Bitcoin News and Price | Bitcoin.News

Crypto Hacks in Q1 2023

by Blockchain NewsApril 7, 2023

In the first quarter of 2023, hackers accessed over $320 million in the crypto industry through a variety of incidents, according to the quarterly report from blockchain security firm CertiK. While this amount is significantly lower than the $1.3 billion and $950 million lost in the first and fourth quarters of 2022 respectively, it is still a substantial sum.

CertiK notes that off-chain events may have played a role in the lower amount of losses seen in Q1 2023. For example, issues with Silvergate Bank and the depegging of USD Coin (USDC) may have had a broader impact on the crypto industry. However, despite these challenges, hackers still managed to exploit vulnerabilities in the system.

Out of the funds stolen within the quarter, over $31 million was lost to 90 exit scams, while more than $222 million was lost in 52 flash loan and oracle manipulation exploits. BNB Chain had the greatest number of incidents for the quarter, with 139 in total. Meanwhile, Ethereum had the most significant loss, with over $221 million lost.

Despite the lower numbers overall, Q1 2023 was still marked by substantial losses. 60% of the funds lost were due to the Euler Finance hack on March 13, where hackers exploited a flash loan to access over $195 million. However, negotiations with the hacker allowed Euler Finance to recover around 90% of the lost funds by April 4.

The trend of recovering funds through negotiations with hackers has become increasingly common in the crypto industry. Lending protocol Sentiment also recovered around $870,000 in April after giving a bounty of $95,000 to those responsible for taking almost a million dollars from the platform.

While it is encouraging to see funds being recovered in this way, it also highlights the need for continued vigilance in the industry. As long as there are vulnerabilities that can be exploited, hackers will continue to find ways to access funds. It is up to those in the industry to remain vigilant and take steps to ensure the safety and security of their platforms and assets.

Source

Euler Finance Hacker Returns Stolen Funds

by Blockchain NewsApril 4, 2023

On March 13, 2023, Euler Finance suffered a flash loan attack, resulting in the theft of $196 million worth of various tokens, including Dai, USDC, StETH, and WBTC. This attack drained millions of dollars from Euler Finance’s smart contracts, causing the total value locked inside them to drop from over $311 million to $10.37 million. Additionally, 11 different DeFi protocols, including Balancer, Yearn.finance, and Yield Protocol, either froze or lost funds.

Following the attack, Euler Finance took proactive measures to recover the stolen funds. The protocol disabled its vulnerable etoken module and donation function as the first course of action and worked with auditing companies to analyze the root cause of the exploit. At the same time, Euler Finance attempted to contact the hacker to negotiate a bounty.

On March 15, Euler Finance gave the hacker an ultimatum to return 90% of the stolen funds or face a $1 million reward for information leading to their arrest. The hacker, however, started moving funds at will, causing chaos and distress among the victims. Despite this, one victim managed to convince the hacker to return their life savings, resulting in the hacker beginning to return stolen funds over several days.

Meanwhile, Euler Finance’s CEO, Michael Bentley, revealed that ten separate audits over two years deemed the protocol “nothing higher than low risk” with “no outstanding issues.” However, the hack exposed the protocol’s vulnerability and the need for improved security measures.

On March 21, Euler Finance launched a $1 million bounty reward against the hacker after being ghosted mid-conversation while trying to strike a deal. However, the hacker started returning the stolen assets in large numbers on multiple occasions, starting on March 25. Finally, 23 days after the hack, Euler Finance announced that the stolen funds had been recovered, and the $1 million bounty was no longer accepting new information.

In the final transactions, the hacker returned 12 million DAI and 10,580 ETH in multiple transactions. The crypto community applauded Euler Finance’s efforts to recover the funds and restore investor confidence. Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently launched a hash oracle aggregator to improve the security of bridges by requiring more than one bridge to validate a withdrawal.

The Euler Finance hack serves as a cautionary tale for the DeFi industry, highlighting the importance of comprehensive security measures and frequent audits. It also demonstrates the benefits of negotiating with hackers to recover stolen funds and the role of the community in restoring investor confidence. Overall, the recovery of the stolen funds is a significant victory for Euler Finance and the DeFi industry as a whole.

Source

Tagged : DEFI PROTOCOLS / EULER FINANCE / Flash Loan Attack / Hacker / News / Recovery

Euler Finance Hacker Returns Majority of Stolen Funds

by Blockchain NewsMarch 26, 2023

In a dramatic turn of events, the hacker behind the $196 million exploit on the lending protocol Euler Finance has returned the majority of the stolen assets. According to on-chain data, on March 25th, the exploiter returned 51,000 ETH and 7,737 ETH worth over $101 million at the time of writing. The hacker had previously sent 3,000 ETH to the protocol on March 18th, worth nearly $5.4 million at the time. However, the exploiter still controls some of the stolen assets.

The Euler Finance hack took place on March 13th, when the hacker carried out multiple transactions, stealing nearly $196 million from the protocol in a flash loan attack. This attack is considered the largest decentralized finance (DeFi) hack of 2023. The stolen assets included 8.8 million Dai (DAI), 849,000 Wrapped Bitcoin (WBTC), 85 million Staked Ether (stETH), and 34 million USD Coin (USDC).

After a few days, the hacker sent an on-chain message to Euler Finance, calling for an agreement with the protocol. In the message, they stated that they had “no intention of keeping what is not ours” and that they wanted to make things easy on those affected. The protocol had previously tried to negotiate with the exploiter, requesting that they return 90% of the stolen funds within 24 hours or face legal action. However, no response was received, and Euler Finance offered a $1 million bounty reward for any information leading to the capture of the exploiter.

The hacker has made other transactions, including a transfer of 1,000 ETH Smart Staking (NETH) worth approximately $1.65 million at the time, through sanctioned crypto mixer Tornado Cash. However, blockchain analytics firm PeckShield reported that around 100 ETH was sent to a wallet address likely owned by one of the victims. An on-chain message sent by the wallet address had earlier pleaded for the attacker to return their “life savings.”

The return of the majority of the stolen funds is good news for Euler Finance and its users, but the incident highlights the need for better security measures in the DeFi space. Despite the growing popularity of DeFi, the industry remains vulnerable to hacks and exploits. The Euler Finance hack is just the latest in a series of high-profile attacks on DeFi protocols, and it is a stark reminder that investors must remain vigilant and cautious when participating in DeFi.

Source

Tagged : DeFi / EULER FINANCE / Hack / Hacker / News / Stolen Funds

DeFi Hacker Returns $5.4M to Euler Finance

by Blockchain NewsMarch 19, 2023

On March 18, Euler Finance, a decentralized finance (DeFi) platform, received a surprising gift from the hacker who had drained $197 million from the platform just a few days earlier. The attacker returned 3,000 ETH ($5.4 million) to Euler Finance’s deployer address, citing a change of heart.

The attack on Euler Finance, which occurred on March 15, was one of the biggest DeFi hacks of 2023 so far. The attacker was able to drain $197 million through multiple transactions and later used a multichain bridge to transfer the funds from the Binance Smart Chain (BNB) to Ethereum. The stolen funds were then moved into Tornado Cash, a crypto mixer that anonymizes transactions.

In response to the hack, Euler Finance announced a $1 million reward to anyone who could help track down the hacker and retrieve the funds. The platform also demanded that the hacker return 90% of the funds within 24 hours to avoid possible jail time.

It is unclear why the hacker returned the funds, but it may have been due to the pressure from the $1 million bounty or the fear of getting caught. This is not the first time a DeFi hacker has returned stolen funds. In July 2022, the attacker who stole $600 million from Poly Network returned the funds and even received a job offer from the company.

DeFi hacks are becoming more common as the industry grows and attracts more attention from hackers. According to CipherTrace’s 2023 DeFi Decentralized Exchange (DEX) Report, DeFi hacks have already surpassed $1 billion in 2023. To prevent such attacks, DeFi platforms are investing in better security measures and insurance policies.

The return of the funds to Euler Finance may come as a relief to the platform and its users, but it also highlights the need for better security measures in the DeFi industry. As the industry continues to grow and mature, it is likely that we will see more hacks and exploits, but hopefully, we will also see more successful recoveries and stronger security measures.

Source

Tagged : DeFi / EULER FINANCE / Hacker / News / RETURNED FUNDS

DeFi Hack Linked to North Korea

by Blockchain NewsMarch 19, 2023

The DeFi world was rocked when Euler Finance fell victim to the biggest DeFi hack of 2023, with $197 million in funds stolen. Since then, the crypto community has been closely following the on-chain movements of the stolen funds, hoping to track down the attacker. Blockchain investigator Chainalysis recently identified that 100 ETH from the stolen funds was transferred to an address linked to North Korea.

The hacker responsible for the Euler Finance hack also transferred 3,000 ETH to Euler’s deployer account without disclosing their intent. However, no other transfers have been made at the time of writing, leaving many in the crypto community speculating whether the hacker was trolling or if they genuinely considered accepting Euler Finance’s bounty reward of $20 million.

While Chainalysis has linked the stolen funds to North Korea, it has also highlighted the possibility of misdirection by other hackers. It is unclear whether North Korea is actually involved in the hack or if the hacker was simply using the address to throw investigators off their trail.

The Euler Finance hack has raised questions about the security of DeFi platforms, as Euler Labs CEO Michael Bentley expressed disappointment in the hack, revealing that ten separate audits over two years had assured its security. The fact that the hacker was still able to access and steal the funds has highlighted the need for stronger security measures in DeFi platforms.

The use of DeFi platforms has skyrocketed in recent years, and the potential rewards have attracted many hackers seeking to exploit vulnerabilities in the system. This has led to an increase in DeFi hacks, with many experts calling for stronger security measures to protect investors’ funds. The Euler Finance hack serves as a reminder that even with multiple security audits, DeFi platforms are not immune to hacks, and investors should exercise caution when investing in these platforms.

Source

Tagged : Chainalysis / CRYPTO COMMUNITY / DEFI HACK / EULER FINANCE / News / North Korea

Euler Finance hacker returns $5.4M

by Blockchain NewsMarch 18, 2023

On March 16, Euler Finance, a decentralized finance (DeFi) protocol, announced that it had been the victim of a massive hack in which a total of $197 million was stolen. This was quickly dubbed the biggest DeFi hack of 2023 so far and sent shockwaves through the crypto community.

The hacker was able to drain the funds through a series of multiple transactions, and then used a multichain bridge to transfer the stolen funds from the Binance Smart Chain to Ethereum. The hacker then moved the stolen funds into the crypto mixer Tornado Cash, making it difficult to track the funds.

However, on March 18, there was a surprising development when the hacker reportedly returned around $5.4 million in Ether to Euler Finance’s deployer address. The funds were sent in three transactions, and it is unclear why the hacker decided to return the funds.

This is not the first time that a hacker has returned stolen funds after a high-profile hack. In 2016, the hacker who stole $55 million from the DAO returned the stolen funds, citing a “bug” in the code. It is possible that the hacker behind the Euler Finance hack had a change of heart, or was pressured to return the funds after Euler Finance announced a $1 million reward for information on the hacker’s identity.

Euler Finance has demanded that the hacker return 90% of the stolen funds within 24 hours to avoid possible jail time. It remains to be seen whether the hacker will comply with this demand, or whether the rest of the stolen funds will be returned.

The Euler Finance hack highlights the ongoing security risks in the DeFi space. DeFi protocols are designed to be open and transparent, but this also makes them vulnerable to attacks. It is important for DeFi protocols to take measures to improve their security, such as performing regular audits and implementing multi-factor authentication for user accounts. Only by doing so can DeFi protocols gain the trust of users and investors alike.

Source

Tagged : CRYPTO MIXER / DEFI HACK / Ethereum / EULER FINANCE / Hacker / News

Euler Finance Audited 10 Times Before $196 Million Attack

by Blockchain NewsMarch 17, 2023

Euler Finance, an Ethereum-based lending protocol, underwent 10 audits from six different blockchain security firms between May 2021 and September 2022. The audits ranked the risk assessment of the platform, measuring the “likelihood of a security incident” and the impact it may have. The risk level for Euler ranged from very low and informational to critical, with none deemed “nothing higher than low risk” with “no outstanding issues.” Despite the extensive audits, Euler suffered a $196 million flash loan attack on March 13, 2023.

In response to the attack, Euler Labs CEO Michael Bentley described it as the “hardest days” of his life in a series of tweets on March 17. He retweeted a user sharing information that Euler had undergone ten audits, commenting that the platform “has always been a security-minded project.” Euler had also issued a warning only 24 hours before launching a $1 million bounty for information leading to the hacker’s arrest, stating that it would launch a bounty “that leads to your arrest and the return of all funds” if 90% of the funds were not returned within 24 hours.

Despite the audits, Euler’s attacker began moving funds through crypto mixer Tornado Cash on March 16, only hours after the bounty was launched. In his Twitter thread, Bentley expressed his frustration at the attack and the sacrifices he had to make as a result, including time with his newborn son. However, he also thanked the security experts who are “working on leads” for the investigation.

While some blockchain security firms, such as Omnisica, found and addressed some “incorrect paradigms” in Euler’s base swapper implementation and how the swap mode was “handled by the codebase,” the audits concluded that Euler had “properly dealt” with these issues, with “no outstanding issues” remaining. Halborn’s audit summary in December 2022 also stated that it had found “an overall satisfactory result.”

In conclusion, Euler Finance’s 10 audits from six different blockchain security firms in two years did not prevent a $196 million flash loan attack. Despite the audits deeming the platform “nothing higher than low risk” with “no outstanding issues,” the attacker was able to move the funds through crypto mixer Tornado Cash only hours after Euler launched a $1 million bounty for their arrest. The investigation into the attack is ongoing.

Source

Tagged : Audits / Blockchain Security / EULER FINANCE / Flash Loan Attack / News / Tornado.Cash

Hacker moves stolen funds after bounty launch

by Blockchain NewsMarch 16, 2023

A hacker responsible for a $196 million attack on Euler Finance has moved some of the stolen funds into the crypto mixer Tornado Cash, just hours after a $1 million bounty was launched to identify the perpetrator. The attack, carried out through a flash loan on the Ethereum noncustodial lending protocol, resulted in the theft of a range of cryptocurrencies including Dai, USD Coin, staked ETH and wrapped Bitcoin. Blockchain analytics firm PeckShield reported on Twitter that the hacker had transferred 1,000 ETH, equivalent to around $1.65 million, via the sanctioned mixer. Euler Labs had previously sent a message to the attacker’s address warning of the bounty and offering amnesty if 90% of the funds were returned within 24 hours. However, the hacker’s movement of funds suggests that they are not swayed by this offer.

Victims of the attack have been appealing for the return of their funds, with one message on the blockchain claiming that a group of 26 families from jobless rural areas had lost a total of $1 million in the attack. Another message was sent by an apparent victim who congratulated the hacker on their “big win”, but begged for help as they had invested funds they “desperately needed” for a house. “My wife is going to kill me if we can’t afford our house. Is there anyway you can help me? I have no idea what to tell my wife,” they wrote.

The hacker’s use of a crypto mixer is a common tactic for obscuring the source of funds, and is likely to make it harder for authorities to identify them. However, the blockchain trail may still provide some clues, and the bounty may encourage individuals to come forward with information. The incident highlights the risks associated with DeFi and the importance of robust security measures.

Source

Tagged : Bounty / CRYPTO MIXER / EULER FINANCE / Flash Loan Attack / News / Victims

Euler Finance suffers $197M DeFi hack

by Blockchain NewsMarch 14, 2023

Euler Finance, a DeFi lending protocol, suffered a flash loan attack on March 13, resulting in the biggest hack of crypto in 2023 so far. The lending protocol lost nearly $197 million in the attack, impacting more than 11 other DeFi protocols as well. Euler Finance disabled the vulnerable etoken module and vulnerable donation function to block deposits.

On March 14, Euler Finance updated its users on the situation and notified them of the disabled features. The firm stated that it works with various security groups to perform audits of its protocol, and the vulnerable code was reviewed and approved during an outside audit. However, the vulnerability remained on-chain for eight months until it was exploited, despite a $1 million bug bounty in place.

Sherlock, an audit group that has worked with Euler Finance in the past, verified the root cause of the exploit and helped Euler submit a claim. The audit protocol later voted on the claim for $4.5 million, which passed, and later executed a $3.3 million payout on March 14.

In its analysis report, the audit group noted a significant factor for the exploit: a missing health check in “donateToReserves,” a new function added in EIP-14. However, the protocol stressed that the attack was still technically possible even before EIP-14.

Sherlock noted that the Euler audit by WatchPug in July 2022 missed the critical vulnerability that eventually led to the exploit in March 2023. Euler has also reached out to leading on-chain analytic and blockchain security firms, such as TRM Labs, Chainalysis, and the broader ETH security community, in a bid to help them with the investigation and recover the funds.

Euler Finance has notified that they are also trying to contact those responsible for the attack in order to learn more about the issue and possibly negotiate a bounty to recover the stolen funds. The incident highlights the need for regular audits of DeFi protocols to detect vulnerabilities and prevent hacks. As DeFi continues to grow and attract more users, security and reliability will become even more critical for the industry’s success.

Source

Tagged : Audit / DeFi / EULER FINANCE / Flash Loan Attack / News / Vulnerability

Euler Finance Suffers Flash Loan Attack, Loses Millions in Multiple Cryptocurrencies

by Blockchain NewsMarch 13, 2023

On March 13, 2023, Euler Finance, an Ethereum-based noncustodial lending protocol, became the victim of a flash loan attack. The attacker managed to steal millions in various cryptocurrencies, including Dai, USD Coin, staked Ether, and wrapped Bitcoin. According to on-chain data, the exploiter carried out multiple transactions and stole nearly $196 million, making it the largest hack of the year.

The breakdown of stolen funds is as follows: $87 million in Dai, $51 million in USDC, $40 million in stETH, and $17 million in WBTC. Euler Finance has not yet made an official statement regarding the attack, and it remains unclear whether the stolen funds will be recovered.

Crypto analytic firm Meta Seluth stated that the attack is related to a deflation attack that occurred one month ago. The attacker used a multichain bridge to transfer the funds from the Binance Smart Chain (BSC) to Ethereum and launched the attack today. ZachXBT, another prominent on-chain sleuth, reiterated the same and said that the movement of funds and the nature of the attack seem quite similar to the black hats that exploited a BSC-based protocol last month.

The attack on Euler Finance highlights the risks associated with flash loans, which are uncollateralized loans that allow traders to borrow large amounts of capital without putting up any assets as collateral. Flash loans have become increasingly popular in the DeFi space and have been used in several high-profile attacks, including the $600 million hack of Poly Network in August 2021.

Flash loan attacks are a growing concern for the DeFi ecosystem, and several projects have taken steps to mitigate the risks associated with these loans. For example, Aave, a popular DeFi lending platform, has implemented a cooldown period for flash loans, requiring borrowers to wait for a period before taking out another loan. Similarly, Compound Finance has implemented a fee on flash loans to deter attackers.

Euler Finance is just the latest DeFi project to fall victim to a flash loan attack, highlighting the need for better security measures in the DeFi ecosystem. As the DeFi space continues to grow, it is essential to implement robust security measures to protect users’ funds and prevent attacks like these from happening in the future.

Source

Tagged : Cryptocurrency / EULER FINANCE / Flash Loan Attack / News / On-Chain Data / Stolen Funds