Atomicals Market Addresses Security Breach and Announces Compensation Measures

The recent events surrounding Atomicals Market (AM) have been a significant concern for the Atomicals community, especially following a severe security breach in two of its trading markets. This breach led to hacker attacks and considerable losses for users, stirring up discussions and demands for action within the community. Shep.eth, an early participant and active community member, took the initiative to address these issues directly with the AM team.

In a detailed letter to the community, shep.eth elaborated on the unfortunate security incidents at Atomicals’ trading markets. Although the details of the attacks were already widely discussed in the community and clarified by the Atomicals protocol team, shep.eth focused on the response and resolution efforts. Representing the interests of affected users and the community, shep.eth held discussions with the AM team to clarify the incident’s causes and explore potential compensation for those who suffered losses.

These discussions led to several significant developments. First, a change in leadership was announced, with @BRC20Coins, the founder of AM, stepping down from any management role. An anonymous individual, a friend of shep.eth, is set to take over as the new CEO. This transition is part of a broader effort to ensure that similar issues are prevented in the future. The new team also committed to compensating the total of 33,000 $ATOM lost in recent ‘zero-dollar purchase’ events, promising to complete this within a week after the leadership transition.

In addition to these measures, AM plans to overhaul its operational and development teams. This restructuring aims to enhance testing processes, ensuring asset safety, an improved user experience, and more effective communication. Moreover, AM intends to revisit its branding, including its logo and name, reflecting a new direction and commitment to security and trust.

Despite not being involved in AM’s management or decision-making, shep.eth will continue to contribute as a community member and a friend of the new CEO. He emphasized the community’s vital role in the protocol’s development and expressed hope for AM’s future under new leadership, focusing on rectifying past mistakes and providing safer, better services to the community and users.

Atomicals Protocol also issued a response, clarifying their position regarding the security issues. They refuted claims of negligence related to the use of SIGHASH_NONE signatures, explaining that they had warned AM against this practice due to its associated risks. The protocol stressed the importance of prioritizing user safety and trust, asserting their independence from Atomicals Market and other projects.

Image source: Shutterstock


Tagged : / / / / / / / / / / / / /

Huobi HTX Responds to Recent Hack, Ensures Full Compensation for Affected Users

On November 22nd, 2023, Huobi HTX, previously known as Huobi Global, experienced a significant security breach. This attack led to a substantial loss, initially estimated at $13.6 million but later valued at approximately $30 million. This incident marks another in a series of cybersecurity challenges faced by cryptocurrency exchanges and related platforms.

Following the attack, Huobi HTX issued a statement to its users, reassuring them about the security of their funds. The exchange committed to fully compensating the losses incurred due to the attack, emphasizing its dedication to user fund safety. Despite the substantial loss, HTX clarified that the incident had a minimal impact on the platform’s overall financial health and would not affect its normal operations.

Huobi HTX announced plans to resume deposit and withdrawal services within 24 hours of the incident. In line with its commitment to security, HTX highlighted the importance of protecting user assets and information. The exchange assured the implementation of all necessary measures to prevent such incidents in the future.

This incident is part of a larger pattern of security breaches affecting platforms associated with or managed by Chinese entrepreneur Justin Sun. Notably, the HTX Eco (HECO) Chain bridge, involving HTX, Tron, and BitTorrent cryptocurrency, suffered an $86.6 million loss in a separate attack. In total, HTX and other Sun-related businesses have faced four distinct hacks in the past two months, raising concerns about the robustness of their security measures.

The most notable recent attack was against the Poloniex exchange on November 10th, resulting from an alleged private key breach. This incident led to a loss of $100 million, prompting an ongoing investigation to identify the root cause. A $10 million white hat reward is currently offered for the return of the funds stolen in the Poloniex exploit.

Justin Sun has publicly addressed these incidents, emphasizing ongoing investigations to understand the reasons behind these hacks. He reassured that services would resume once the investigations are complete and the vulnerabilities are addressed.

Image source: Shutterstock


Tagged : / / / / / / / / /

Allbridge Provides Compensation Plan for Hacked Users

Allbridge, a multichain token bridge provider, has posted a recovery plan following a recent hack where the project was exploited for roughly $573,000 on April 1. In an April 5 statement, Allbridge said it has already started a compensation process for users despite only “partly recovering funds.” The protocol aims to fully compensate those affected by the exploit with funds available to them.

The compensation plan will prioritize users with funds stuck on the token bridge due to the emergency shutdown. Allbridge aims to compensate its liquidity providers (LPs) following the compensation of these users. An application form is currently being drafted for LPs who could not withdraw their assets, allowing them to apply for compensation and provide details of their losses. The compensation process is expected to commence next week, starting with users who “have used the bridge shortly before the shutdown.”

Allbridge enabled LPs to withdraw their funds on April 2, with the majority withdrawing their assets from the pool. Some, however, could withdraw even more “due to the pool’s disbalance.” Others could not withdraw “a reasonable amount” from the liquidity pool due to some users withdrawing more than their original balances and the hack’s impact on the pools.

The compensation plan comes after Allbridge tweeted on April 3 that 1,500 BNB (BNB), worth approximately $465,000, was returned to the project following a public proposal made to the hacker in an April 1 tweet. The protocol’s exploiter seemingly accepted Allbridge’s offer of a “white hat bounty,” where they could keep a portion of the stolen funds in exchange for an assurance that no legal action would be taken.

Allbridge noted that all affected parties by the exploit will be subject to additional rewards in the future, but compensation remains their main priority. The protocol aims to fully compensate all victims of the exploit with funds available to them.

This compensation plan is a positive step for Allbridge to regain the trust of its users after the hack. While the project was only able to partially recover funds, the compensation process shows a willingness to make affected users whole. The inclusion of an application form for LPs who could not withdraw their assets also shows a willingness to make the compensation process as smooth as possible.

This hack also highlights the importance of security in the DeFi space. While noncustodial protocols allow users to maintain control of their funds, they are also vulnerable to hacks. As the DeFi space continues to grow, it is crucial that projects prioritize security measures to prevent hacks and protect user funds.

Meanwhile, Ethereum-based noncustodial lending protocol Eurler Finance announced on April 4 that it recovered most of the $196 million stolen in a March 13 flash loan attack following successful negotiations. The attacker managed to steal millions worth of Dai (DAI), USD Coin (USDC), staked Ether (stETH), and wrapped Bitcoin (WBTC) in the largest hack of 2023 so far. The quick recovery of stolen funds by Eurler Finance shows the importance of prompt action in mitigating the effects of hacks in the DeFi space.


Tagged : / / / / /

BitKeep Compensates Users After $8M Hack

On December 26, 2022, BitKeep, a multichain wallet, suffered an attack that resulted in an estimated $8 million loss of funds from users who downloaded the 7.2.9. APK update for the wallet. The update had been maliciously swapped by hackers, resulting in the theft of users’ cryptocurrency holdings.

In response to the hack, BitKeep announced on March 29 that it had fully compensated all 11,090 users affected by the incident. The compensation was made possible through the company’s own funds and was an important step in restoring trust with its user base.

Additionally, BitKeep announced that it will rebrand to Bitget Wallet following a $30 million investment from the cryptocurrency derivatives exchange Bitget. The investment valued BitKeep at $300 million and will provide the wallet with access to Bitget’s $300 million User Protection Fund, which will help mitigate the risk of future security threats.

The compensation of affected users is a significant move by BitKeep to show its commitment to security and to demonstrate that it takes the safety of its users’ assets seriously. With the rebrand to Bitget Wallet and access to the User Protection Fund, the company is signaling that it is taking additional steps to enhance the security of its platform and to protect its users’ assets.

The decision to rebrand to Bitget Wallet also represents a strategic move by the company to align itself more closely with Bitget, a well-established player in the cryptocurrency derivatives exchange market. By partnering with Bitget, BitKeep will be able to tap into the expertise and resources of a company with a proven track record of success in the industry.

Overall, the compensation of affected users and the rebrand to Bitget Wallet represent important steps for BitKeep as it seeks to enhance its security and position itself for future growth. With access to the Bitget User Protection Fund, the company is well-positioned to protect its users’ assets from future security threats and to continue building a reputation as a trusted and reliable provider of cryptocurrency wallet services.


Tagged : / / / / /

Crypto Investors Should Expect No Compensation From Government: UK Regulator

Nikhil Rathi, the Chief Executive Officer of the United Kingdom Financial Conduct Authority (FCA) has taken a harsh stance against the chances of victims of digital currency scams receiving compensation from the government. 

Speaking through a statement to the Treasury Committee, Rathi commented about the risks of the much-unregulated cryptocurrency sector in the country:

“When we talk about the compensation scheme, we have to draw some pretty clear lines. I would suggest anything crypto-related should not be entitled to compensations, and consumers should be clear about that when investing,”

Governments around the world are still sceptical enough concerning investments in digital currencies. This is in part related to the fact that the industry has no trusted investment safeguards and users have been subjected to a series of scams around the world. A unit of the FCA, the Financial Services Compensation Scheme (FSCS) has been living up to the task of compensating victims of rug pulls in the crypto space. This year alone, a total of 717 million pounds have been issued out in total.

According to the stance of Rathi, the UK may soon introduce a rule that will take away this privilege from crypto investors. While the regulator is not entirely against the blockchain ecosystem, support for investing in speculative assets is billed to be stumped.

“There are technologies underpinning cryptocurrencies, which, I think we would recognize, as having significant benefits and value, such as tackling financial crimes. A number of innovations, however, we have raised concerns around,” said Rathi when asked about the country’s regulatory framework.

“Some of these crypto-assets, we don’t believe have intrinsic value. They have been a part of a series of organized crimes and money laundering, and anyone who invests in them must be ready to lose all of their money.” 

Different regulators are exploring their own unique avenues to protect crypto investors on their shores. As the nascent industry grows towards maturity, industry stakeholders are likely to continually advocate for progressive regulations that can bolster a good growth of all parties of interest in the ecosystem.

Image source: FTadvisor


Tagged : / / / / /

Animoca Brands to Cover Losses of Recent Scam Victims

Hong Kong-based Animoca Brands released a statement saying that the company will cover the losses of those who fell victim to an online scam on November 19. - 2021-11-25T143800.816.jpg

Further details about the compensation on covered losses will be announced shortly, Animoca Brands said.

“The exact nature and mechanism of the compensation will be determined after discussions with the Phantom Galaxies community, but it will involve transfers to users to cover the amounts stolen by the hackers or the delivery of equivalent value. More information will be provided in the game’s official channels,” Animoca Brands said.

The Phantom Galaxies game is currently under development by the Animoca Brands subsidiary Blowfish Studios based in Sydney, Australia.

Blowfish Studios will also be helping Animoca Brands to cover the losses of all victims.

Animoca Brands has warned users about such scams in the future and advised them not to trust announcements that play on the fear of missing out (FOMO).

“Never trust stealth drop/mint events; these events seek to take advantage of FOMO and should be automatically treated as suspect. Animoca Brands and its subsidiaries do not and will not provide offers based on stealth drops/mints. Be extremely cautious of ANY sudden events that require you to part with your funds: genuine events are usually announced in advance in order to allow users to prepare,” the company announced on its website.

On November 19, Phantom Galaxies Discord server was hacked by unknown hackers, who posted fraudulent announcements claiming that the game was launching an immediate surprise NFT mining event – a stealth mint. Following which the hackers directed the victims to a fraudulent crypto mining platform that charged users a 0.1 ETH “minting fee” and stole about 265 ETH (approximately US$1.1 million in total, Animoca Brands said.

The company emphasized that there is no evidence that smart contracts were compromised, and no funds were stolen from the game or its developer and publisher.

Image source: Shutterstock


Tagged : / / / / /

Reeling from post-hack price slump, Easyfi reveals community compensation plan

After a devastating hack, a cross-chain decentralized finance (DeFi) protocol has revealed today a temporary compensation plan for token holders and investors impacted by one of the largest exploits in DeFi history. 

In a Tweet today, EasyFi announced their “Interim Compensation Plan,” a multi-stage process that includes immediate payments, IOU tokens, and incentive programs aimed at victims of the attack.

The hack, which took place 19 April, is considered to be among the largest in DeFi history, with $6 million in stablecoins and 2.98 million EZ tokens worth upwards of $120 million lost at the time of the attack. The hacker was in a complicated position, however, as after exploiting the protocol they owned upwards of 30% of the supply of EZ tokens and there was limited liquidity with which to unload them. The token “hardforked” to EZ 2.0 a week later, rendering the attacker’s remaining tokens effectively worthless. 

In a Tweet from his personal account, EasyFi founder Ankitt Gaur confirmed that the hack was the result of a “targeted attack on the founder’s machine/metamask to access admin keys and execute the well-planned hack.” This attack vector bears similarities to a 2020 hack on the personal computer of Hugh Karp, the founder of Nexus Mutual, who lost $8 million.

An expert from hack and exploit publication Rekt noted that the theft may have been the result of lax security practices, in that a single individual was in possession of the keys to the treasury, as opposed to being secured in a wallet with precautions against this type of hack such as a multisignature scheme or timelocked transactions.

In their compensation plan blog post, EasyFi characterizes the attack as “well-planned” and “sophisticated.”

Regardless of the cause, the efforts to compensate victims is multifaceted. Per their post, 25% of lost funds will be distributed to users “immediately” in the form of stablecoins, while the remaining 75% will be distributed as “IOU” tokens. The IOU tokens will have “25% discount on spot price of EZ at the time of distribution,” and be redeemable for EZ v2 tokens on a 1-to-1 basis. Hack victims will also reportedly be the recipients of future airdrops from unspecified partners and have access to other incentivized programs still in development. 

The post also noted that the protocol has worked to attract new venture capital via an “accelerated” fundraising round following the hack — a round that is still ongoing.

The token is down 4.7% today to $11.30, and down 33.8% on the week — still reeling from both the hack, as well as from compensated investors possibly cashing in their IOUs.

Compensation methods are an increasingly hot topic as hacks and exploits continue to plague DeFi. EasyFi’s multifaceted approach mirrors that of Origin Dollar’s, while other protocols have opted for creative cross-platform treasury magic to mitigate attacks in recent months.