Lưu trữ cho từ khóa: Сrypto hack

DeFi

Post-mortem reveals stealthy malware injection led to $50m Radiant Capital exploit

Để lại phản hồi

Radiant Capital attackers used malware to hijack developer wallets and swipe over $50 million in assets.

According to Radiant Capital’s post-mortem report, the attack on Oct. 16, 2024, which led to losses upwards of $50 million, was “one of the most sophisticated hacks ever recorded in DeFi.”

The attackers compromised the hardware wallets of at least three Radiant developers through a sophisticated malware injection, though it is believed that more devices may have been targeted. 

The malware manipulated the front-end interface of Safe{Wallet} (formerly known as Gnosis Safe), displaying legitimate transaction data to the developers while executing malicious transactions in the background. 

The attack was executed during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to changing market conditions. Despite multiple layers of verification through Tenderly simulations and manual reviews, no anomalies were detected during the signing process, the report added.

The attackers took advantage of Safe App transaction resubmissions, a common occurrence due to issues like gas price fluctuations or network congestion. By mimicking these routine errors, the attackers collected multiple compromised signatures unnoticed, eventually signing the “transferOwnership” function, which transferred control of Radiant’s lending pools to the attackers.

The breach affected Binance Smart Chain (BSC) and Arbitrum, with the attackers using these signatures to alter smart contracts, specifically exploiting the transferFrom function as previously reported by Web3 security firm De.Fi. This allowed them to drain assets from users who had granted approval to the lending pools.

Further, the report added that many protocols might be at risk and suggested several preventative measures. These include implementing multi-layer signature verification, using an independent device for verifying transaction data, avoiding blind signing for critical transactions, and setting up error-triggered audits to catch potential issues before signing.

In an Oct. 18 X post, Independent programmer Daniel Von Fange noted that the attackers were still draining any assets being transferred to the compromised wallets and advised users to quickly revoke any approvals they had given to the affected contracts to avoid further losses.

Post-hack measures

Radiant Capital has since paused its lending markets on BNB Chain and Arbitrum. In an Oct. 17 X post, Radiant confirmed it was working with several cybersecurity firms, including SEAL911, Hypernative, and Chainalysis, to investigate the incident and recover the stolen assets.

The lending protocol’s immediate preventive measures include generating fresh cold wallet addresses using uncompromised devices for each member of the Safe, reducing the number of signers to 7, and increasing the signing threshold to 4 out of 7. Further, contributors will also double-confirm transaction data for each transaction using the input data decoder on Etherscan to ensure added accuracy before signing.

The company is also working with U.S. law enforcement agencies to freeze the stolen funds and trace the attackers while collaborating with ZeroShadow to analyze the digital footprint left by the exploiters.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

DeFi exchange Ambient Finance recovers domain after DNS attack

Để lại phản hồi

DeFi platform Ambient Finance regained control of its website after hackers commandeered its domain.

Ambient Finance became the latest decentralized finance protocol to face a series of front-end attacks launched by unknown cybercriminals. On Oct. 17, Ambient notified its decentralized exchange users of a Domain Name System issue with its website.

DNS exploits occur when hackers compromise a platform’s domain registrar credentials, often aiming to steal assets and funds by embedding malicious links into the website.

Ambient Finance reassured users that its smart contracts and on-chain infrastructure remained secure from attackers. However, the DEX warned users against visiting the website or signing any transactions until further notice to safeguard user assets.

Two hours after the problem was first reported, Ambient Finance announced on X that the issue had been resolved and its DNS was in the process of being repaired.

We have recovered the domain, and DNS is updating now. Since DNS propagation takes time, users should wait for the all-clear before interacting with the front-end site.  Contracts and funds are safe and unaffected.

Ambient Finance on X

A surge of cyberattacks has plagued DeFi and crypto protocols in recent months, indicating that security concerns persist despite growth in the on-chain sector.

In September, Ethereum-based automated market maker Balancer confirmed a front-end incident caused by a social engineering attack. Several DeFi platforms lost control over domains and websites in a July DNS siege. Ethena Labs was forced to temporarily halt its website last month, noting issues with its website.

While cybercriminals were on the prowl, on-chain users continued flocking to blockchain services and cryptocurrency protocols. DeFi remains popular as crypto usage explodes in 2024, a report from Andreessen Horowitz stated on Oct. 16.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Công nghệ

Cosmos Hub’s Liquid Staking Module under scrutiny following DPRK ties

Để lại phản hồi

Concerns over the security of Cosmos Hub’s Liquid Staking Module have intensified following revelations that North Korean agents allegedly played a key role in its development.

Blockchain development firm All in Bits has issued a stark warning to the Cosmos community regarding the integrity of its Liquidity Staking Module, a solution that allowed for (ATOM) staked with validators to convert into liquid staked ATOM tokens.

In an X post on Oct. 16, All in Bits warned that contributions from developers allegedly linked to North Korea were made at the very beginning of the LSM’s development, raising alarms about potential vulnerabilities embedded in the system.

A timeline of events highlights critical oversights during the LSM’s development. In July 2022, an audit by Oak Security identified severe vulnerabilities, including mechanisms allowing stakers to evade slashing penalties. Alarmingly, the same North Korean developers were tasked with addressing these issues, All in Bits added, arguing compromised the integrity of the remediation process.

A year later, the FBI warned Zaki Manian, a lead figure in the LSM’s development, about DPRK’s involvement, All in Bits said, adding that “despite notification from FBI, Zaki promotes LSM as ‘finished’ and without disclosure to the Cosmos Hub community and pushes the LSM Signaling Proposal on chain.”

“This breach undermines Cosmos Hub’s security and integrity. AtomOne remains committed to these principles.”

All in Bits

Analysts at the blockchain development firm called for immediate action from the Cosmos governance community, including a comprehensive audit of the LSM and the establishment of stricter security protocols for future code contributions.

The heightened scrutiny of the LSM comes against a backdrop of increasing alerts from the FBI regarding North Korean hackers aggressively targeting employees in the crypto and decentralized finance sectors. Per the bureau, cybercriminals utilize sophisticated social engineering tactics designed to deceive even the most technically proficient individuals, emphasizing the critical need for robust security measures in the blockchain space.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Altcoin

Crypto VC fund-tied entity loses $36m by signing phishing permit transaction: report

Để lại phản hồi

An entity reportedly linked to a cryptocurrency venture capital fund has lost over $35 million in tokens due to a malicious permit transaction.

An unidentified on-chain entity has suffered a staggering loss of wrapped Ethereum (ETH) tokens valued at $36 million after inadvertently signing a malicious transaction.

In an X post on Friday, Oct. 11, blockchain monitoring account Lookonchain reported that the entity, believed to be associated with the crypto venture capital fund Continue Capital, lost 15,079 fwDETH — wrapped ETH tokens on Blast’s chain — due to a “permit” phishing signature. As of press time, Continue Capital made no public statements on the matter.

Following the news, the price of fwDETH plummeted by more than 95% in its trading pair with fwWETH before rebounding to a 40% decline. An X user under the alias @roffett_eth pointed out that the price drop led to “attacks on protocols like PAC Finance and Orbit Finance,” though the extent of these attacks remains unclear. Neither project has commented on the situation as of this writing.

Phishing attacks in the cryptocurrency sector are becoming increasingly sophisticated, often disguised as legitimate requests for user permissions. In this case, the victim appears to have fallen victim to a tactic that exploits user trust in digital signatures, underscoring the persistent risks within the crypto landscape.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Bitcoin

Bitfinex could be ‘sole victim’ of 2016 hack, US government says

Để lại phản hồi

A U.S. government filing indicates Bitfinex could be the sole entity eligible for restitution from the massive 2016 Bitcoin theft.

The filing by the U.S. government has confirmed that Bitfinex could be the sole victim eligible for restitution concerning the notorious 2016 hack that resulted in the theft of approximately 120,000 Bitcoin (BTC), now valued at $7.4 billion.

According to the court documents, the U.S. Attorney for the District of Columbia stated, “The government is not aware of any person who qualifies as a victim under the Crime Victims’ Rights Act or for restitution under the Mandatory Victims Restitution Act, beyond perhaps Bitfinex.” 

This statement puts Bitfinex as the primary entity affected by the cyberattack, which has left individual account holders without recourse for claims against the seized assets. 

“According to information provided by counsel for iFinex, iFinex believes that it is the sole
victim with sustained financial losses from the hack,” the document read.

The filing indicates that restitution efforts will likely focus solely on Bitfinex, which has already engaged with law enforcement to recover stolen assets.

Following this news, the exchange’s LEO (LEO) token jumped over 50% to over $8.

The 2016 Bitfinex hack 

The hackers — Ilya Lichtenstein and Heather Morgan — reportedly infiltrated Bitfinex’s systems and executed over 2,000 unauthorized transactions.

Following the hack, the exchange compensated users with BFX tokens, allowing them to redeem or convert these into equity shares of its parent company, iFinex. By April 2017, all BFX tokens had been redeemed, demonstrating Bitfinex’s commitment to user recovery.

In February 2022, U.S. authorities seized 94,643 BTC associated with the hack, valued at approximately $3.6 billion at that time. These funds are now worth around $5.8 billion and are poised for potential return to Bitfinex.

Ilya Lichtenstein confessed to laundering $4.5 billion in stolen Bitcoin from the 2016 Bitfinex hack. Despite skepticism about the ability to execute such a crime, blockchain records linked Bitfinex and Lichtenstein’s wallet.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Altcoin

Phishing attacks, private key leaks resulted in $668m stolen in Q3: CertiK

Để lại phản hồi

In Q3, threat actors stole over $750 million worth of cryptocurrency across 150+ security incidents, marking a 9.5% increase in value lost despite 27 fewer incidents compared to Q2.

Phishing attacks and private key compromises were significant contributors to over $750 million in cryptocurrency thefts during Q3, according to data from blockchain analytics firm CertiK. Despite a decline in the total number of security incidents to more than 150, the total value lost increased by 9.5% compared to the previous quarter.

Per CertiK’s estimates, hackers have now stolen nearly $2 billion in 2024 alone, with the data showing $505.5 million lost across 224 attacks in Q1 and $687.5 million in Q2. In Q3, phishing emerged as the most damaging attack vector, with nearly $343.1 million stolen across 65 incidents.

“These attacks typically involve bad actors posing as legitimate entities to trick users into revealing sensitive information, such as login credentials.”

CertiK

Private key compromises ranked as the second most costly attack vector, resulting in $324.4 million stolen across 10 incidents. Together, these two vectors accounted for $668 million in losses, while additional security incidents in Q3 involved code vulnerabilities, reentrancy events, and price manipulation, highlighting the urgent need for improved security protocols in the decentralized finance sector.

CertiK notes that Ethereum (ETH) remained the most targeted blockchain, with $387.9 million stolen in 86 incidents, significantly outpacing Bitcoin (BTC), which was also heavily targeted. As hackers continue to evolve their tactics, the blockchain firm says the crypto industry must prioritize user education and advanced security measures to protect assets.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Altcoin

Crypto losses to hacks surpass $120m in September, PeckShield says

Để lại phản hồi

Crypto hacks in September resulted in over $120 million in losses, with the top incidents targeting platforms like BingX, Penpie, and Indodax.

The crypto space has surpassed more than $120 million in losses in September due to more than 20 hacks, down 61.76% from August, according to data from blockchain forensic firm PeckShield.

In an X post on Oct. 1, PeckShield reported that BingX, a Singapore-based cryptocurrency exchange, was hit the hardest with over $40 million in losses, followed by Penpie at $27 million, and Indodax, which lost over $21 million. Other incidents included DeltaPrime, which saw $5.98 million stolen, and Truflation with $5.6 million in losses.

A phishing attack targeting $spWETH signatures resulted in an additional $32.4 million drain, though these figures were excluded from the overall tally. Partial funds were returned in the Shezmu hack, which saw $4.9 million stolen. Smaller hacks also impacted Onyx, BananaGun, Bedrock, and CUT, with losses ranging from $1.4 million to $3.8 million.

Over $400m lost in Q3

Despite the significant losses, the overall damage from crypto hacks was markedly lower compared to August, when the industry lost over $300 million worth of crypto in just 10 different incidents. In total, the crypto space saw a loss of nearly $413 million in Q3, per the latest report from web3 bug bounty platform Immunefi.

Data reveals that more than $409.9 million was lost to hacks across 31 specific incidents, and $3,087,552 was lost to fraud across only three specific incidents. Most of that sum was lost by two specific projects: WazirX, India’s crypto exchange, which suffered an attack that resulted in $235,000,000 lost, and BingX.

Analysts at Immunefi say that centralized finance was the main target of successful exploits at nearly 75% as compared to decentralized finance at 25.2% of the total losses. The most attacked blockchain network was Ethereum, with 15 incidents, followed by BNB Chain (formerly Binance Smart Chain) and Coinbase’s network Base.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Altcoin

Crypto exchange BingX suffers hacker attack, losses surpass $40m

Để lại phản hồi

BingX has temporarily suspended withdrawals following a suspected hacker attack on its hot wallet, with blockchain analysts estimating losses exceeding $40 million.

Singapore-headquartered crypto exchange BingX has paused withdrawals after detecting a suspected hacker attack on its hot wallet, with blockchain analysts estimating losses surpassing tens of millions of dollars.

In an X post on Sept. 20, BingX’s chief product officer Vivien Lin said that the breach occurred at around 4 a.m. Singapore time on Sept 20, prompting the company to launch an “emergency plan.”

Per Lin, the exchange transferred its assets to secure locations, adding that the loss is still being calculated but reassured users that most assets are stored in cold wallets, which were not impacted by the attack. While the exact scale of the hack was not revealed, Lin says there was a “minor asset loss.”

“There has been minor asset loss, but the amount is small and still being calculated.”

Vivien Lin

Blockchain forensic firm PeckShield, however, suggested that the breach may be more significant, estimating that roughly $26.68 million in assets, including Ethereum (ETH) and Binance Coin (BNB), had already been moved by the hacker. An additional $16.5 million was reportedly drained from the platform soon after. Analysts traced the stolen funds to two wallet addresses and estimate the total loss to be over $43 million.

Lin emphasized that BingX would “fully compensate” for any losses using its own capital and expects withdrawals to resume within 24 hours. The company stressed that trading services are functioning as usual and that user funds remain secure under its layered asset management system.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

Altcoin

Coinbase’s Base smart contracts contain over 34k vulnerabilities, data shows

Để lại phản hồi

Base network saw over 34,000 high-risk vulnerabilities in its smart contracts, including malicious boolean checks and library tampering, according to new data.

Blockchain networks face growing security challenges as malicious actors exploit vulnerabilities in smart contracts, with Coinbase’s Base network leading in high-risk detections.

According to data from Trugard Labs, which identified risks using its Xcalibur tool, Base accounted for more than 34,000 high-risk detections in its smart contracts during August.

The Coinbase-incubated network was particularly susceptible to Digital Signature issues, with nearly 22,000 detections related to tampering in standard libraries like SafeMath. Malicious boolean checks on token transfers also posed significant risks, with over 6,300 instances identified on Base. These checks could block or manipulate token transfers, presenting a key vulnerability.

High risks identified across blockchains in August | Source: Trugard

Web2 hackers turn to web3

Trugard Labs identified several other major threats across the Base network, including unauthorized token burns, balance updates, and controlled minting attacks. Hidden balance updates and minting manipulations were also detected across Ethereum and BNB Chain (formerly Binance Smart Chain, BSC), though in smaller numbers.

Cross-chain comparison Top by risk share | Source: Trugard

The surge in malicious activity on Base underscores the vulnerability of protocols deployed on the network to exploitation, as cybercriminal groups that once operated in web2 “have now shifted focus to the burgeoning web3 ecosystem,” analysts at Trugard say.

As the decentralized finance sector grows, so does its appeal to threat actors. In the past, web2 criminals specialized in phishing, ransomware, and exploiting vulnerabilities in centralized systems. Trugard says those same tactics are now being adapted to exploit “vulnerabilities in smart contracts, decentralized finance protocols, and blockchain networks.”

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News