Hacks
DeFi sees exploits and exit scam drama in the last week of 2022: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. For DeFi, the last week of 2022 saw another slew of exploits, insider job accusations and exit scam drama. It all started on Christmas, when Defrost Finance, a decentralized leveraged trading platform on the Avalanche blockchain, was exploited by a DeFi flash loan attack causing $12 million in losses. However, the hacker behind the attacks reportedly returned a portion of the funds the next day. Security analytic firm Certik looked into the chain of events and concluded that the $12 million of funds drained were a part of an exit scam. On Dec. 26, when the Defrost exploit saga was unfolding, Bitkeep, a multichain ...
Alameda wallets funnel over $1.7M via crypto mixers overnight
30 cryptocurrency wallets linked to Alameda Research, the bankrupt sister company of crypto exchange FTX, became active on Dec. 28 following four weeks of inactivity. These wallets swapped and mixed over $1.7 million worth of crypto assets through various crypto-mixing services. Crypto mixers are often used by market exploiters and criminals to obscure the transaction path so that the funds cannot be traced to the original source. As Cointelegraph reported on Dec. 28, the sudden movement of funds from Alameda wallets just days after Sam Bankman Fried was released on bail raised suspicions across the crypto community. Nearly 24 hours later, it seems the culprit behind these fund transfers used extensive planning to hide transaction routes. According to data shared by the crypto forensic gro...
3Commas CEO confirms API key leak following warning from CZ
Binance CEO Changpeng Zhao (CZ) warned his 8 million Twitter followers on Dec. 28 that he is “reasonably sure” that API key leaks are taking place at the cryptocurrency trade management platform. I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately. Stay #SAFU. — CZ Binance (@cz_binance) December 28, 2022 The disclosure by CZ followed an incident on Dec. 9, when Binance cancelled the account of a user who complained about losing funds a day earlier. That user claimed a leaked API key tied to 3Commas was used “to make trades on low cap coins to push up the price to make profit.” Binance declined to reimburse the user. CZ tweeted that the loss was unverifiable, and if the company m...
Alameda wallets become active days after SBF bail, community mulls foul play
The crypto wallets associated with now-bankrupt trading firm Alameda Research, the sister company of FTX, were seen transferring out funds just days after the former CEO Sam Bankman Fried was released on a $250 million bond. The transfer of funds from Alameda wallets raised community curiosity, but more than that, the way in which these funds were transferred grabbed the community’s attention. The Alameda wallet was found to be swapping bits of ERC20s for ETH/USDT, and then the Ether (ETH) and USDT (USDT) were funneled through instant exchangers and mixers. For example, a wallet address that starts with 0x64e9 received over 600 ETH from wallets that belong to Alameda, part of it was swapped to USDT while the other part of the transaction was sent to ChangeNow. On-chain analyst ZachXBT note...
BitKeep exploiter used phishing sites to lure in users: Report
The Bitkeep exploit that occurred on Dec. 26 used phishing sites to fool users into downloading fake wallets, according to a report by blockchain analytics provider OKLink. The report stated that the attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker. 【12-26 #BitKeep Hack Event Summary】1/n According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker addresses and total Txns volume reached $31M. — OKLink (@OKLink) December 26, 2022 The report did not say how the malicious file stole the users’ keys in an unencrypted form. Howev...
Web3 projects would rather get hacked than pay bounty: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. Uniswap, one of the leading decentralized exchange platforms, is integrating debit and credit card support for its users. It will allow Uniswap users to buy cryptocurrency directly with their cards. An ex-employee caused Ankr protocol’s recent $5 million hack. The DeFi protocol alerted relevant authorities and is seeking to prosecute the attacker while shoring up its security practices. A Web3 developer has claimed that many crypto ecosystem projects would rather get hacked than pay bounties. After reporting and helping patch a smart contract vulnerability, the developer claims that the projects he helped started ...
DeFi flash loan hacker liquidates Defrost Finance users causing $12M loss
Defrost Finance, a decentralized leveraged trading platform on Avalanche blockchain, announced that both of its versions — Defrost V1 and Defrost V2 — are being investigated for a hack. The announcement came after investors reported losing their staked Defrost Finance (MELT) and Avalanche (AVAX) tokens from the MetaMask wallets. Moments after a few users complained about the unusual loss of funds, Defrost Finance’s core team member Doran confirmed that Defrost V2 was hit with a flash loan attack. At the time, the platform believed that Defrost V1 was not impacted by the hack and decided to close down V2 for further investigation. Core team member Doran confirming attack on Defrost Finance. Source: Telegram At the time, the platform believed Defrost V1 was not impacted by the hack...
LastPass attacker stole password vault data, showing Web2’s limitations
Password management service LastPass was hacked in August 2022, and the attacker stole users’ encrypted passwords, according to a Dec. 23 statement from the company. This means that the attacker may be able to crack some website passwords of LastPass users through brute force guessing. Notice of Recent Security Incident – The LastPass Blog#lastpasshack #hack #lastpass #infosec https://t.co/sQALfnpOTy — Thomas Zickell (@thomaszickell) December 23, 2022 LastPass first disclosed the breach in August 2022 but at that time, it appeared that the attacker had only obtained source code and technical information, not any customer data. However, the company has investigated and discovered that the attacker used this technical information to attack another employee’s device, which was then used...
North Korean hacking activity ceases after regulators implement KYC – Report
According to a new press report published by South Korea’s National Intelligence Service (NIS), North Korean hackers have stolen more than 800 billion Korean won ($620 million) worth of cryptocurrencies from decentralized finance, or DeFi, platforms this year. The agency also revealed it blocked a daily average of 1.18 million attacks perpetrated by national and international hacking organizations in November. However, a NIS spokesperson revealed via local news outlet Kyunghyang Shinmun that all of the $620 million stolen by North Korean hackers through DeFi exploits occurred overseas, adding: “In Korea, virtual asset transactions have been switched to real-name transactions and security has been strengthened, so there is no damage.” Many funds have been lost ...
Crypto on-chain crime drama sees the good guys finally win
The stories about people getting their private keys hacked or stolen are nothing new, with a number losing their life savings because of these thefts. However, in quite an anti-climax scene, a crypto user managed to save their crypto holdings despite losing their private keys. Harpie, an on-chain security firm, revealed an instance of on-chain crime drama where the good guys eventually won. One of the users in their Discord group reportedly raised concerns about the suspected theft of their private keys. When the firm looked into said customer’s wallet, someone was indeed trying to transfer funds from the victim’s accounts. How did we do this? About a month ago, this user protected their tokens with Harpie. By approving and protecting their tokens with Harpie, this user gave us permis...
Raydium is attacked, loses $2M
Solana-based decentralized finance protocol Raydium has suffered an exploit, according to a statement from the developer. An initial investigation by the team revealed that the attacker took over the exchange’s owner account. The team said that “authority” over the automated market maker and farm programs has been paused “for now.” Twitter user and researcher ZachXBT reported that the attacker has bridged $2 million to Ethereum “so far.” An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known ⁰Initial understanding is owner authority was overtaken by attacker, but authority has been halted on AMM & farm programs for nowAttacker accnthttps://t.co/ZnEgL1KSwz — Raydium (@RaydiumProtocol) December 16, 2022 This is a breaking story and w...
Hackers copied Mango Markets attacker’s methods to exploit Lodestar: CertiK
According to a post-mortem analysis provided by CertiK of the $5.8 million Lodestar Finance exploit that occurred on Dec. 10, 5. The hacker burned a little over 3 million in GLP, their profit on this exploit was the stolen funds on Lodestar – minus the GLP they burned. 6. 2.8 Million of the GLP is recoverable, which is worth about $2.4 million. We are going to reach out to the hacker and… — Lodestar Finance (,) (@LodestarFinance) December 10, 2022 In a similar instance, CertiK said that Lodestar Finance hackers “artificially pumped the price of an illiquid collateral asset which they then borrow against, leaving the protocol with irretrievable debt.” “Despite some of the losses being potentially recoverable, the protocol is functionally insolvent right n...
