreaking departure of a DeFi veteran.  In this week’s newsletter, we will also look at derivative exchange dYdX’s plans to go fully decentralized by the end of the year. The price momentum of the DeFi tokens remained neutral, with several tokens registering a bullish surge. However, the market volatility meant many of them couldn’t hold onto those gains. Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto. Blockchain security and analytics firm BlockSec shared o...

Global Russian Hack Attack Targeted SA Energy Sector, US Claims

Sourced from International IDEA South Africa came out as one of 135 countries that the US claims Russian government employees targeted between 2012 and 2017 as part of two massive hack campaigns allegedly aimed at disrupting energy companies and critical infrastructure. According to Daily Maverick, the aim was to undertake a sophisticated campaign to target, compromise, and maintain continued access to the networks of critical infrastructure and energy companies worldwide. When asked if Eskom was targeted by Russia, the South African energy utility said that it, like many organisations, combats many cyber-attacks. Eskom, however, did not specify if it was targeted by Russian actors, specifically, or not. “We are aware that, daily, cybercriminals are actively targeting various sectors, incl...

BlockFi confirms unauthorized access to client data hosted on Hubspot

New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, March 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and phone numbers. Historically, bad actors have used such information for conducting phishing attacks and gaining access to acc...

Are crypto and blockchain safe for kids, or should greater measures be put in place?

Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some are raising concerns regarding the ways those under the age of 18 are interacting with digital assets. These challenges were highlighted in UNICEF’s recent “Prospects for children in 202...