Crypto Hacks and Scams on the Rise

Crypto security and auditing company CertiK reported a total loss of $103.7 million due to vulnerabilities, frauds, and hacks in the month of April. Because of this, the overall loss for the year amounts to 429.7 million dollars. The month was particularly marked by major hacks, including the theft of $22 million from a hot wallet exploit at the Bitrue exchange, which resulted in a loss of $22 million; the hack of South Korea’s GDAC exchange, which resulted in a loss of $13 million; and the theft of $25.4 million due to an exploit of several MEV trading bots on April 3.

According to reports from CertiK, the overall losses incurred by crypto and DeFi exploits throughout the month amounted to $74.5 million. This is about half of the total $145 million that was exploited during the first four months of the year. assaults against flash loans were also common, resulting in losses of around $20 million. Yearn Finance was the primary victim of these assaults, which occurred when a hacker exploited an outdated smart contract on April 13.

In April, exit scams were another factor that contributed to the large amount of money lost, which was $9.4 million. The most successful exit scam for the month was perpetrated by Merlin DEX, which resulted in a loss of $2.7 million. Considering that the protocol had been audited by CertiK, which had previously warned about centralization problems, this was an especially worrying development. After the attack, Certik implemented a compensation plan, in which they demanded that the malicious developer pay back 80% of the stolen funds and offered a white hat bounty of 20% of the total amount.

In the month of April, the Rekt Database maintained by De.Fi documented over fifty crypto-related scams, hacks, and rug pulls. These Memecoin rug pulls made up a significant chunk of the total. The flash loan assault against the Polygon-based Ovix protocol, which occurred on April 28 and resulted in a loss of $2 million, was the most recent incident.

Hacks and frauds using cryptocurrencies are becoming more common, highlighting the need for stronger security measures inside the cryptocurrency ecosystem. Before putting money into any cryptocurrency project, it is essential for users and investors to do extensive research and due diligence on the project. Auditing companies such as CertiK play an essential part in determining the nature of any possible security threats that may exist and in elevating the level of industry-wide security.


Tagged : / / / / / and Jump Crypto Retrieve $225 Million in Crypto

Jump Crypto, a Web3 infrastructure provider, and, a decentralized finance (DeFi) platform, have carried out a “counter exploit” on the Wormhole protocol hacker. As a result, the pair has reclaimed $225 million worth of digital assets and moved them to a secure wallet.

The Wormhole hack took place in February 2022 and resulted in the theft of around $321 million worth of wrapped Ethereum (wETH) by exploiting a weakness in the token bridge of the protocol.

Since then, the hacker has transferred the stolen assets using a number of Ethereum-based decentralized services (DApps), such as Oasis, which has recently opened up vaults for wrapped stETH (wstETH) and Rocket Pool ETH (RETH).

The team confirmed the existence of a counter exploit in a blog post that was published on February 24. The post explained that the team had “received an order from the High Court of England and Wales” to retrieve certain assets that were associated with the “address associated with the Wormhole Exploit.”

According to the team, the recovery was started using “the Oasis Multisig and a court-authorized third party,” which was named as Jump Crypto in an earlier report from Blockworks Research. The report also indicated that the retrieval was successful.

According to the transaction histories of both vaults, Oasis transferred 120,695 wsETH and 3,213 rETH on February 21 and stored them in wallets that are controlled by Jump Crypto. The hacker was also found to have around $78 million worth of debt in the MakerDAO stablecoin known as Dai (DAI), which was returned.

“We are also able to certify that the assets were transferred without delay onto a wallet that is managed by the permitted third party, as the court ruling requested.” It is stated in the blog post that “we do not maintain any control or access to these assets.”

The company underlined that it was “only conceivable owing to a previously undiscovered weakness in the architecture of the admin multisig access,” in reference to the negative ramifications of Oasis being able to collect crypto assets from its user vaults.

According to the publication, a vulnerability of this kind had been brought to light earlier this month by hackers wearing white hats.

We would like to emphasize that this access was implemented with the express purpose of safeguarding user assets in the case of a possible attack, and that it would have enabled us to respond rapidly in order to fix any vulnerabilities that were brought to our attention. It is important to emphasize that the assets of the users have never been in danger of being accessed by an unauthorized third party, neither in the past nor in the present.


Tagged : / / / /

Two suspects have been arrested by the French police in connection with Platypus

According to the authorities in the area, the French police have made two arrests in connection with the 9.1 million euro cryptocurrency heist that was perpetrated by Platypus, and they have also reported seizing 210,000 euros worth of bitcoin.

According to Platypus, the on-chain sleuth ZachXBT and the cryptocurrency exchange Binance provided help for the investigations that led to the arrests. On February 16, a single exploiter carried out three different flash loan assaults, each of which resulted in a breach of the decentralized system.

As a consequence of the assaults, a number of stablecoins in addition to other digital assets were stolen. The first assault led to the theft of valuables worth roughly $8.5 million, which were then sold off. In the second occurrence, about 380,000 assets were delivered to the Aave v3 contract when they should not have been. The third break-in resulted in the theft of around $287,000 worth of goods. As a direct consequence of the hack, the stablecoin known as Platypus USD (USP) was untethered from the United States dollar.

Platypus has just established that the perpetrators employed a flash loan technique in order to investigate a logic flaw inside the USP solvency check mechanism within the collateral-holding. The operations of the stable swap have not been disrupted in any way.

Avi Eisenberg, the exploiter of Mango Market, is said to have employed the similar technique, which is known as a flash assault, when he claimed credit for manipulating the price of the MNGO currency in October 2022. Following the discovery of the vulnerability, Eisenberg said that “all of our acts were legitimate open market actions, utilizing the protocol as it was intended.” On December 28th, Eisenberg was taken into custody in Puerto Rico on allegations related to fraud.

On February 23, Platypus made public their proposal to reimburse customers who had their monies stolen. The protocol stipulates that 63% of the monies from the primary pool shall be returned within a period of six months. Reminting the stablecoins that have been frozen according to the plan might result in 78% of the cash being returned. According to what was indicated in the protocol, “if our application presented to Aave is granted and Tether verifies reminting the frozen USDT, we will be able to retrieve about 78% of user’s cash.”


Tagged : / / / /

Dozens of AI-Powered Chatbot Tokens Found to Be Part of honeypot schemes

PeckShield, a company that specializes in blockchain security, has sounded the alarm after discovering hundreds of tokens that falsely claim to be tied to the artificial intelligence (AI) powered chatbot ChatGPT.“

In a post dated February 20, the company disclosed that at least three “BingChatGPT” tokens seem to be part of honeypot scams. A honeypot strategy is a kind of smart contract that deceives a user into contributing Ether (ETH), which the attacker subsequently captures and collects.

In what is commonly known as a “pump and dump” scheme or a “rug pull,” PeckShield reports that at least two of the identified tokens have already lost nearly 100% of their value, while a third is at a loss of 65%. This type of scheme involves the purchase of an asset with the intention of quickly selling it at a higher price.

Typically, the organizers of a pump-and-dump scheme would orchestrate a campaign of deceptive claims and hype to entice investors to purchase tokens, and then they will discreetly sell their interest in the plan as prices go up. This is done in order to make a profit from the scam.

According to PeckShield, at least one of the malicious actors behind the tokens is known as “Deployer 0xb583,” and he is responsible for the creation of “dozens of tokens using a pump and dump strategy.”

PeckShield did not provide an explanation as to why the malicious actors are using the name BingChatGPT for their tokens; however, it is possible that the scammers are attempting to capitalize on the announcement made on February 7 that OpenAI’s ChatGPT technology will be integrated into Bing as well as Microsoft’s Edge web browser.

It’s possible that using the name “Microsoft Token” is an effort to fool victims into believing they are connected to Microsoft in some way, in order to capitalize on the buzz surrounding AI chatbots.

A research published on February 16 by the blockchain analytics company Chainalysis stated that approximately 10,000 new tokens created in 2022 exhibited all the on-chain hallmarks of being pump-and-dump operations. This information was recently made public.

According to the Blockchain analytics company, there were 1.1 million tokens released in 2018, but only 40,521 had a “effect on the crypto ecosystem.” This means that there were at least 10 swaps during four consecutive days of trading in the week after their introduction.

The company said that of of the 40,521 tokens that were introduced in 2022 and got sufficient momentum to be worth investigating, 9,902 or 24 percent had a price fall in the first week that was suggestive of likely pump and dump behaviour.

The company noted that it examined 25 specific tokens and found that “they were almost certainly designed for a pump and dump,” with malicious honeypot code that prevents new buyers from selling the token. While a price drop on its own is not an indication of wrongdoing on the part of token creators, the company noted that it examined 25 in particular and found that “they were almost certainly designed for a pump and dump.”


Tagged : / / / / / / /

Hope Finance Scam Leaves Prospective DeFi Users Out of Pocket

After the discovery of a vulnerability with a value of $2 million, potential customers of an Arbitrum-based decentralized finance (DeFi) effort have been left without any financial remedy. This is because the vulnerability has been exploited.

On February 21, the Hope Finance Twitter account warned clients about the fraud, which prompted the Web3 security company CertiK to raise the alarm about the situation.

It is quite challenging to get any information on the project. A Twitter account for the platform was established in January of 2023, and on that account, information was published on the network’s plans to build an algorithmic stablecoin that would be dubbed Hope token. This information was provided on the Twitter account (HOPE). The amount of Ether that is now being exchanged for one unit of HOPE causes real-time modifications to be made to the supply of the HOPE coin (ETH).

“It would seem that the con artist modified with the TradingHelper contract, which meant that the money were delivered to the con artist every time 0x4481 called OpenTrade on the GenesisRewardPool.” This includes the erroneous application of a modifier as well as the potential of reentrancy attacks. Cognitos discovered that the smart contract code was still able to pass the audit with flying colors, despite the fact that these vulnerabilities had been identified and pointed out.

As a reaction to the fraudulent behavior, Hope Finance disseminated information to its users, which provided them with the possibility to remove staked currency from the protocol by making use of an emergency withdrawal option.

Arbitrum is a roll-up network that was built on top of Ethereum’s layer 2 and has the potential to enable smart contracts to expand in an exponential form. This potential was discovered when the network’s creators saw that Ethereum’s layer 2 was lacking in roll-up capabilities.

Optimism and the other layer-2 protocols are continue to deal with an ever-increasing amount of transactions inside the Ethereum ecosystem. The ability to maintain a positive outlook is one of these protective strategies.


Tagged : / / / / / /

MetaMask Warns Investors Against Phishing Attempts by Scammers

MetaMask, a popular supplier of cryptocurrency wallets, issued a warning to investors about continuous phishing efforts. These phishing attempts are being carried out by fraudsters who are trying to contact consumers using Namecheap’s third-party upstream system for emails.

The web hosting business Namecheap discovered that one of its third-party services had been abused in the evening of February 12 for the purpose of sending some unwanted emails, which were directed specifically against users of MetaMask. “email gateway problem” was how Namecheap referred to the situation in question.

In the proactive notice, MetaMask informed its million users that it does not collect Know Your Customer (KYC) information and would never contact users through email to discuss account details. This was done to ensure that users are aware that the company does not conduct KYC checks.

Phishing emails sent out by the hacker include a link that, when clicked, takes the recipient to a bogus MetaMask website that requests a confidential recovery phrase “to keep your wallet safe.”

Investors were cautioned by the provider of the wallet not to disclose their seed words, since doing so would give an unauthorized third party entire control over the user’s cash.

NameCheap has additionally verified that its services were not compromised in any way, nor did any customer information get compromised as a result of this incident. Namecheap acknowledged that their mail delivery was restored within two hours after the original notification, and that all future notifications will now come from the official source.

On the other hand, the primary problem with the sending of unwanted emails is still being looked at at this time. When dealing with correspondence from MetaMask and Namecheap, investors are cautioned to double examine any website URLs, email addresses, and points of contact provided by the companies.

A hacker utilized Google Ad services in January to steal nonfungible tokens (NFTs) and cryptocurrencies from investors. This incident took place in January.

After inadvertently installing malicious malware that was placed in a Google advertising, the NFT influencer known as NFT God suffered “a life-changing amount” of loss.

The event took place when the influencer used the Google search engine in order to download OBS, which is open-source software for video streaming. However, he chose to click on the link that led to a sponsored advertising rather than the legitimate link, which resulted in a loss of financial resources.


Tagged : / / / / / / / /

$46 million in ill-gotten crypto on the move again

The ill-gotten cryptocurrency from one of the industry’s major hacks is on the move again, with on-chain data suggesting that another $46 million of stolen assets has been migrated from the hacker’s wallet. This heist was one of the largest in the industry’s history.

The Wormhole assault, which occurred in February 2022 and resulted from a vulnerability in Wormhole’s token bridge, was the third-largest crypto breach that took place in 2022. Wrapped Ethereum (wETH) valued at around $321 million was taken.

PeckShield, a company that specializes in blockchain security, reports that the hacker’s connected wallet has been active once again, and it has moved $46 million worth of cryptocurrency assets.

This was comprised of about 24,400 Ethereum staking tokens wrapped by Lido Finance (wstETH), which have a value of approximately $41.4 million, and 3,000 Ethereum staking tokens wrapped by Rocket Pool (rETH), which have a value of around $5 million and were relocated to MakerDAO.

According to PeckShield, the hacker seems to be looking for yield or arbitrage chances on their stolen wealth since the assets were swapped for 16.6 million DAI.

After that, the MakerDAO stablecoin was used to purchase 9,750 ETH at a price of around $1,537 and 1,000 stETH. After then, they were rewrapped into a total of 9,700 wstETH.

On February 10, a detective working on the blockchain saw that the hacker was “buying the dip.”

Nevertheless, throughout the course of the previous several hours, the price of Ether (ETH) has dropped below those levels. According to CoinGecko, ETH was trading at $1,505 at the time of this writing, representing a loss of 2.6% for the day.

When the transactions were taking place, the price of stETH had depegged from that of Ethereum and had reached a high of $1,570. At the time of this writing, they were trading at $1,541, which was 2.4% higher than ETH. In addition, the price of wstETH has depegged and increased to $1,676, which is 11.3% greater than the value of the underlying asset.

The most recent transfer of cash comes only a few short weeks after the hacker transferred an additional $155 million worth of Ethereum to a decentralized exchange.

On January 24, 95,630 ETH was transferred to the OpenOcean DEX, where it was later turned into ETH-pegged assets. These ETH-pegged assets included Lido’s stETH and wstETH.


Tagged : / / /

OneKey Addresses Vulnerability That Allowed Hardware Wallet to be Hacked

OneKey, a company that provides cryptographic hardware wallets, has said that it has already patched a flaw in its firmware that made it possible for one of its hardware wallets to be compromised in under one second.

Unciphered, a firm in the field of cybersecurity, said in a video that was uploaded on YouTube on February 10 that it has discovered a means to “break open” a OneKey Mini by taking advantage of a “Massive major flaw” and exploiting it.

It was possible, according to Eric Michaud, a partner at Unciphered, to return the OneKey Mini to “factory mode” and bypass the security pin by disassembling the device and inserting coding. This would allow a potential attacker to remove the mnemonic phrase that is used to recover a wallet. This was made possible by returning the device to “factory mode.”

“You have the central processing unit as well as the security element. Your cryptographic keys will always be stored in the secure element. Michaud noted that in a typical situation, the connections between the central processing unit (CPU), which is where the processing is done, and the secure element are encrypted.

“Well, as it turns out, in this particular instance, it wasn’t built to do so. “What you could do is put a tool in the middle that monitors the communications and intercepts them and then injects their own commands,” he said, adding: “That being said, with password phrases and basic security practices, even physical attacks disclosed by Unciphered will not affect OneKey users.” 

The company went on to emphasize that despite the fact that the vulnerability was concerning, the attack vector that was discovered by Unciphered cannot be used remotely. Instead, it necessitates “disassembly of the device and physical access through a dedicated FPGA device in the lab” in order to be possible to execute.

According to OneKey, after discussion with Unciphered, it was divulged that other wallets have been found to have similar difficulties. This was disclosed when it was discovered that other wallets had the same issue.

OneKey said that they have compensated Unciphered with bounties as a way of expressing gratitude for their contributions to the company’s security.

OneKey has said in a blog post that it has already taken significant precautions to secure the safety of its customers. These precautions include protecting customers against supply chain assaults, which occur when a hacker replaces a real wallet with one that is under their control.

Tamper-proof packaging for shipments has been one of the steps taken by OneKey, along with the use of Apple’s own supply chain service providers for the purpose of ensuring tight supply chain security management.

They have aspirations to add onboard authentication in the not too distant future and to update more recent hardware wallets with higher-level security components.

According to what was said by OneKey, the primary objective of hardware wallets has always been to safeguard the financial assets of users from cyber-attacks, computer viruses, and other potential threats; nevertheless, sadly, nothing can be completely secure.

“When we look at the entire manufacturing process of hardware wallets, from silicon crystals to chip code, from firmware to software, it’s safe to say that any hardware barrier can be breached with enough money, time, and resources; even if it’s a nuclear weapon control system.” “When we look at the entire manufacturing process of hardware wallets, from silicon crystals to chip code, from firmware to software,”


Tagged : / / / / / /

550 BNB lost in contract exploit by decentralized exchange

Recently, the decentralized exchange (DEX) system known as CoW Swap came under assault, resulting in the loss of at least 550 BNB (BNB) due to a contract hack that permitted money transfers away from the platform.

The occurrence was spotted by the blockchain surveyor MevRefund, which also noticed that the cash seemed to be migrating away from the CoW Swap exchange. In a Twitter thread, the maximum extractable value (MEV) searcher sent a warning to the DEX and the users of the exchange about the vulnerability.

A wallet address was reportedly added as a “solver” of CoW Swap by using a multisig, as stated by the company BlockSec, which audits smart contracts. The address then initiated the transaction to authorise DAI (DAI) to SwapGuard, which resulted in SwapGuard transferring DAI from the CoW Swap settlement contract to other addresses. DAI was transferred to other addresses by SwapGuard.

The blockchain security company PeckShield calculated that around 551 BNB, which had a value of $181,600 at the time this article was written, had been stolen. Following the theft of the assets, the hacker sent the money to the famed cryptocurrency mixer Tornado Cash.

During the assault, several members of the community had a momentary moment of fear and advised other users to remove their approvals from the DEX. On the other hand, the protocol for decentralized finance (DeFi) said that this is not required.

A research from DappRadar states that in spite of the hacks that have occurred in relation to DeFi, the industry as a whole has gotten off to a fruitful start in 2023. According to the data collected, the overall value of locked procedures had a considerable increase during the month of January.

In other developments, the United Nations has claimed that cybercriminals operating out of North Korea stole a greater quantity of cryptocurrency in 2022 than to any previous year. According to the findings of the research, cybercriminals with ties to North Korea were responsible for the theft of crypto assets valued at between $630 million and $1 billion in 2017.

Disclaimer: CoW Swap’s remarks and the official Twitter announcement have been included to this post after it was modified.


Tagged : / / / /

Webaverse Co-Founder Reveals $4 Million Crypto Hack

After having a meeting with con artists who pretended to be investors in a hotel lobby in Rome, the co-founder of the Web3 metaverse gaming engine known as “Webaverse” has stated that the company was the victim of a $4 million crypto heist.

According to the co-founder Ahad Shams, the most peculiar feature of the incident is the fact that the cryptocurrency was taken from a Trust Wallet that had just been set up and that the hack took place at some time during the meeting.

He asserts that the burglars had no way of knowing the private key since he was not linked to a public WiFi network at the time and they would not have had access to it.

Shams thinks that the burglars were able to access the wallet while she was photographing the contents of the wallet to record the amount.

The letter, which was published on Twitter on February 7 and comprises testimonies from Webaverse and Shams, explains that they met with a guy called “Mr. Safra” on November 26 after many weeks of negotiations regarding the possibility of receiving funds.

Shams provided the following explanation: “We communicated with ‘Mr. Safra’ by email and video chats, and he stated that he wanted to invest in interesting Web3 startups.”

“He explained that he had been scammed by people in crypto before, and so he collected our IDs for KYC, and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to ‘get comfortable’ with who we were each doing business with,” he added. “He explained that he had been scammed by people in crypto before.”

Even though Shams was initially skeptical, he agreed to meet “Mr. Safra” and his “banker” in person in the lobby of a hotel in Rome. During this meeting, Shams was supposed to show “Mr. Safra” the “proof of funds” for the project, which “Mr. Safra” claimed he needed in order to begin the “paperwork.””

“Despite the fact that we reluctantly agreed to the Trust Wallet ‘evidence,’ we went ahead and set up a brand new account for Trust Wallet at home on a device that we don’t often use when interacting with them. Our logic led us to believe that even if we lost our private keys or seed phrases, the monies would still be secure “explained Shams.

When we first got together, the three of us sat across from each other and put four million USDC into the Trust Wallet. “Mr. Safra” requested to see the current balances on the Trust Wallet app, at which point he pulled out his phone and pretended to “shoot some photographs.”

Shams clarified that he was of the opinion that everything was above board since “Mr. Safra” did not have access to any private keys or seed phrases.

But as “Mr. Safra” left the conference room, ostensibly to confer with his other banking colleagues, he vanished without a trace and was never seen again. Then Shams saw the disappearance of the cash.

“We were never able to locate him again. After a few minutes, the money was gone from the wallet.

Shams reported the theft to a local police station in Rome almost soon after it occurred, and a few days later she sent an Internet Crime Complaint (IC3) form to the Federal Bureau of Investigation in the United States.


Tagged : / / / / / / / / / /
Bitcoin (BTC) $ 43,704.71 0.71%
Ethereum (ETH) $ 2,228.83 2.79%
Litecoin (LTC) $ 72.58 1.66%
Bitcoin Cash (BCH) $ 245.02 2.67%