hackers
Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot
Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 — nearly $80 million. On Saturday, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a “no questions asked” commitment. We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage. To the exploiter, please accept a $10m bounty and no questions asked if you return the remaining user funds. — Fei Protocol (@feiprotocol) April 30, 2022 While the exact losses from the explo...
STEPN impersonators stealing users’ seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user’s dashboard where they may connect their stolen wallets to their own or “claim” a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic....
Finance Redefined: Hacker bungles DeFi exploit, dYdx’s decentralization goals, and more
The decentralized finance (DeFi) ecosystem was filled with ups and downs —mostly the latter— this week, with two very distinct hack attempts and a heartbreaking departure of a DeFi veteran. In this week’s newsletter, we will also look at derivative exchange dYdX’s plans to go fully decentralized by the end of the year. The price momentum of the DeFi tokens remained neutral, with several tokens registering a bullish surge. However, the market volatility meant many of them couldn’t hold onto those gains. Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto. Blockchain security and analytics firm BlockSec shared o...
Global Russian Hack Attack Targeted SA Energy Sector, US Claims
Sourced from International IDEA South Africa came out as one of 135 countries that the US claims Russian government employees targeted between 2012 and 2017 as part of two massive hack campaigns allegedly aimed at disrupting energy companies and critical infrastructure. According to Daily Maverick, the aim was to undertake a sophisticated campaign to target, compromise, and maintain continued access to the networks of critical infrastructure and energy companies worldwide. When asked if Eskom was targeted by Russia, the South African energy utility said that it, like many organisations, combats many cyber-attacks. Eskom, however, did not specify if it was targeted by Russian actors, specifically, or not. “We are aware that, daily, cybercriminals are actively targeting various sectors, incl...
BlockFi confirms unauthorized access to client data hosted on Hubspot
New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, March 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and phone numbers. Historically, bad actors have used such information for conducting phishing attacks and gaining access to acc...
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some are raising concerns regarding the ways those under the age of 18 are interacting with digital assets. These challenges were highlighted in UNICEF’s recent “Prospects for children in 202...
Journalist alleges Mimo Capital co-founder was behind 2016 exploit of The Dao: Report
Laura Shin, a cryptocurrency journalist and host of the Unchained Podcast, claimed to have discovered the identity of the individual behind an exploit which drained more than 3.6 million Ether from Germany-based startup Slock.it’s The DAO in 2016. According to a Tuesday Bloomberg report, Shin claimed that she had “extremely strong evidence” that Mimo Capital co-founder Toby Hoenisch was responsible for removing more than 3.6 million Ether (ETH) from The DAO in June 2016 — roughly $50 million at the time. An unknown hacker used an exploit to drain roughly a third of The DAO’s ETH supply, forcing developers to hard fork the network and leaving the illicit funds in what became the Ethereum Classic (ETC) blockchain. EXCLUSIVE: With the publication of my book today, I can finally announce: in t...
OpenSea planned upgrade stalls as phishing attack targets NFT migration
Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don’t migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within hours after OpenSea’s upgrade announcement, reports across multiple sources emerged about an ongoing attack that targets the soon-to-be-delis...
Multichain recovers $2.6M stolen funds, to reimburse losses on condition
After a month-long fight against an ongoing exploit, cross-chain router protocol Multichain announced the recovery of nearly 50% of the total stolen funds, worth nearly $2.6 million of cryptocurrencies. The team has also released a compensation plan to reimburse the users’ losses. On Jan. 10, blockchain security expert Dedaub alerted Multichain about two vulnerabilities in its liquidity pool and router contracts — affecting eight cryptocurrencies including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX). 1/3 We recently identified the “phantom functions” code pattern, which would have led to likely the largest crypto hack ever. Your code may be vulnerable! You need to check for the pattern in your Solidity/EVM code! https://t.co/pxRqCQFbnS — Dedaub ...
The biggest crypto heists of all time
The biggest crypto heists to date are MT Gox, Bitgrail, Coincheck, KuCoin, PancakeBunny, Poly Network, Cream Finance, BadgerDAO, Vulcan Forged and Bitmart. MT Gox MT Gox was the first large-scale exchange hack, and it remains the most significant Bitcoin (BTC) heist from an exchange. The MT Gox robbery, on the other hand, was not a one-off occurrence. Rather, the site leaked cash from 2011 to February 2014. Hackers stole 100,000 BTC from the exchange and 750,000 BTC from its consumers over a few years. These Bitcoin burglaries were valued at $470 million at the time, but they’re now worth approximately ten times this amount. Shortly after the theft, MT Gox went into liquidation, with liquidators recovering roughly 200,000 of the stolen BTC. Bitgrail Bitgrail was a small Italian excha...
Crypto YouTubers fall victim to hacking and scamming attempt
Hackers attacked a number of popular crypto YouTuber accounts at some point during the afternoon of Jan. 23. The accounts posted unauthorized videos with text directing viewers to send money to the hacker’s wallet. Accounts who appear to have been targeted by the attack include: ‘BitBoy Crypto’, ‘Altcoin Buzz’, ‘Box Mining’, ‘Floyd Mayweather’, ‘Ivan on Tech’, and ‘The Moon’ among others. BREAKING: Dozens of Crypto YouTubers have had their accounts hijacked by hackers promoting a fake crypto giveaway scam. Hacked accounts include:@IvanOnTech@boxmining@aantonop@themooncarl@Bitboy_Crypto@mmcrypto@Altcoinbuzzio@FloydMayweather@crypto_banter@CoinMarketCap pic.twitter.com/ykXkZUh9cO — Mr. Whale (@CryptoWhale) January 23, 2022 The Binance Smart Chain wallet address that was listed on the f...
Multichain under fire from users as hacking losses grow to $3M
Hackers have continued to exploit a critical vulnerability in the cross-chain router protocol (CRP) Multichain that first appeared on Jan 17. Earlier this week, Multichain urged users to revoke approvals for six tokens to protect their assets from being exploited by malicious individuals. However Multichain’s announcement on Jan. 17 encouraged more hackers to try the exploit. One stole $1.43 million, another offered to return 80% while keeping the rest as a tip. According to Tal Be’ery, the co-founder of the ZenGo wallet, the stolen amount has now risen to $3 million. The @MultichainOrg hack is far from being over.Over the last hours more than additional $1M stolen, rising the total stolen amount to $3M.One victim lost $960K!https://t.co/fYhYxUojB8 pic.twitter.com/Gvh5hB6t6s — Tal Be...
