Atomicals Market Addresses Security Breach and Announces Compensation Measures

The recent events surrounding Atomicals Market (AM) have been a significant concern for the Atomicals community, especially following a severe security breach in two of its trading markets. This breach led to hacker attacks and considerable losses for users, stirring up discussions and demands for action within the community. Shep.eth, an early participant and active community member, took the initiative to address these issues directly with the AM team.

In a detailed letter to the community, shep.eth elaborated on the unfortunate security incidents at Atomicals’ trading markets. Although the details of the attacks were already widely discussed in the community and clarified by the Atomicals protocol team, shep.eth focused on the response and resolution efforts. Representing the interests of affected users and the community, shep.eth held discussions with the AM team to clarify the incident’s causes and explore potential compensation for those who suffered losses.

These discussions led to several significant developments. First, a change in leadership was announced, with @BRC20Coins, the founder of AM, stepping down from any management role. An anonymous individual, a friend of shep.eth, is set to take over as the new CEO. This transition is part of a broader effort to ensure that similar issues are prevented in the future. The new team also committed to compensating the total of 33,000 $ATOM lost in recent ‘zero-dollar purchase’ events, promising to complete this within a week after the leadership transition.

In addition to these measures, AM plans to overhaul its operational and development teams. This restructuring aims to enhance testing processes, ensuring asset safety, an improved user experience, and more effective communication. Moreover, AM intends to revisit its branding, including its logo and name, reflecting a new direction and commitment to security and trust.

Despite not being involved in AM’s management or decision-making, shep.eth will continue to contribute as a community member and a friend of the new CEO. He emphasized the community’s vital role in the protocol’s development and expressed hope for AM’s future under new leadership, focusing on rectifying past mistakes and providing safer, better services to the community and users.

Atomicals Protocol also issued a response, clarifying their position regarding the security issues. They refuted claims of negligence related to the use of SIGHASH_NONE signatures, explaining that they had warned AM against this practice due to its associated risks. The protocol stressed the importance of prioritizing user safety and trust, asserting their independence from Atomicals Market and other projects.

Image source: Shutterstock

Source

Tagged : / / / / / / / / / / / / /

Huobi HTX Responds to Recent Hack, Ensures Full Compensation for Affected Users

On November 22nd, 2023, Huobi HTX, previously known as Huobi Global, experienced a significant security breach. This attack led to a substantial loss, initially estimated at $13.6 million but later valued at approximately $30 million. This incident marks another in a series of cybersecurity challenges faced by cryptocurrency exchanges and related platforms.

Following the attack, Huobi HTX issued a statement to its users, reassuring them about the security of their funds. The exchange committed to fully compensating the losses incurred due to the attack, emphasizing its dedication to user fund safety. Despite the substantial loss, HTX clarified that the incident had a minimal impact on the platform’s overall financial health and would not affect its normal operations.

Huobi HTX announced plans to resume deposit and withdrawal services within 24 hours of the incident. In line with its commitment to security, HTX highlighted the importance of protecting user assets and information. The exchange assured the implementation of all necessary measures to prevent such incidents in the future.

This incident is part of a larger pattern of security breaches affecting platforms associated with or managed by Chinese entrepreneur Justin Sun. Notably, the HTX Eco (HECO) Chain bridge, involving HTX, Tron, and BitTorrent cryptocurrency, suffered an $86.6 million loss in a separate attack. In total, HTX and other Sun-related businesses have faced four distinct hacks in the past two months, raising concerns about the robustness of their security measures.

The most notable recent attack was against the Poloniex exchange on November 10th, resulting from an alleged private key breach. This incident led to a loss of $100 million, prompting an ongoing investigation to identify the root cause. A $10 million white hat reward is currently offered for the return of the funds stolen in the Poloniex exploit.

Justin Sun has publicly addressed these incidents, emphasizing ongoing investigations to understand the reasons behind these hacks. He reassured that services would resume once the investigations are complete and the vulnerabilities are addressed.

Image source: Shutterstock

Source

Tagged : / / / / / / / / /

Bitfinex Tackles Phishing Incident: No Customer Funds Affected

Bitfinex, a famous cryptocurrency exchange located in Hong Kong, has announced a security compromise that has been controlled. The incident was the result of a phishing effort that was directed at one of the company’s customer care representatives. The incident took place between the 30th of October and the 5th of November and entailed illegal access to a portion of the company’s customer support boards. These boards contained user information that was out of current and incomplete.

Bitfinex provided more details on the security breach in a statement that was made public on November 4 and emphasized that the impacted customer support forums only included “partial, incomplete, and outdated information.” Because the compromised agent did not have senior-level rights, the phishing attempt did not result in a broad data breach. This kept the infected agent from having access to support tools and helpdesk requests.

Bitfinex has certified that the fundamental infrastructure of the exchange, including servers, wallets, and database systems, has remained intact and unbreached despite the unlawful access that was granted to the company. The prompt action taken by the exchange to resolve the problem guaranteed that there would be no loss of client cash and that the confidentiality of password information would be maintained.

Bitfinex has responded to the situation by conducting a review of the information that was exposed and has begun communicating with the impacted clients, the majority of whom owned dormant or empty accounts. The relevant authorities have been informed, which demonstrates Bitfinex’s dedication to both legal compliance and joint efforts to track down and capture the offender(s).

After the incident, Bitfinex reaffirmed its commitment to providing its employees with continual security training and the implementation of stringent security standards. In spite of the fact that the exchange has a history of achieving convictions against previous attackers, this most recent episode serves as a reminder of the ever-present hazards that exist inside the area of digital assets. The proactive approach that Bitfinex takes with regard to cybersecurity is shown by the solid connection that the exchange has with law enforcement authorities and the regular security checks that are performed.

Image source: Shutterstock

Source

Tagged : / / / / / / / / /

Stars Arena Recovers Majority of Stolen Crypto

Web3-based social media platform, Stars Arena, has made a significant recovery of the crypto assets lost during a security breach on October 7, 2023. As per the update shared on October 11, 2023, via a tweet, the platform successfully reclaimed approximately 90% of the stolen funds. The total amount stolen was 266,104 Avalanche (AVAX) tokens, which, at the time, had a market value of around $3 million, as reported by Blockchain.News. The recovery came after the platform reached a settlement with the individual responsible for the exploit. The compromised funds were returned, excluding a 10% bounty fee given to the exploiter, which amounted to 26,610 AVAX, plus an additional 1,000 AVAX that was apparently lost in a bridge during the exploit, totaling a 27,610 AVAX bounty.

Stars Arena received back a sum of 239,493 AVAX, processed in two separate transactions, each comprising 119,246 AVAX. The bounty, valued at nearly $257,000 at the time, served as a compensatory measure for the individual responsible for the exploit.

Following the recovery, Stars Arena has taken strides to bolster its security framework to prevent similar incidents in the future. The platform disclosed that it has developed a new smart contract to secure the returned funds before re-launching. As a part of the ongoing effort to enhance security, the platform is in the final stages of conducting an audit on the new contract. Initially, on October 7, the platform had notified its community about the significant security breach caused due to a flaw in the smart contract that led to the draining of funds.

In a follow-up update, Stars Arena revealed that it has secured additional funding to address the security lapse and has engaged a development team to conduct a comprehensive security audit. However, details regarding the nature of the exploit have yet to be disclosed.

This wasn’t the first security issue faced by Stars Arena. Merely two days before the major exploit, on October 5, a smaller security breach occurred, though the hackers could only manage to steal around $2,000 worth of assets. The root cause was identified as a vulnerable price function in the platform’s smart contract, which allowed the exploiter to sell user shares at no cost and receive AVAX in return. The vulnerability was later patched by the platform.

The security challenges aren’t unique to Stars Arena as its main competitor, Friend.tech, has also witnessed targeted SIM-swap attacks. In response, Friend.tech has recently enhanced its security features to thwart such attempts.

Image source: Shutterstock

Source

Tagged : / / / / / /

Stars Arena Tightens Security Following $3M Exploit

In the wake of a damaging security breach that saw a loss of nearly $3 million, Stars Arena, an Avalanche-based Web3 social media application, has taken significant steps to bolster its security infrastructure and restore users’ trust. Following the exploit on October 6, 2023, the company has moved its funds to a more secure multisig wallet, launched an extensive security audit, and employed a white hat team to assess and enhance the platform’s security measures.

On October 7, 2023, Stars Arena updated its followers on the remedial steps being taken post-exploit. The funds were transferred from the original fee wallet to a new Gnosis Safe multisig wallet, requiring three out of six signatures from the Stars Arena team members for transactions. This wallet, identified by the address 0xAc0388Fe24D65358f2fF063ebCbEfa321A2a091d, is part of the security infrastructure overhaul aimed at preventing future breaches.

Stars Arena has successfully secured resources to cover the financial void left by the exploit, which equated to a loss of 266,103 Avalanche (AVAX) tokens, translating to almost $3 million at the time. The disclosure about the financial cover-up and the introduction of a white hat team for a rapid security review were made on the social media platform X (formerly Twitter). The white hat team is expected to scrutinize the platform’s security before reopening the contract to the users.

Blockchain security firm SlowMist traced the hacker’s activities, establishing that the stolen AVAX tokens were transferred to the address (0xa2Eb…ad7A), and a portion of these tokens, 50.32 AVAX, was later moved to the Fixed Float crypto exchange on October 6. The tracking of the stolen funds and the hacker’s activities is ongoing as the community seeks to recover the lost funds and bring the perpetrator(s) to justice.

Amidst these developments, Stars Arena has advised users against depositing any new funds until the security audit is complete and the platform’s contract is reopened. The advisory underscores the platform’s commitment to securing users’ assets while the necessary security enhancements are being implemented.

Image source: Shutterstock

Source

Tagged : / / / / / / / /

Mixin Network Suffers $200 Million Hack

Key Takeaways

Mixin Network’s cloud service provider database was attacked on September 23, 2023, resulting in a loss of approximately $200 million.

Blockchain security firm SlowMist is assisting in the ongoing investigation.

Deposit and withdrawal services on Mixin Network have been temporarily suspended.

Security Breach and Financial Impact

In a significant security breach, Mixin Network’s cloud service provider database was compromised on September 23, 2023, Hong Kong time. The attack led to the loss of assets on the mainnet, with the funds involved estimated to be around $200 million. The announcement was made on September 25, 2023, via Mixin’s official Twitter account, which has garnered significant attention, accumulating over 140K views.

Investigation and Immediate Actions

Mixin Network has enlisted the help of blockchain security company SlowMist to assist in the investigation. SlowMist has also issued a security alert regarding the incident. In addition to SlowMist, Mixin Network has contacted Google for further assistance. Deposit and withdrawal services on the network have been temporarily suspended until vulnerabilities are confirmed and fixed. However, transfers between accounts remain unaffected during this period.

Community Reactions and Previous Incidents

The crypto community has expressed concern and frustration over the incident, especially considering the recent hacks involving Stake, CoinEX, and Remitano exchanges. Crypto detective ZachXBT highlighted the alarming frequency of these nine-figure hacks, stating, “Wtf another 9 figure hack (all liquid assets).

Upcoming Announcements

Mixin founder Feng Xiaodong is scheduled to explain the incident in a public Mandarin livestream at 13:00 HKT on September 25, 2023. The Mixin team will later summarize the content in English for broader dissemination. Plans on how to deal with the lost assets will be announced subsequently.

Disclaimer & Copyright Notice: The content of this article is for informational purposes only and is not intended as financial advice. Always consult with a professional before making any financial decisions. This material is the exclusive property of Blockchain.News. Unauthorized use, duplication, or distribution without express permission is prohibited. Proper credit and direction to the original content are required for any permitted use.

Image source: Shutterstock

Source

Tagged : / / / / / / / /

Alphapo Hot Wallets Drained of Over $23M in BTC, ETH and TRON

Alphapo, a payment processor for various gambling services, reported a breach of their hot wallets today, July 23, 2023. The breach resulted in a loss of over $23 million in Ethereum (ETH), TRON (TRX), and Bitcoin (BTC) cryptocurrencies. The exact amount of BTC stolen remains unclear.

Alphapo is known for processing payments for several gambling services, including HypeDrop, Bovada, and Ignition. Following the incident, HypeDrop, one of Alphapo’s customers, had to disable withdrawals.

The stolen funds on Ethereum were swapped for ETH and then bridged to Avalanche and Bitcoin. The addresses involved in the breach include:

  • 0x040a96659fd7118259ebcd547771f6ecb9580d17
  • 0x6d2e8a20b8afa88d92406d315b67822c01e53c38
  • TKSitnfTLVMRbJsF1i2UH5hNUeHLDrXDiY
  • TDoNAZHa7WxarUAFbQUhiijTGtd7EpbzRh
  • TJF7mdFxDuHB4tb9hoyR4SCpKxk7gr23ym1

In response to a query about the deposit and withdrawal issues, HypeDrop stated, “Our provider is currently working to solve some recent issues from their side, they are facing problems specifically related to withdrawals of BTC, ETH, and TRX, as well as deposits for ETH and TRX. We are actively monitoring the situation with them and will provide you with an update when more information is available. Be assured that if your payment has been affected, your funds are secure 🙂”.

The incident has sparked questions regarding Alphapo’s security protocols and the subsequent effects on its clientele. Observers are keenly following the situation, with further developments anticipated as the inquiry unfolds.

In a related development, a user has raised concerns about HypeDrop’s operations. The user alleges that HypeDrop, managed by an individual named Killian, operates several unregulated online casinos. The user claims that large winners are immediately subjected to a Know Your Customer (KYC) process, which allegedly has been leaked in the past, particularly with their influencers. The user also alleges that the KYC process is never approved. Furthermore, the user criticizes HypeDrop’s policy on their CSGO gambling sites, which allows crypto deposits but not withdrawals, a privilege only granted to influencers and skin suppliers.

Image source: Shutterstock

Source

Tagged : / / / / / / / / /

USD Coin Chief Strategy Officer Twitter Account Hacked

In a security breach, the Twitter account of Circle’s USD Coin (USDC) stablecoin chief strategy officer Dante Disparte has been compromised. The hack resulted in the promotion of fake loyalty rewards for long-time USDC users, which was tweeted from Disparte’s account and later deleted. Prior to the incident, the account had been tweeting about the regulatory developments of the firm and its participation in Paris Blockchain Week.

The security breach comes less than a month after the USDC briefly depegged due to reserve deposits left in the custody of defunct American tech bank Silicon Valley Bank. However, the incident was resolved, and the USDC has repegged, although there is still a slight variance with the stablecoin’s peg at the time of publication.

Circle’s USDC stablecoin is a regulated cryptocurrency that is backed by US dollars on a one-to-one basis. The stablecoin has been gaining popularity as a means of conducting transactions on cryptocurrency exchanges due to its stability compared to other cryptocurrencies, which are known for their volatility.

Hacking incidents have been prevalent in the cryptocurrency industry, with high-profile cases including the 2014 Mt. Gox hack, which resulted in the loss of around 850,000 bitcoins. In response to the incident, Circle has not provided any further details about the security breach or the steps it has taken to mitigate the damage caused by the hack. However, it is likely that the company will conduct a thorough investigation to determine the extent of the breach and prevent similar incidents from occurring in the future.

The security of cryptocurrencies and their related infrastructure is a pressing concern for regulators and market participants alike. In response to these concerns, regulatory bodies around the world have been implementing new measures to safeguard cryptocurrency exchanges and other digital asset platforms. The recent hack of Circle’s USDC stablecoin chief strategy officer’s Twitter account highlights the need for increased security measures and greater vigilance in the cryptocurrency industry.

Source

Tagged : / / / /

Algorand Wallets Hacked Again

Algorand-based wallets have been hit by security breaches in recent weeks, with MyAlgo and Algodex both experiencing hacks. MyAlgo urged users to withdraw their assets or rekey their funds after a February security breach that resulted in losses of around $9.2 million. In the past week, a targeted attack was carried out against a group of high-profile MyAlgo accounts. The cause of the breach is unknown, and the wallet provider has encouraged users to take precautionary measures to protect their assets. Meanwhile, Algodex revealed that a malicious actor infiltrated a company wallet on March 5, similar to what is happening in the Algorand ecosystem. Algodex moved the bulk of its USD Coin (USDC) and native Algodex (ALGX) tokens to secure locations, but the infiltrated wallet was responsible for providing extra liquidity to the ALGX token. The exchange confirmed that $25,000 in ALGX tokens allocated to provide liquidity rewards were taken, but it would replace this in full. The total loss from the theft was less than $55,000, and Algodex users and the liquidity of ALGX were not affected.

The Algorand Foundation’s chief technology officer, John Wood, confirmed that around 25 accounts were affected by the MyAlgo exploit, and it was not the result of an underlying issue with the Algorand protocol or software development kit (SDK). The foundation is responsible for the development and governance of the Algorand ecosystem, which aims to create a secure and decentralized platform for digital assets and applications. Algorand uses a pure proof-of-stake consensus algorithm that is designed to be energy-efficient and secure against attacks. The protocol has been adopted by a range of projects and companies in the blockchain space, including Circle, the issuer of USDC stablecoin, and the International Blockchain Monetary Reserve, a non-profit organization that aims to provide financial services to underserved communities.

The recent hacks on Algorand-based wallets highlight the importance of securing digital assets and using trusted and reputable service providers. Users should also be aware of the risks associated with storing assets on centralized platforms, which can be vulnerable to attacks and hacks. The Algorand Foundation has been working on enhancing the security of the protocol and its ecosystem by partnering with leading security firms and auditing companies. The foundation also offers grants and support to developers and projects building on the Algorand platform, with a focus on security, scalability, and usability. The foundation’s latest initiative is the Algorand Improvement Proposal (AIP) process, which allows stakeholders and developers to propose and discuss changes to the protocol and its governance. The AIP process is designed to be transparent, collaborative, and community-driven, ensuring that the Algorand ecosystem evolves in a responsible and inclusive way.

In addition to the Algorand Foundation’s efforts, users can take several measures to protect their digital assets and minimize the risks of hacks and breaches. One of the most important steps is to use strong and unique passwords for each account and to enable two-factor authentication (2FA) whenever possible. Users should also avoid sharing sensitive information online or with unknown parties, and to verify the authenticity of emails, messages, and websites before providing any information or making any transactions. Another best practice is to store digital assets in hardware wallets, which are offline devices that offer enhanced security and privacy compared to software wallets and exchanges.

As the adoption of blockchain and digital assets continues to grow, the security and resilience of the underlying infrastructure become even more critical. Algorand and other blockchain platforms must continue to invest in research, development, and education to address the evolving threats and challenges in the digital asset space. Users and stakeholders also have a role to play in promoting best practices, transparency, and accountability in the ecosystem, ensuring that the benefits of blockchain technology are realized in a safe and sustainable way.

Source

Tagged : / / / / /

Crypto.com Restores Withdrawals After Reportedly Losing $15m To Hackers

Crypto.com, the popular cryptocurrency exchange platform, halted all deposits and withdrawals on Monday, January 11, citing “unauthorized activity” on some accounts. It has, however, reinstated some accounts and withdrawal services, noting that the accounts are now safe.

News From Yesterday

According to security and data analytics firm PeckShield, Crypto.com has been the latest target of a cyberattack, with about $15 million worth of cryptocurrency stolen. At least 4,600 Ether has been taken from some of the exchange’s accounts.

Crypto.com issued a tweet informing users that a number of users have reported suspicious behavior on their accounts. Withdrawals will be temporarily halted as their staff investigates the situation. All of the monies are safe, according to the message.

5 BTC + 300 Free Spins for new players & 15 BTC + 35.000 Free Spins every month, only at mBitcasino. Play Now!

Dogecoin (DOGE) founder Billy Markus spotted a strange transaction pattern on Etherscan, leading the firm to suspend all transactions until it can figure out what’s wrong with their platform.

Several users reported on social media that their tens of thousands of dollars worth of digital assets had vanished from the exchange.

Get 110 USDT Futures Bonus for FREE!

Ben Baller, a cryptocurrency enthusiast and jeweller, claimed that his account had been hacked and that he had lost 4.28 Ether (ETH) (about $15,000). He also said he used two-factor authentication, meaning that the suspected criminals had to get around some of Crypto.com’s security measures.

crypto.com

BTC/USD yet to break psychological barrier. Source: TradingView

Tornado Cash was used to move the funds, making it harder to track. Technical glitches on cryptocurrency trading platforms have been increasingly widespread in recent months. Even some of the most prominent crypto exchanges have experienced significant disruptions during peak period.

Related article | Sports NFT Marketplace Lympo Suffers An $18.7 Million Hack

Crypto.com Lost $15 Million To The Hack

Although Crypto.com claims that the accounts are safe, Peckshield, a blockchain security and data analytics firm, claims that the exchange has lost a whopping $15 million in the recent theft, or at least 4,600 ETH.

CEO Kris Marszalek stated on Twitter that no customer funds had been lost. In reaction to the event, the Crypto.com team reinforced the exchange’s security infrastructure, he noted. The security incident is currently being investigated internally at the exchange.

After hours of waiting, Crypto.com tweeted that security on all accounts is being increased out of an abundance of caution, asking users to sign in to their App & Exchange accounts and Reset their 2FA. They also stated that this update will be gradually given out to users over the next few hours. Withdrawals will be re-enabled once this process is completed. They stated that they recognize that this may be inconvenient for users, but that security comes first.

With over 10 million customers, Crypto.com is one of the most popular trading platforms in the United States. We’d like Crypto.com to provide us with more information about this.

Related article | Largest DeFi Hack Yet? BadgerDAO Hack Results In Loss Of $120M+

Source

Tagged : / / / / /
Bitcoin (BTC) $ 38,793.39 1.17%
Ethereum (ETH) $ 2,105.70 0.89%
Litecoin (LTC) $ 71.66 1.03%
Bitcoin Cash (BCH) $ 227.24 1.60%