Lưu trữ cho từ khóa: Сrypto hack

DeFi

Ethena Labs halts website after frontend hack

Để lại phản hồi

Hackers attacked synthetic dollar issuer Ethena, but the protocol said its core blockchain infrastructure remained uncompromised.

On Sept. 18, bad actors successfully breached the website of decentralized finance service provider Ethena Labs (ENA). The team’s alert explained that only its frontend UI was impacted, and funds were neither at risk nor drained.

As of this writing, attempts by crypto.news to ascertain how hackers accessed the project’s website management console have gone unanswered. Users were advised to avoid links tied to the project and disconnect wallets until further notice.

Ethena is one of the largest synthetic dollar operators in DeFi. Its collateralized, dollar-tied token has a $2.6 billion supply, most of which is issued on Ethereum (ETH), per DefiLlama. However, a new player could challenge the protocol’s market share in the coming months. Crypto market maker DWF Labs said work on its synthetic dollar offering progressed before the design stage.

Hackers target Ethena and DeFi

Ethena and several other DeFi protocols have been subject to compromises across different layers. In some cases, hackers attacked on-chain endpoints and exploited smart contract bugs to steal funds.

Conversely, bad actors have increasingly targeted web2 services employed by web3 startups. Like Ethena’s domain registrar, criminals also attacked websites owned by Celer Network and Compound Finance in July.

The most common attack often involves launching phishing campaigns through hijacked X pages. Earlier this month, hackers gained access to social media accounts managed by layer-1 blockchain Near Protocol (NEAR) and Trump family members, to name a few.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

1inch launches Fusion+ upgrade for its cross-chain swaps

Để lại phản hồi

Decentralized exchange 1inch has introduced a new upgrade that allows users to swap their crypto assets without giving up custody.

According to a Sept. 18 announcement, 1inch has deployed the next iteration of its 2022 Fusion upgrade for its Swap Engine known as Fusion+. 

The new feature lets users swap cryptocurrencies across multiple blockchain networks but lets them retain full self-custody of their tokens. Further, it pools both on-chain and off-chain liquidity “to deliver convenient and secure swaps,” and will also offer “built-in protection” against maximal extractable value attacks.

Fusion+ is powered by atomic swap technology, ensuring cross-chain transactions remain secure, trustless, and efficient, while avoiding the vulnerabilities associated with traditional cross-chain bridges.

How it works

An Atomic swap is the process of exchanging cryptocurrencies between two different blockchains without the need for a trusted third-party intermediary, such as an exchange. The term “atomic” refers to the idea that the transaction either happens in its entirety or not at all.

Fusion+ leverages this “all-or-nothing” principle, meaning if any part of the transaction fails to meet the conditions or is incomplete, the assets are automatically returned to their original owners.

Further, the process is governed by smart contracts, which automatically enforce the terms of the swap. These contracts ensure that all preconditions, such as time limits or asset amounts, are met by both parties.

The swap process starts with a user sharing their order details with resolvers, who are professional traders who compete to execute swaps at the best rates through a Dutch auction model. 

The resolver then locks the user’s tokens into an escrow contract and deposits the corresponding amount of the other token into a separate escrow contract, with both contracts containing the same secret hash and conditions. 

Once both contracts are active on-chain, both parties reveal the cryptographic secret, the tokens are swapped, and the user receives the new asset. If either party fails to meet the set conditions, the assets are returned to the respective owners.

1inch initially disclosed its plans to introduce Fusion+ in a Sept. 12 blog where it cited issues like the security risks of centralized cross-chain bridges, inefficiencies in decentralized solutions, and the complexity of current cross-chain processes.

In related news, the DEX funded a crowd-testing platform earlier this year that allows beta testing of web3 products. 

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

Near Protocol’s X page hacked, again

Để lại phản hồi

Near Protocol’s X page was apparently breached by hackers who seemed uninterested in promoting sham airdrops or rug pulls.

On Sept. 4, bizarre posts were seen published from the X account of layer-1 proof-of-stake blockchain, Near protocol (NEAR). 

Account hijacks like this are common in cryptocurrency, with bad actors often targeting decentralized finance protocols. Typically, hackers leverage compromised access to launch phishing campaigns and steal funds.

However, the Near Protocol hacker deviated from this pattern, instead posting a series of anti-crypto messages aimed at crypto users and the heart of web3.

Delete your X account, go outside, and pick a normal life, you manlets. There is 0 good to come of this. Trust me.

Unknown Near Protocol hacker

At the time of writing, unknown individuals still controlled Near’s X page and continued to criticize the $2 trillion cryptocurrency ecosystem and its underlying blockchain industry. This marks the second time the L1’s X account has been hacked this year, following a previous incident in May.

Near Protocol hacked on Sept. 4 | Source: X

While seemingly different from other breaches, Near Protocol ranked among a growing list of DeFi and crypto-related projects that have suffered hacks.

According to crypto.news, X accounts belonging to members of the Trump family were recently used in a scam promoting a Solana-based (SOL) memecoin. In late August, football star Kylian Mbappe’s likeness was used to steal over $1 million from crypto traders.

Hackers have also hijacked accounts owned by heavy metal band Metallica, Frax Finance founder Sam Kazemian, and pseudonymous crypto trader GCR.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

H1 2024 sees $630m in crypto losses, exchanges take biggest hit

Để lại phản hồi

Crypto losses nearly reached $630 million in the first half of 2024, with centralized exchanges hit hardest, according to Cyvers.

The crypto market experienced a surge in losses, totaling over $629 million in the first half of 2024, doubling the amount from the previous year, as reported by analytical firm Cyvers. In an X post on Aug. 22, the firm highlighted that centralized exchanges were the primary targets, marking a significant shift in cyberattack focus.

.

https://twitter.com/CyversAlerts/status/1826603243868233899

One of the most significant incidents occurred in May when over $300 million was stolen from DMM Bitcoin, one of Japan’s largest crypto exchanges, due to a compromised private key. Analysts at Cyvers emphasized the “urgent need for robust key management” following this breach. Improper access control was identified as the leading cause of hacks in Q2 2024, particularly affecting centralized exchanges.

Crypto recovery improves amid evolving threats

Despite the increase in losses, fund recovery efforts improved by 42% year-over-year in Q2 2024, driven by proactive measures and rapid response strategies. However, Cyvers warned that the threat landscape is still evolving, with “address poisoning, oracle manipulation, and cross-chain attacks becoming more common.”

While centralized exchanges took the largest hit, decentralized finance protocols also faced considerable risks. The blockchain forensic firm stressed the importance of real-time protection and monitoring to prevent further losses. Looking ahead, Cyvers cautioned about the rise of more sophisticated contract exploits, artificial intelligence-driven attacks, and threats to layer-2 protocols, urging the crypto community to remain vigilant and secure their assets.

Earlier in August, analysts from another blockchain analytics firm PeckShield reported that the crypto sector experienced a series of major attacks in July, resulting in losses of around $266 million. The largest breach involved WazirX, one of India’s biggest cryptocurrency exchanges, which lost $230 million in a sophisticated attack allegedly carried out by North Korean hackers, leading to a temporary pause in withdrawals.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

Whale loses over $55m in DAI stablecoin to phishing attack

Để lại phản hồi

A whale address lost a substantial amount of DAI tokens to a phishing attack after carelessly signing a fraudulent transaction.

On-chain data confirms that the losses amounted to a whopping $55.47 million in Dai (DAI). According to an X post by Lookonchain, the whale’s funds were stored in Maker, a decentralized finance protocol built on Ethereum.

However, after signing the fraudulent transaction, the ownership of these funds was altered, allowing the attacker to take full control of the DAI tokens in the wallet. When the whale tried to withdraw the funds, the transaction failed due to the unintended change in ownership. The hacker then swiftly moved the stolen DAI tokens to a newly created address

Through this address, the attacker has since been converting the tokens to Ethereum (ETH) and rerouting them to other wallets. So far, the hacker swapped 27.5 million DAI for approximately 10,625 ETH, ultimately moving most of the funds to CoW, a trading protocol.

Phishing attacks have become increasingly common in the crypto scene. In June, a MakerDAO delegate lost $11 million in various tokens, including USDe, to a similar scam. In May, an NFT trader lost over $145,000 in Bored Ape Yacht Club collectibles, while another investor saw $101,000 in multiple cryptocurrencies vanish due to phishing.

Recent Chainalysis research confirms that since May 2021, approval attacks have accounted for an astonishing $2.7 billion in stolen assets. Previous reports also revealed that victims lost over $46 million to phishing attacks in February this year.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

DeFi

Illicit crypto activity drops 20%, but stolen funds surge, Chainalysis says

Để lại phản hồi

Analysts at Chainalysis say illicit blockchain activity has dropped nearly 20% YTD, yet stolen funds and ransomware inflows continue to rise.

Illicit crypto activity has declined nearly 20% year-to-date, a positive sign for the growing legitimacy of the sector, according to a mid-year report from blockchain analytics firm Chainalysis.

Despite the decline, there are still concerning trends in specific types of cybercrime, the firm noted, saying that funds stolen in crypto heists nearly doubled to $1.58 billion and ransomware inflows rose by 2% to $459.8 million in the first half of 2024.

Hacking activity since January 2024 | Source: Chainalysis

Chainalysis attributes the surge in stolen funds to a resurgence in attacks on centralized exchanges, pausing a trend where hackers had focused on decentralized finance. The New York-headquartered firm noted that while the overall number of hacking incidents has only “marginally outpaced” that of 2023, the average value stolen per event has soared by nearly 80% in 2024, driven partly by rising crypto prices.

“The average amount of value compromised per event has increased by 79.46%, rising from $5.9M per event from January to July of 2023 to $10.6M per event thus far in 2024, based on the value of the assets at the time of theft.”

Chainalysis

Ransomware also continues to be a persistent threat, with 2024 on track to surpass last year’s record $1 billion in ransom payments. Chainalysis says 2024 has seen the largest ransomware payment ever recorded at approximately $75 million to the Dark Angels ransomware group.

Maximum ransom payment by year | Source: Chainalysis

The ransomware landscape has fragmented somewhat following law enforcement actions against major players like ALPHV/BlackCat and LockBit. However, some affiliates have migrated to less effective strains or launched new ones, increasingly targeting “larger businesses,” according to the report.

Chainalysis cautions that while the overall decline in illicit activity is encouraging, the continued rise in stolen funds and ransomware payments underscores the evolving tactics of cybercriminals.

Elephant in the room

Centralized crypto exchanges are not only frequent targets for hackers but also play a significant role in laundering stolen assets. Chainalysis previously found that trading platforms have received nearly $100 billion worth of crypto from known illicit addresses since 2019, pointing to a troubling lack of international cooperation on anti-money laundering efforts.

According to the firm, nearly 30% of all crypto from illicit addresses eventually ends up at sanctioned services, including the Russian exchange Garantex. The peak was in 2022, when $30 billion of “dirty crypto” interacted with such services, underscoring the persistent challenges in combating crypto-based money laundering.

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News