hackers
PwC Venezuela Twitter account hacked, attacker shills fake XRP giveaway
An attacker gained access to PwC Venezuela’s Twitter account and has been actively posting cryptocurrency phishing links for the last 8 hours at the time of the writing. Considering that all the tweets posted by the hacker remain active, it is evident that PwC officials are yet to realize the compromise. Investors clicking on the links remain at risk of being defrauded by the hacker. If not mitigated promptly, the threat may be catastrophic, considering that PwC Veleneula’s Twitter currently boasts over 37,000 followers. Cointelegraph has reached out to PwC Venezuela to inform them about the hack. PwC Venezuela has not yet responded to Cointelegraph’s request for comment. Related: Elon Musk-crypto video played on S. Korean govt’s hacked YouTube channel BlueBenx, a Brazilian crypto le...
What is a seed phrase and why is it important?
A seed phrase might be confusing and probably you might be wondering how a seed phrase looks and maybe how it is created. The seed phrase is generated by a cryptocurrency wallet and the user has no way of customizing it. The words generated are derived from a list of 2048 words. So, how many words is a seed phrase? A seed phrase is made up of a long string consisting of a group of random words. The words on a seed phrase are simplified so that the user can remember them, unlike if the seed phrase consisted of long numbers or special characters. The recovery phrase consists of 12 to 24 words like energy, road or open. To avoid errors, these randomly generated words do not include pairs like “man” and “men” in the same seed phrase. Bitcoin im...
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that doesn’t include the $190 million Nomad bridge hack that occurred on August 1, 2022. Although open source code may be beneficial for...
Can Web3 be hacked? Is the decentralized internet safer?
Web3 came into existence posed as a blockchain-powered disruption to the current state of the internet. Yet, as a nascent technology, a fog of assumptions plagues discussions about the real capabilities of Web3 and its role in our day-to-day lives. Considering the promise of a decentralized internet using public blockchains, a complete transition to Web3 would require scrutiny across several factors. Out of the lot, security stands as one of the most crucial features as, in a Web3-powered world, tools and applications hosted over the blockchains go mainstream. Smart contract vulnerabilities While the blockchains that host Web3 applications remain impenetrable from being hostage to attackers, hackers target the vulnerabilities within the project’s smart contracts. Smart contract attacks on ...
Fei Protocol founder proposes ghosting Tribe DAO following hack repayment
An attack in April 2022, which drained off nearly $80 million from various Rari Fuse pools, required the decentralized finance (DeFi) platform Fei Protocol to come up with a solution that minimizes damage to the ecosystem. Fei Labs’ latest proposal, which partly recommends revoking participation from Tribe DAO, received mixed sentiments from the community. Fei Protocol founder Joey Santoro announced the latest proposal, TIP-121: Proposal for the future of the Tribe DAO, revealing the company’s intent to reimburse Fuze victims. It also details plans for asset redemption and the distribution of protocol-controlled value (PCV) assets that manage the liquidity and yield. I hope this proposal resonates with the community and thank you for your support.https://t.co/RjpS9j4x2H — Joey ’s ERC-4626 ...
Pandas, cyborgs, dogs, koalas dominate BNB Chain Red Alarm flag list
BNB Chain, a blockchain network created by crypto exchange Binance, identified over 50 on-chain projects that pose a significant risk to the users. A mix of crypto spin-offs resembling Dogecoin (DOGE) and Binance and others dedicated to pandas, cyborgs and koalas made the list as untrustworthy and high-risk projects. BNB Chain’s Red Alarm feature, which was implemented to protect investors from potential rug pulls and scams, flagged projects based on two main criteria — if the contract performs differently from what the project owners advertised or if the contract shows risks that might influence users’ funds. Speaking to Cointelegraph, Gwendolyn Regina, Investment Director at BNB Chain, said that the Red Alarm system analyzed 3,300 contracts just in July, adding that the company con...
Velodrome recovers $350K stolen funds from team member Gabagool
Velodrome Finance, a trading and liquidity marketplace, announced the recovery of $350,000 stolen on Aug. 4. However, the occasion turned bittersweet when internal investigations pointed out the involvement of a prominent team member, who goes by the pseudo name Gabagool. On Aug. 4, one of Velodrome’s high-worth wallets — dedicated for operating funds such as salaries — was drained off $350,000 before it could be transferred to the company’s treasury multisig wallet. A subsequent internal investigation revealed the attacker’s identification, which allowed the company to recover the entire loot. Velodrome’s official statement revealed: “Much to our disappointment, we learned the attacker was a fellow team member Gabagool.” While many community members came in support of the prominent coder,...
BlueBenx fires employees, halts funds withdrawal citing $32M hack
BlueBenx, a Brazilian crypto lending platform, reportedly blocked all of its 22,000 users from withdrawing their funds following an alleged hack that drained $32 million (or 160 million Brazilian real). While no details about the hack were made available, the company allegedly laid off most of its employees. BlueBenx joins the growing list of crypto companies that failed to deliver on their promise of exorbitant yield returns this crypto winter. The Brazilian crypto lender promised up to 66% returns for users investing in cryptocurrencies via various in-house earning avenues. A report from the local news board Portal do Bitcoin highlighted that BlueBenx halted all forms of withdrawals after falling victim to an “extremely aggressive” hack. According to BlueBenx’s lawyer, Assuramaya Kuthumi...
Curve Finance resolves site exploits, directs users to revoke recent contracts: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. This past week, cross-bridge protocols became the center of DeFi discussions as a new report showed RenBridge was used to launder $540 million in stolen funds. Curve Finance, on the other hand, resolved its site exploit and directed users to revoke any recent contracts. Interlay, a London-based blockchain firm, launched a Bitcoin (BTC)-based cross-chain bridge on Polkadot named interBTC (iBTC), DeFi platform Oasis.app says that sanctioned addresses will no longer be able to access the application. The majority of the top-100 DeFi tokens saw a new surge in bullish momentum along with the rest of the market, with se...
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to the private keys of some 8000 wallets that resulted in $5 million worth of Solana (SOL) and Solana Program Library (SPL) tokens being pilfered. deBridge Finance managed to sidestep an attempted phishing attack on Monday, Aug....
Curve Finance exploit: Experts dissect what went wrong
Decentralized finance protocols continue to be targeted by hackers, with Curve Finance becoming the latest platform to be compromised after a domain name system (DNS) hijacking incident. The automated market maker warned users not to use the front end of its website on Tuesday after the incident was flagged online by a number of members of the wider cryptocurrency community. While the exact attack mechanism is still under investigation, the consensus is that attackers managed to clone the Curve Finance website and rerouted the DNS server to the fake page. Users who attempted to make use of the platform then had their funds drained to a pool operated by the attackers. Curve Finance managed to remedy the situation in a timely fashion, but attackers still managed to siphon what was origi...
Nomad announces $19-million bounty for lost funds from recent hack
Nomad announced a bounty of up to 10% for the return of the stolen funds from the Nomad bridge. In a website announcement and tweet, the company publicly provided a wallet address for sending the funds. The bounty is applicable to anyone who comes forward from now on or already returned funds. At the time of writing, Nomad has recovered more than $20 million. The Nomad token bridge suffered a massive hack on Tuesday. This incident was among the largest in the history of crypto hacks, with nearly $200 million in crypto assets stolen. However, the platform wasted no time addressing its community and the hackers. Update: Nomad Bridge Hack Bounty (see below for details) Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c...
