hackers
Finance Redefined: Solana and Nomad bridge fall prey to exploits losing millions
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. This past week, the DeFi ecosystem saw two exploits, one after another, resulting in the loss of millions of dollars. First, cross-bridge token platform Nomad became a victim of what many deemed a decentralized robbery, which saw almost $190 million drained out of their wallets. Solana ecosystem became the victim of a widespread unknown attack that saw thousands of wallets getting drained out of all the funds. Apart from a series of exploits, Nansen admitted their negligence toward the DeFi market during the NFT boom. The top-100 DeFi tokens had a mixed price action over the past week, with many seeing a downturn ...
Nomad reportedly ignored security vulnerability that led to $190M exploit
The Nomad token bridge hack on Aug. 3 was the fourth largest crypto hack in history that saw nearly $200 million worth of crypto assets drained from the platform. However, more than the hack, the methodology behind it garnered widespread attention. The exploit took place due to a smart contract vulnerability that saw hundreds of users other than the hacker also get involved, taking away as much as they can by simply copy-pasting the transaction data used by the initial hacker and changing the wallet address to theirs. The event was later deemed as a decentralized robbery by many due to the involvement of normal community members. Later, the Nomad team revealed to Cointelegraph that some of the people who took funds were acting benevolently to protect the crypto from getting into the w...
Hacker drains $1.08M from Audius following passing of malicious proposal
Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Auduis, the passing of a malicious governance proposal resulted in the transfer of tokens worth $5.9 million, with the hacker making away with $1 million. On July 24, a malicious proposal (Proposal #85) requesting the transfer of 18 million Audius’ in-house AUDIO tokens was approved by community voting. First pointed out on Crypto Twitter by @spreekaway, the attacker created the malicious proposal wherein they were “able to call initialize() and set himself as the sole guardian of the governance contract.” Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report ...
Implementing Security Best Practices to Maintain Integrity at the Edge
Industry 4.0, IIoT, and smart manufacturing are all buzzwords that we’ve been talking about for years. Many of us have had visions of factory floors run by futuristic robots and drones reminiscent of SciFi movies like iRobot. Well, it seems that life is indeed starting to imitate art; a 2021 McKinsey & Company survey concluded that many global manufacturing companies were able to keep their operations running during the pandemic, thanks to Industry 4.0. Furthermore, more than half of the respondents indicated that technology played a fundamental role in staying operational. Moreover, according to recent studies, the COVID-19 pandemic has vaulted us five years forward in digital business adoption. More and more manufacturers are considering actively adopting “lights out” factories and s...
Crema Finance shuts liquidity protocol on Solana amid hack investigation
Crema Finance, a concentrated liquidity protocol over the Solana blockchain, announced the temporary suspension of its services owing to a successful exploit that has drained a substantial but undisclosed amount of funds. Soon after realizing the hack on its protocol, Crema Finance suspended the liquidity services to refrain the hacker from draining out its liquidity reserves — which include the funds of the service provider and investors. Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP. — CremaFinance (@Crema_Finance) July 3, 2022 Speaking to Cointelegraph about the matter, Henry Du, the co-founder of Crema Finance confirmed the commencement of the investigation. He state...
Infamous North Korean hacker group identified as suspect for $100M Harmony attack
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds.” Additionally, Elliptic outlined exactly how the heist was executed, noting that The Lazarus Group targeted the login credentials of Harmony employees in ...
Anonymous hacker served with restraining order via NFT
Law firms Holland & Knight and Bluestone have served a defendant in a hacking case with a temporary restraining order through a nonfungible token, marking the first known legal process to be facilitated by an NFT. The so-called “service token” or “service NFT” was served to an unnamed defendant in a hacking case involving LCX, a Liechtenstein-based cryptocurrency exchange that was hacked in January for almost $8 million. As Cointelegraph reported at the time, the attack compromised the platform’s hot wallets, resulting in the loss of Ether (ETH), USD Coin (USDC) and other cryptocurrencies. Holland & Knight has become the first law firm to serve a defendant by #NFT, which was created and airdropped by our #AssetRecovery Team. Learn more from our client @LCX. https://t.co/wWs2cOVVY1 ...
Yuga Labs’ BAYC, OtherSide Discord groups breached, over 145 ETH stolen
Yuga Labs, the creator of two of the most popular ape-themed nonfungible token (NFT) offerings — Bored Ape Yacht Club (BAYC) and OtherSide — witnessed yet another orchestrated phishing attack with investors losing over 145 Ether (ETH) or nearly $260,000 at the time of writing. OKHotshot, a blockchain detective and a member of the Crypto Twitter community, alerted crypto investors about the compromise of two official Discord groups linked to BAYC and OtherSide NFTs. BAYC & OtherSide discords got compromised‼️ Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen Proper permissions could prevent this pic.twitter.com/lCl2DfZQ0W — OKHotshot (@NFTherder) June 4, 2022 According to OKH...
Axie Infinity’s Discord bot compromised, hackers issue fake minting message
Axie Infinity, the popular play-to-earn nonfungible token (NFT) game, faced another attack on its Discord server earlier on Wednesday, leading to a compromise of its MEE6 bot. MEE6 is a popular discord bot mainly used for automating roles and messages and is used by numerous crypto projects. The attackers used the compromised bot to add permissions to a fake Jiho account and later issued a fake announcement regarding a mint. The developers managed to remove the compromised MEE6 bot from the main server and deleted the fake messages as well. However, the official Twitter account of the project warned that many users might still see the fake message until they restart their Discord. 2/ The announcements have been deleted but some users may still see the message until they restart their Disco...
Etherscan, CoinGecko warn against ongoing MetaMask phishing attacks
Popular crypto analytics platforms Etherscan and CoinGecko have parallelly issued an alert against an ongoing phishing attack on their platforms. The firms began investigating the attack after numerous users reported unusual MetaMask pop-ups prompting users to connect their crypto wallets to the website. Based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting to integrate their crypto wallets via MetaMask once they access the official websites. Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU — CoinGecko (@coingeck...
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to why these groups are drawn to the sector is the sheer amount of funds that decentralized finance platforms hold. Top DeFi platforms process billions of dollars in transactions e...
Has New York State gone astray in its pursuit of crypto fraud?
The Empire State made two appearances on the regulatory stage last week, and neither was entirely reassuring. On April 25, bill S8839 was proposed in the New York State (NYS) Senate that would criminalize “rug pulls” and other crypto frauds, while two days later, the state’s Assembly passed a ban on non-green Bitcoin (BTC) mining. The first event was met with some ire from industry representatives, while the second drew negative reviews, too. However, this may have been more of a reflex response given that the “ban” was temporary and principally aimed at energy providers. The fraud bill, sponsored by State Senator Kevin Thomas, looked to steer a middle course between protecting the public from scam artists while encouraging continued innovation in the crypto and blockchain sector. It...
