Crypto Hacks in Q1 2023

In the first quarter of 2023, hackers accessed over $320 million in the crypto industry through a variety of incidents, according to the quarterly report from blockchain security firm CertiK. While this amount is significantly lower than the $1.3 billion and $950 million lost in the first and fourth quarters of 2022 respectively, it is still a substantial sum.

CertiK notes that off-chain events may have played a role in the lower amount of losses seen in Q1 2023. For example, issues with Silvergate Bank and the depegging of USD Coin (USDC) may have had a broader impact on the crypto industry. However, despite these challenges, hackers still managed to exploit vulnerabilities in the system.

Out of the funds stolen within the quarter, over $31 million was lost to 90 exit scams, while more than $222 million was lost in 52 flash loan and oracle manipulation exploits. BNB Chain had the greatest number of incidents for the quarter, with 139 in total. Meanwhile, Ethereum had the most significant loss, with over $221 million lost.

Despite the lower numbers overall, Q1 2023 was still marked by substantial losses. 60% of the funds lost were due to the Euler Finance hack on March 13, where hackers exploited a flash loan to access over $195 million. However, negotiations with the hacker allowed Euler Finance to recover around 90% of the lost funds by April 4.

The trend of recovering funds through negotiations with hackers has become increasingly common in the crypto industry. Lending protocol Sentiment also recovered around $870,000 in April after giving a bounty of $95,000 to those responsible for taking almost a million dollars from the platform.

While it is encouraging to see funds being recovered in this way, it also highlights the need for continued vigilance in the industry. As long as there are vulnerabilities that can be exploited, hackers will continue to find ways to access funds. It is up to those in the industry to remain vigilant and take steps to ensure the safety and security of their platforms and assets.


Tagged : / / / / /

DeFi Execs Argue KYC as Solution to Combat Money Laundering in the Industry

Decentralized finance (DeFi) has experienced tremendous growth in recent years, with its total value locked (TVL) surpassing $100 billion in August 2021. However, the lack of regulation and the prevalence of cyber attacks pose significant challenges for the industry. One of the most pressing issues in DeFi is the laundering of millions of dollars stolen from DeFi platforms into clean money. To combat this, DeFi executives at the World of Web3 (WOW) Summit in Hong Kong have argued that implementing Know Your Customer (KYC) measures can address the problem.

During a panel session titled “Blockchain Security to Smart Compliance: AML & KYC Solutions in DeFi,” industry leaders endorsed KYC as a solution to tackle Anti-Money Laundering (AML) issues. Dyma Budorin, the CEO of smart contract auditing firm Hacken, warned of the prevalence of tools readily available to hackers to “launder the money.” He described it as the “biggest issue” in the industry, where hackers can easily steal millions of dollars and launder the funds into various wallets, making it difficult to track the source of the funds. Therefore, he believes KYC is about transparency and accountability, and it should be part of the industry.

However, Victor Yim, the head of fintech at Hong Kong’s incubator for entrepreneurship, Cyberport, suggested that KYC alone would not solve all AML problems. He explained that even in traditional finance, where KYC measures are prominent, “there is still money laundering happening every day.” Despite this, Yim believes KYC measures can make a “better tomorrow” for the DeFi industry. He added that it would require a collective effort, including regulators, policy bureau, and other players, to execute successfully. He cited the concept of “anonymous traceable” as an example of a balance between anonymity and compliance, where individuals remain anonymous unless called upon by law enforcement, adding that it will “protect the good people while still getting the bad people.”

Alexander Scheer, the founder of zkMe, emphasized that different mechanisms should be used for different solutions. For example, crypto mixers need to be handled differently from DeFi front-ends and on- and off-ramps. Scheer also touched on regulations, stating that the DeFi industry should proactively take the lead and “front run” regulations before they are imposed by regulators. This proactive approach could help to ensure that regulations do not stifle innovation in the industry.

In conclusion, implementing KYC measures in DeFi could enhance transparency and accountability in the industry, making it more difficult for hackers to launder stolen funds. However, it is crucial to acknowledge that KYC alone is not a panacea for AML issues, and different mechanisms should be used for different solutions. The DeFi industry should collaborate with regulators and other stakeholders to develop effective solutions that balance compliance with innovation, safeguarding the interests of all stakeholders, and preventing bad actors from exploiting the system.


Tagged : / / / / / and Jump Crypto Retrieve $225 Million in Crypto

Jump Crypto, a Web3 infrastructure provider, and, a decentralized finance (DeFi) platform, have carried out a “counter exploit” on the Wormhole protocol hacker. As a result, the pair has reclaimed $225 million worth of digital assets and moved them to a secure wallet.

The Wormhole hack took place in February 2022 and resulted in the theft of around $321 million worth of wrapped Ethereum (wETH) by exploiting a weakness in the token bridge of the protocol.

Since then, the hacker has transferred the stolen assets using a number of Ethereum-based decentralized services (DApps), such as Oasis, which has recently opened up vaults for wrapped stETH (wstETH) and Rocket Pool ETH (RETH).

The team confirmed the existence of a counter exploit in a blog post that was published on February 24. The post explained that the team had “received an order from the High Court of England and Wales” to retrieve certain assets that were associated with the “address associated with the Wormhole Exploit.”

According to the team, the recovery was started using “the Oasis Multisig and a court-authorized third party,” which was named as Jump Crypto in an earlier report from Blockworks Research. The report also indicated that the retrieval was successful.

According to the transaction histories of both vaults, Oasis transferred 120,695 wsETH and 3,213 rETH on February 21 and stored them in wallets that are controlled by Jump Crypto. The hacker was also found to have around $78 million worth of debt in the MakerDAO stablecoin known as Dai (DAI), which was returned.

“We are also able to certify that the assets were transferred without delay onto a wallet that is managed by the permitted third party, as the court ruling requested.” It is stated in the blog post that “we do not maintain any control or access to these assets.”

The company underlined that it was “only conceivable owing to a previously undiscovered weakness in the architecture of the admin multisig access,” in reference to the negative ramifications of Oasis being able to collect crypto assets from its user vaults.

According to the publication, a vulnerability of this kind had been brought to light earlier this month by hackers wearing white hats.

We would like to emphasize that this access was implemented with the express purpose of safeguarding user assets in the case of a possible attack, and that it would have enabled us to respond rapidly in order to fix any vulnerabilities that were brought to our attention. It is important to emphasize that the assets of the users have never been in danger of being accessed by an unauthorized third party, neither in the past nor in the present.


Tagged : / / / /

Two suspects have been arrested by the French police in connection with Platypus

According to the authorities in the area, the French police have made two arrests in connection with the 9.1 million euro cryptocurrency heist that was perpetrated by Platypus, and they have also reported seizing 210,000 euros worth of bitcoin.

According to Platypus, the on-chain sleuth ZachXBT and the cryptocurrency exchange Binance provided help for the investigations that led to the arrests. On February 16, a single exploiter carried out three different flash loan assaults, each of which resulted in a breach of the decentralized system.

As a consequence of the assaults, a number of stablecoins in addition to other digital assets were stolen. The first assault led to the theft of valuables worth roughly $8.5 million, which were then sold off. In the second occurrence, about 380,000 assets were delivered to the Aave v3 contract when they should not have been. The third break-in resulted in the theft of around $287,000 worth of goods. As a direct consequence of the hack, the stablecoin known as Platypus USD (USP) was untethered from the United States dollar.

Platypus has just established that the perpetrators employed a flash loan technique in order to investigate a logic flaw inside the USP solvency check mechanism within the collateral-holding. The operations of the stable swap have not been disrupted in any way.

Avi Eisenberg, the exploiter of Mango Market, is said to have employed the similar technique, which is known as a flash assault, when he claimed credit for manipulating the price of the MNGO currency in October 2022. Following the discovery of the vulnerability, Eisenberg said that “all of our acts were legitimate open market actions, utilizing the protocol as it was intended.” On December 28th, Eisenberg was taken into custody in Puerto Rico on allegations related to fraud.

On February 23, Platypus made public their proposal to reimburse customers who had their monies stolen. The protocol stipulates that 63% of the monies from the primary pool shall be returned within a period of six months. Reminting the stablecoins that have been frozen according to the plan might result in 78% of the cash being returned. According to what was indicated in the protocol, “if our application presented to Aave is granted and Tether verifies reminting the frozen USDT, we will be able to retrieve about 78% of user’s cash.”


Tagged : / / / /

Hope Finance Scam Leaves Prospective DeFi Users Out of Pocket

After the discovery of a vulnerability with a value of $2 million, potential customers of an Arbitrum-based decentralized finance (DeFi) effort have been left without any financial remedy. This is because the vulnerability has been exploited.

On February 21, the Hope Finance Twitter account warned clients about the fraud, which prompted the Web3 security company CertiK to raise the alarm about the situation.

It is quite challenging to get any information on the project. A Twitter account for the platform was established in January of 2023, and on that account, information was published on the network’s plans to build an algorithmic stablecoin that would be dubbed Hope token. This information was provided on the Twitter account (HOPE). The amount of Ether that is now being exchanged for one unit of HOPE causes real-time modifications to be made to the supply of the HOPE coin (ETH).

“It would seem that the con artist modified with the TradingHelper contract, which meant that the money were delivered to the con artist every time 0x4481 called OpenTrade on the GenesisRewardPool.” This includes the erroneous application of a modifier as well as the potential of reentrancy attacks. Cognitos discovered that the smart contract code was still able to pass the audit with flying colors, despite the fact that these vulnerabilities had been identified and pointed out.

As a reaction to the fraudulent behavior, Hope Finance disseminated information to its users, which provided them with the possibility to remove staked currency from the protocol by making use of an emergency withdrawal option.

Arbitrum is a roll-up network that was built on top of Ethereum’s layer 2 and has the potential to enable smart contracts to expand in an exponential form. This potential was discovered when the network’s creators saw that Ethereum’s layer 2 was lacking in roll-up capabilities.

Optimism and the other layer-2 protocols are continue to deal with an ever-increasing amount of transactions inside the Ethereum ecosystem. The ability to maintain a positive outlook is one of these protective strategies.


Tagged : / / / / / /

MetaMask Warns Investors Against Phishing Attempts by Scammers

MetaMask, a popular supplier of cryptocurrency wallets, issued a warning to investors about continuous phishing efforts. These phishing attempts are being carried out by fraudsters who are trying to contact consumers using Namecheap’s third-party upstream system for emails.

The web hosting business Namecheap discovered that one of its third-party services had been abused in the evening of February 12 for the purpose of sending some unwanted emails, which were directed specifically against users of MetaMask. “email gateway problem” was how Namecheap referred to the situation in question.

In the proactive notice, MetaMask informed its million users that it does not collect Know Your Customer (KYC) information and would never contact users through email to discuss account details. This was done to ensure that users are aware that the company does not conduct KYC checks.

Phishing emails sent out by the hacker include a link that, when clicked, takes the recipient to a bogus MetaMask website that requests a confidential recovery phrase “to keep your wallet safe.”

Investors were cautioned by the provider of the wallet not to disclose their seed words, since doing so would give an unauthorized third party entire control over the user’s cash.

NameCheap has additionally verified that its services were not compromised in any way, nor did any customer information get compromised as a result of this incident. Namecheap acknowledged that their mail delivery was restored within two hours after the original notification, and that all future notifications will now come from the official source.

On the other hand, the primary problem with the sending of unwanted emails is still being looked at at this time. When dealing with correspondence from MetaMask and Namecheap, investors are cautioned to double examine any website URLs, email addresses, and points of contact provided by the companies.

A hacker utilized Google Ad services in January to steal nonfungible tokens (NFTs) and cryptocurrencies from investors. This incident took place in January.

After inadvertently installing malicious malware that was placed in a Google advertising, the NFT influencer known as NFT God suffered “a life-changing amount” of loss.

The event took place when the influencer used the Google search engine in order to download OBS, which is open-source software for video streaming. However, he chose to click on the link that led to a sponsored advertising rather than the legitimate link, which resulted in a loss of financial resources.


Tagged : / / / / / / / /

$46 million in ill-gotten crypto on the move again

The ill-gotten cryptocurrency from one of the industry’s major hacks is on the move again, with on-chain data suggesting that another $46 million of stolen assets has been migrated from the hacker’s wallet. This heist was one of the largest in the industry’s history.

The Wormhole assault, which occurred in February 2022 and resulted from a vulnerability in Wormhole’s token bridge, was the third-largest crypto breach that took place in 2022. Wrapped Ethereum (wETH) valued at around $321 million was taken.

PeckShield, a company that specializes in blockchain security, reports that the hacker’s connected wallet has been active once again, and it has moved $46 million worth of cryptocurrency assets.

This was comprised of about 24,400 Ethereum staking tokens wrapped by Lido Finance (wstETH), which have a value of approximately $41.4 million, and 3,000 Ethereum staking tokens wrapped by Rocket Pool (rETH), which have a value of around $5 million and were relocated to MakerDAO.

According to PeckShield, the hacker seems to be looking for yield or arbitrage chances on their stolen wealth since the assets were swapped for 16.6 million DAI.

After that, the MakerDAO stablecoin was used to purchase 9,750 ETH at a price of around $1,537 and 1,000 stETH. After then, they were rewrapped into a total of 9,700 wstETH.

On February 10, a detective working on the blockchain saw that the hacker was “buying the dip.”

Nevertheless, throughout the course of the previous several hours, the price of Ether (ETH) has dropped below those levels. According to CoinGecko, ETH was trading at $1,505 at the time of this writing, representing a loss of 2.6% for the day.

When the transactions were taking place, the price of stETH had depegged from that of Ethereum and had reached a high of $1,570. At the time of this writing, they were trading at $1,541, which was 2.4% higher than ETH. In addition, the price of wstETH has depegged and increased to $1,676, which is 11.3% greater than the value of the underlying asset.

The most recent transfer of cash comes only a few short weeks after the hacker transferred an additional $155 million worth of Ethereum to a decentralized exchange.

On January 24, 95,630 ETH was transferred to the OpenOcean DEX, where it was later turned into ETH-pegged assets. These ETH-pegged assets included Lido’s stETH and wstETH.


Tagged : / / /

OneKey Addresses Vulnerability That Allowed Hardware Wallet to be Hacked

OneKey, a company that provides cryptographic hardware wallets, has said that it has already patched a flaw in its firmware that made it possible for one of its hardware wallets to be compromised in under one second.

Unciphered, a firm in the field of cybersecurity, said in a video that was uploaded on YouTube on February 10 that it has discovered a means to “break open” a OneKey Mini by taking advantage of a “Massive major flaw” and exploiting it.

It was possible, according to Eric Michaud, a partner at Unciphered, to return the OneKey Mini to “factory mode” and bypass the security pin by disassembling the device and inserting coding. This would allow a potential attacker to remove the mnemonic phrase that is used to recover a wallet. This was made possible by returning the device to “factory mode.”

“You have the central processing unit as well as the security element. Your cryptographic keys will always be stored in the secure element. Michaud noted that in a typical situation, the connections between the central processing unit (CPU), which is where the processing is done, and the secure element are encrypted.

“Well, as it turns out, in this particular instance, it wasn’t built to do so. “What you could do is put a tool in the middle that monitors the communications and intercepts them and then injects their own commands,” he said, adding: “That being said, with password phrases and basic security practices, even physical attacks disclosed by Unciphered will not affect OneKey users.” 

The company went on to emphasize that despite the fact that the vulnerability was concerning, the attack vector that was discovered by Unciphered cannot be used remotely. Instead, it necessitates “disassembly of the device and physical access through a dedicated FPGA device in the lab” in order to be possible to execute.

According to OneKey, after discussion with Unciphered, it was divulged that other wallets have been found to have similar difficulties. This was disclosed when it was discovered that other wallets had the same issue.

OneKey said that they have compensated Unciphered with bounties as a way of expressing gratitude for their contributions to the company’s security.

OneKey has said in a blog post that it has already taken significant precautions to secure the safety of its customers. These precautions include protecting customers against supply chain assaults, which occur when a hacker replaces a real wallet with one that is under their control.

Tamper-proof packaging for shipments has been one of the steps taken by OneKey, along with the use of Apple’s own supply chain service providers for the purpose of ensuring tight supply chain security management.

They have aspirations to add onboard authentication in the not too distant future and to update more recent hardware wallets with higher-level security components.

According to what was said by OneKey, the primary objective of hardware wallets has always been to safeguard the financial assets of users from cyber-attacks, computer viruses, and other potential threats; nevertheless, sadly, nothing can be completely secure.

“When we look at the entire manufacturing process of hardware wallets, from silicon crystals to chip code, from firmware to software, it’s safe to say that any hardware barrier can be breached with enough money, time, and resources; even if it’s a nuclear weapon control system.” “When we look at the entire manufacturing process of hardware wallets, from silicon crystals to chip code, from firmware to software,”


Tagged : / / / / / /

550 BNB lost in contract exploit by decentralized exchange

Recently, the decentralized exchange (DEX) system known as CoW Swap came under assault, resulting in the loss of at least 550 BNB (BNB) due to a contract hack that permitted money transfers away from the platform.

The occurrence was spotted by the blockchain surveyor MevRefund, which also noticed that the cash seemed to be migrating away from the CoW Swap exchange. In a Twitter thread, the maximum extractable value (MEV) searcher sent a warning to the DEX and the users of the exchange about the vulnerability.

A wallet address was reportedly added as a “solver” of CoW Swap by using a multisig, as stated by the company BlockSec, which audits smart contracts. The address then initiated the transaction to authorise DAI (DAI) to SwapGuard, which resulted in SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses. DAI was transferred to other addresses by SwapGuard.

The blockchain security company PeckShield calculated that around 551 BNB, which had a value of $181,600 at the time this article was written, had been stolen. Following the theft of the assets, the hacker sent the money to the famed cryptocurrency mixer Tornado Cash.

During the assault, several members of the community had a momentary moment of fear and advised other users to remove their approvals from the DEX. On the other hand, the protocol for decentralized finance (DeFi) said that this is not required.

A research from DappRadar states that in spite of the hacks that have occurred in relation to DeFi, the industry as a whole has gotten off to a fruitful start in 2023. According to the data collected, the overall value of locked procedures had a considerable increase during the month of January.

In other developments, the United Nations has claimed that cybercriminals operating out of North Korea stole a greater quantity of cryptocurrency in 2022 than to any previous year. According to the findings of the research, cybercriminals with ties to North Korea were responsible for the theft of crypto assets valued at between $630 million and $1 billion in 2017.

Disclaimer: CoW Swap’s remarks and the official Twitter announcement have been included to this post after it was modified.


Tagged : / / / /

North Korea Stole Over $1 Billion in Crypto in 2022

According to an unclassified study from the United Nations, cybercriminals operating out of North Korea stole more digital assets in 2022 than in any previous year.

According to Reuters, the UN report was sent to a 15-person committee that is in charge of imposing sanctions on North Korea one week ago.

Following attacks on the computer networks of international aerospace and military corporations, it was discovered that hackers with ties to North Korea were responsible for between $630 million and more than $1 billion worth of crypto assets being stolen in 2017.

The United Nations research found that cyber assaults were more sophisticated than in previous years, making it more difficult than it has ever been to track down monies that have been stolen.

The independent sanctions monitors stated in their report to the United Nations Security Council Committee that “[North Korea] used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance and to steal information of potential value, including information related to its weapons programs.”

A report published on February 1 by the blockchain analytics company Chainalysis came to a similar conclusion last week. According to this report, North Korean hackers were responsible for the theft of at least $1.7 billion worth of cryptocurrency in 2022, making it the worst year ever for crypto hacking.

According to the company, the cybercriminal syndicates have been the most “productive bitcoin hackers over the last several years.”

According to Chainalysis, “For comparison, North Korea’s entire exports in 2020 comprised $142 million worth of products,” thus it isn’t a reach to argue that hacking cryptocurrencies is a major portion of the nation’s economy.

According to Chainalysis, at least $1.1 billion of the stolen wealth was acquired via hacks of decentralized finance protocols. This indicates that North Korea was one of the driving factors behind the trend of hacking decentralized financial protocols that accelerated in 2022.

The company also discovered that hackers with ties to North Korea often transfer huge quantities of money to mixers like Tornado Cash and Sinbad.

According to Chainalysis, the pace at which assets stolen by other persons or organizations are transferred to mixers is far lower than the rate at which funds stolen by hackers with ties to North Korea are transferred.

North Korea has frequently denied allegations that it is responsible for cyberattacks; however, the new UN report alleges that North Korea’s primary intelligence bureau, the Reconnaissance General Bureau, utilizes several groups such as Kimsuky, Lazarus Group, and Andariel specifically for the purpose of conducting cyberattacks.

According to the report published by the United Nations, “these actors continued to illicitly target victims in order to earn income and solicit information of value to the DPRK, particularly its weapons programmes.”

Last week, the entire report was presented to the North Korea sanctions committee of the 15-member council. According to recent reports, it is expected that the report will be made public either later this month or early in March.


Tagged : / / / / / /
Bitcoin (BTC) $ 26,652.14 1.65%
Ethereum (ETH) $ 1,594.56 1.83%
Litecoin (LTC) $ 64.98 0.38%
Bitcoin Cash (BCH) $ 208.93 2.46%