Tag: Hack

Fetch AI’s Discord Server Hacked Through Unauthorized Access

by Blockchain News

In a concerning security incident, Fetch.ai’s official Discord server was compromised on Sat Aug 12, 2023, at 3:00am UTC. According to a statement released by Fetch.ai, a malicious individual gained unauthorized access to the server through an admin account with the username “Atari_buzz1kLL.”

The company has urged users to exercise caution and refrain from interacting with any posts on their Discord channel or direct messages claiming to be from Fetch.ai or its staff. They have specifically clarified that “There is no Fetch token airdrop happening right now,” possibly in response to fraudulent activities or misinformation circulating within the community.

Fetch.ai has committed to issuing another statement as soon as the problem has been fixed while aggressively attempting to retake control of the server. Users are warned to watch out for odd behaviour on Discord in the meantime, including possible phishing or fraud efforts.

Although the precise nature of the breach and its possible effects on users are not yet known, the circumstance serves as a reminder of the need of strong security precautions and user awareness in the digital era.

Fetch.ai hasn’t given specifics on how the unauthorized access happened or what steps are being taken specifically to avoid such instances in the future. The incident serves as a warning to all users of online platforms to exercise caution and confirm the legitimacy of messages, particularly in situations when sensitive personal and financial data may be at danger.

Fetch.ai has not provided any more information on how the problem will be fixed as of the time of this report. As the business attempts to get things back to normal and make sure its online presence is secure, the neighborhood waits for further developments.

Recent occurrences indicate a rising pattern of cyber assaults that target social media sites, including Twitter and Discord, as well as blockchain initiatives. Users and businesses alike have experienced major financial losses and compromised security as a result of these hacks.

On Jul 23, 2023, CoinList’s Twitter Account was hacked, adding to the growing list of social media-related breaches.

On Jul 21, 2023, Uniswap Founder’s Twitter Account was hacked by an individual who had created over 23 phishing sites in the past few months. This resulted in the theft of approximately $3.6 million from around 358 victims.

On Apr 25, 2023, KuCoin’s official Twitter account was hacked, leading to users losing funds in a fake giveaway event.

On Jan 29, 2023, Azuki, a popular nonfungible token project, had its Twitter account hacked, resulting in the theft of almost $750K in USDC within 30 minutes.

On Oct 23, 2022, Gate.io’s hacked Twitter account appeared to be promoting a fake giveaway of 500,000 USDT, putting users at risk of losing funds.

On Aug 29, 2022, Mysten Labs confirmed that the contents stored in its Discord server were hacked.

On Apr 01, 2022, Bored Ape Yacht Club (BAYC) announced that its Discord Server was “Compromised.”

These incidents underscore the importance of robust cybersecurity measures and vigilance on the part of users and organizations. The growing frequency and sophistication of these attacks are a stark reminder of the vulnerabilities inherent in digital platforms, even those related to blockchain and cryptocurrency, which are often considered more secure.

The Fetch.ai incident fits into this broader pattern, reflecting the challenges faced by the industry in ensuring the security and integrity of online platforms.

Image source: Shutterstock

Source

Tagged : / / /

YouTuber’s Channel Hacked for XRP Scams

by Blockchain News

The rise of cryptocurrency has brought about a wave of new investors, eager to get in on the action and reap the rewards. Unfortunately, this has also created a new target for hackers and scammers looking to make a quick profit. One recent example of this is the hacking of the popular YouTube channel DidYouKnowGaming.

DidYouKnowGaming is a YouTuber with 2.4 million subscribers who creates content related to video game trivia and history. However, the channel was recently hacked by an anonymous bad actor, who used it to promote XRP cryptocurrency scams. The hacker changed the channel’s profile and cover images to Ripple’s logo, in an attempt to lend legitimacy to the scam.

Fortunately, YouTube was quick to intervene and prevent further damage. They prevented the XRP hackers from interacting with the channel’s subscribers and worked with DidYouKnowGaming to regain access to his channel. However, this incident is just one example of a growing trend of hackers targeting YouTube channels to promote scams.

One of the largest YouTube creators, Linus Tech Tips, also recently reported losing access to his channels. While the exploit used by the hackers to gain access to YouTube accounts remains a mystery, it is clear that the threat to crypto investors from such hacks is prominent.

The rise of deepfakes only adds to this threat. Deepfakes are fake impersonation videos generated by artificial intelligence (AI) tools, and they have become increasingly prevalent in recent years. Hackers often create deepfakes of celebrities and entrepreneurs to misguide crypto investors and trick them into investing in scams.

For example, hackers have created deepfakes of Tesla CEO Elon Musk in the past, causing confusion among investors who thought he was endorsing a particular cryptocurrency. Concerns about deepfakes escalated even further when Chinese tech giant Tencent launched a new deepfakes creation tool, allowing users to impersonate anyone for a fee.

Crypto investors across the world use YouTube to learn about and research the world of cryptocurrencies, blockchain, and Web3. However, as the number of hacks and scams on the platform increases, it is important for investors to remain vigilant and take steps to protect themselves.

While YouTube and other platforms are working to prevent hacks and scams, investors should be wary of any investment opportunities that seem too good to be true. They should also be careful about the information they consume on the platform and take the time to research any claims made in videos or comments.

In conclusion, the hacking of DidYouKnowGaming’s YouTube channel is just one example of a growing trend of hackers targeting YouTube creators to promote scams. The rise of deepfakes only adds to this threat, and investors should remain vigilant when researching and investing in cryptocurrencies.

Source

Tagged : / / / / /

DeFi Hackers Mint $11.6M in Stablecoins

by Blockchain News

A recent hack in the decentralized finance (DeFi) space allowed an attacker to mint over 1 quadrillion Yearn Tether (yUSDT) from a mere $10,000, according to blockchain security firm PeckShield. The attacker then exchanged the yUSDT for other stablecoins, taking hold of $11.6 million in the process. The stablecoins included 61,000 Pax Dollar (USDP), 1.5 million TrueUSD (TUSD), 1.79 million Binance USD (BUSD), 1.2 million Tether (USDT), 2.58 million USD Coin (USDC), and 3 million Dai (DAI).

PeckShield reported that the hacker has already transferred 1,000 Ether (ETH) to Tornado Cash, a sanctioned cryptocurrency mixer. The blockchain security firm also informed DeFi protocols Aave and Yearn.finance of the situation.

Yearn.finance released a statement after conducting an initial investigation, stating that the issue was limited to iearn, an outdated contract before vaults v1 and v2. The DeFi protocol assured its users that its current contracts and protocols are not affected by the exploit.

Similarly, Aave also confirmed that it is aware of the transaction. The liquidity protocol clarified that the hack did not impact Aave v1, v2 or v3.

While hacks still plague the DeFi space in 2023, the amount of money lost to these incidents has decreased compared with previous years. According to a quarterly report by blockchain security firm CertiK, over $320 million were lost to hacks in the first quarter of 2023. Although this amount is still substantial, it is much lower compared to the first quarter of 2022 when $1.3 billion was lost, and the fourth quarter of 2022 when $950 million was lost to hacks.

Despite the decrease in the amount lost to DeFi hacks, these incidents still serve as a reminder of the importance of security measures in the space. PeckShield’s quick detection of the recent hack and Aave and Yearn.finance’s prompt action in addressing the issue demonstrate that the DeFi space is continuously improving its security measures.

As the DeFi space grows, it is likely that there will be more attempts to exploit vulnerabilities in the system. However, with increased awareness and investment in security measures, the space can continue to thrive and offer innovative solutions to traditional finance.

Source

Tagged : / / / / /

Sentiment Recovers Stolen Funds with Bounty

by Blockchain News

Lending protocol A recent hacking incident using Sentiment resulted in the perpetrator stealing close to one million dollars. However, because to a reward of $95,000 that was offered to the hacker, the protocol was successful in recovering the stolen cash. Through the use of the Arbitrum blockchain, Sentiment spoke with the hacker, imploring them to “do the right thing” and restore the cash by April 6 at the latest. In addition, the policy guaranteed the same payment to anybody who was able to assist in determining who was responsible for the crime and bringing them to justice.

After monitoring the situation, the creator of MetaMask, Taylor Monahan, made the announcement that the hacker had returned 414 ether, which is equivalent to around $771,000 at the current exchange rate. After some time had passed, the hacker sent a further 51.75 ETH to the recovery address provided by Sentiment. The protocol said unequivocally that it had been successful in acquiring the monies and that the problem had been fixed.

On April 4, a hack was carried out, and it is thought that it was carried out as a consequence of a re-entry assault or a flaw. As was stated by a few members of the community, this episode underscores how critically important it is for businesses to take bug bounties seriously. Even one of the members gave the hacker kudos for “taking it by force” with their efforts. On the other hand, a different user of Twitter voiced their disapproval of the event, labeling it as “a bug bounty with a criminal step,” and asking businesses to provide greater and more open bug bounties.

Comparisons have been made between this attack and the recent one that occurred at Euler Finance, in which the Ethereum protocol awarded a reward to a hacker who returned almost 90% of the assets that had been taken. The hacker returned over 176.4 million dollars in digital assets while keeping roughly $20 million for themselves. Because of this occurrence, the significance of bug bounties as a method for resolving vulnerabilities in protocols for decentralized financial transactions has been further highlighted.

It is very necessary for businesses to take bug bounties seriously and provide awards that encourage ethical conduct in their employees. The usefulness of this strategy was recently shown by the fact that Sentiment was successful in regaining its data. Moving ahead, it is probable that other organizations will adopt similar tactics to manage possible security breaches in their systems. This will increase the likelihood that these breaches will occur.

Source

Tagged : / / / / /

Allbridge Provides Compensation Plan for Hacked Users

by Blockchain News

Allbridge, a multichain token bridge provider, has posted a recovery plan following a recent hack where the project was exploited for roughly $573,000 on April 1. In an April 5 statement, Allbridge said it has already started a compensation process for users despite only “partly recovering funds.” The protocol aims to fully compensate those affected by the exploit with funds available to them.

The compensation plan will prioritize users with funds stuck on the token bridge due to the emergency shutdown. Allbridge aims to compensate its liquidity providers (LPs) following the compensation of these users. An application form is currently being drafted for LPs who could not withdraw their assets, allowing them to apply for compensation and provide details of their losses. The compensation process is expected to commence next week, starting with users who “have used the bridge shortly before the shutdown.”

Allbridge enabled LPs to withdraw their funds on April 2, with the majority withdrawing their assets from the pool. Some, however, could withdraw even more “due to the pool’s disbalance.” Others could not withdraw “a reasonable amount” from the liquidity pool due to some users withdrawing more than their original balances and the hack’s impact on the pools.

The compensation plan comes after Allbridge tweeted on April 3 that 1,500 BNB (BNB), worth approximately $465,000, was returned to the project following a public proposal made to the hacker in an April 1 tweet. The protocol’s exploiter seemingly accepted Allbridge’s offer of a “white hat bounty,” where they could keep a portion of the stolen funds in exchange for an assurance that no legal action would be taken.

Allbridge noted that all affected parties by the exploit will be subject to additional rewards in the future, but compensation remains their main priority. The protocol aims to fully compensate all victims of the exploit with funds available to them.

This compensation plan is a positive step for Allbridge to regain the trust of its users after the hack. While the project was only able to partially recover funds, the compensation process shows a willingness to make affected users whole. The inclusion of an application form for LPs who could not withdraw their assets also shows a willingness to make the compensation process as smooth as possible.

This hack also highlights the importance of security in the DeFi space. While noncustodial protocols allow users to maintain control of their funds, they are also vulnerable to hacks. As the DeFi space continues to grow, it is crucial that projects prioritize security measures to prevent hacks and protect user funds.

Meanwhile, Ethereum-based noncustodial lending protocol Eurler Finance announced on April 4 that it recovered most of the $196 million stolen in a March 13 flash loan attack following successful negotiations. The attacker managed to steal millions worth of Dai (DAI), USD Coin (USDC), staked Ether (stETH), and wrapped Bitcoin (WBTC) in the largest hack of 2023 so far. The quick recovery of stolen funds by Eurler Finance shows the importance of prompt action in mitigating the effects of hacks in the DeFi space.

Source

Tagged : / / / / /

BitKeep Compensates Users After $8M Hack

by Blockchain News

On December 26, 2022, BitKeep, a multichain wallet, suffered an attack that resulted in an estimated $8 million loss of funds from users who downloaded the 7.2.9. APK update for the wallet. The update had been maliciously swapped by hackers, resulting in the theft of users’ cryptocurrency holdings.

In response to the hack, BitKeep announced on March 29 that it had fully compensated all 11,090 users affected by the incident. The compensation was made possible through the company’s own funds and was an important step in restoring trust with its user base.

Additionally, BitKeep announced that it will rebrand to Bitget Wallet following a $30 million investment from the cryptocurrency derivatives exchange Bitget. The investment valued BitKeep at $300 million and will provide the wallet with access to Bitget’s $300 million User Protection Fund, which will help mitigate the risk of future security threats.

The compensation of affected users is a significant move by BitKeep to show its commitment to security and to demonstrate that it takes the safety of its users’ assets seriously. With the rebrand to Bitget Wallet and access to the User Protection Fund, the company is signaling that it is taking additional steps to enhance the security of its platform and to protect its users’ assets.

The decision to rebrand to Bitget Wallet also represents a strategic move by the company to align itself more closely with Bitget, a well-established player in the cryptocurrency derivatives exchange market. By partnering with Bitget, BitKeep will be able to tap into the expertise and resources of a company with a proven track record of success in the industry.

Overall, the compensation of affected users and the rebrand to Bitget Wallet represent important steps for BitKeep as it seeks to enhance its security and position itself for future growth. With access to the Bitget User Protection Fund, the company is well-positioned to protect its users’ assets from future security threats and to continue building a reputation as a trusted and reliable provider of cryptocurrency wallet services.

Source

Tagged : / / / / /

Nigerian Crypto Investors Face Account Freezing

by Blockchain News

Nigerian crypto investors using peer-to-peer (P2P) services are facing difficulties as the Central Bank of Nigeria (CBN) has flagged their bank accounts. The CBN’s decision is believed to be in relation to the recent Flutterwave hack, which saw almost $6.5 million (3 billion nairas) illegally transferred from the accounts of the Nigerian fintech company.

On February 27th, a motion ex-parte was filed and granted in support of Flutterwave’s claims, resulting in 107 accounts being put on lien/Post-No-Debit (PND), including their fifth beneficiaries. While the bank accounts have yet to be proven affiliations with the hack, some locals have confirmed that their accounts have been frozen in connection to the incident.

The situation has discouraged P2P users from using over-the-counter (OTC) markets, which allow trading of securities between two counterparties executed outside of formal exchanges and without the supervision of an exchange regulator. The hacked sum flowed into the Nigeria crypto market on different OTCs, and users now have problems with financial intermediaries when they want to use P2P services for crypto transfers.

Investors worldwide use P2P as a medium of direct exchange of crypto between parties without the involvement of a central authority. They may choose to swap cryptocurrencies for cryptocurrencies or crypto for cash. In 2021, the CBN announced a regulation that prevented financial institutions like banks from enabling crypto use. However, Nigerians were able to find a way forward and still maintain their leading position as the largest crypto hub of Africa through the use of P2P platforms.

Some community members believe that this situation could affect the general interest of Nigerians who are yet to join the crypto digital ecosystem in acquiring digital assets. The situation is causing some businesses to crumble as unsuspecting entrepreneurs have received payments for their services with funds that were allegedly linked to the hacked amount, resulting in confusion and possible legal repercussions.

Despite strict crypto regulations by the CBN, the P2P market has aided Nigerian trade. However, a financial analyst known as Sadeik calls it a black market hub for scammers laundering fraud funds. Sadeik went on to say that a friend of his lost more than 500,000 nairas because the person he transacted with had his account flagged in the Flutterwave hack.

In an official statement, Flutterwave denied the hack and stated that it identified an unusual trend of transactions on some users’ profiles and immediately launched a review in line with its standard operating procedure. The review revealed that some users who had not activated some of their recommended security settings might have been susceptible. Flutterwave was able to address the issue before any harm was done to its users.

The current situation highlights the need for increased security measures and awareness in the Nigerian crypto market. The CBN’s decision to flag accounts highlights the importance of financial institutions’ role in combating fraudulent activities. It also emphasizes the importance of financial intermediaries, such as banks, in ensuring that funds are not used for illegal purposes. The incident serves as a reminder for crypto investors to take necessary precautions and to only use reputable P2P platforms.

Source

Tagged : / / / / /

Euler Finance Hacker Returns Majority of Stolen Funds

by Blockchain News

In a dramatic turn of events, the hacker behind the $196 million exploit on the lending protocol Euler Finance has returned the majority of the stolen assets. According to on-chain data, on March 25th, the exploiter returned 51,000 ETH and 7,737 ETH worth over $101 million at the time of writing. The hacker had previously sent 3,000 ETH to the protocol on March 18th, worth nearly $5.4 million at the time. However, the exploiter still controls some of the stolen assets.

The Euler Finance hack took place on March 13th, when the hacker carried out multiple transactions, stealing nearly $196 million from the protocol in a flash loan attack. This attack is considered the largest decentralized finance (DeFi) hack of 2023. The stolen assets included 8.8 million Dai (DAI), 849,000 Wrapped Bitcoin (WBTC), 85 million Staked Ether (stETH), and 34 million USD Coin (USDC).

After a few days, the hacker sent an on-chain message to Euler Finance, calling for an agreement with the protocol. In the message, they stated that they had “no intention of keeping what is not ours” and that they wanted to make things easy on those affected. The protocol had previously tried to negotiate with the exploiter, requesting that they return 90% of the stolen funds within 24 hours or face legal action. However, no response was received, and Euler Finance offered a $1 million bounty reward for any information leading to the capture of the exploiter.

The hacker has made other transactions, including a transfer of 1,000 ETH Smart Staking (NETH) worth approximately $1.65 million at the time, through sanctioned crypto mixer Tornado Cash. However, blockchain analytics firm PeckShield reported that around 100 ETH was sent to a wallet address likely owned by one of the victims. An on-chain message sent by the wallet address had earlier pleaded for the attacker to return their “life savings.”

The return of the majority of the stolen funds is good news for Euler Finance and its users, but the incident highlights the need for better security measures in the DeFi space. Despite the growing popularity of DeFi, the industry remains vulnerable to hacks and exploits. The Euler Finance hack is just the latest in a series of high-profile attacks on DeFi protocols, and it is a stark reminder that investors must remain vigilant and cautious when participating in DeFi.

Source

Tagged : / / / / /
Bitcoin (BTC) $ 26,637.14 1.59%
Ethereum (ETH) $ 1,592.86 1.83%
Litecoin (LTC) $ 64.74 0.31%
Bitcoin Cash (BCH) $ 208.48 2.28%