1. Home
  2. attacker

attacker

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week

Coin Telegraph
Friend.tech users blame SIM swaps after more than 100 ETH drained in a week
attack

In a short period of time, four friend.tech users reported their accounts were compromised and drained after hackers seized control of their mobile numbers.

Friend.tech users are warning of possible SIM-swap attacks after a recent spate of supposed hacks resulting in nearly 109 Ether (ETH) worth around $178,000 being drained from four users in under a week.

On Sept. 30, the X (formerly Twitter) user known as “froggie.eth” warned their Friend.tech account was SIM-swapped — where exploiters gain control of a user’s mobile number to intercept two-factor authentication codes, then used to access accounts — and subsequently drained of over 20 ETH.

Days later, on Oct. 3, a string of Friend.tech users reported similar incidents, with musician Daren Broxmeyer saying he was SIM-swapped and drained of 22 ETH.

His phone was earlier “spammed with phone calls,” which he believed was to force him to miss a text from his service provider warning him that someone was trying to access his account.

The same day another user, “dipper,” also said their account was compromised, adding they have “no idea” how exploiters could hack their account, as they use strong passwords.

The fourth user, “digging4doge,” was drained of around 60 ETH after falling for a phishing scam that tricked them into sharing a login code.

Crypto investment firm Manifold Trading explained that any hacker gaining access to a Friend.tech account is then able to “rug the whole account.”

Assuming that a third of Friend.tech accounts are connected to phone numbers, around $20 million is at risk of being exploited through Friend.tech user-focused exploits, they said.

Related: Friend.tech look-alike ‘Alpha’ emerges on Bitcoin network

Manifold also suggested that, technically, all of Friend.tech is at risk due to how the platform’s security is set up, and solving the issues “should honestly be the number 1 priority.”

Manifold suggested Friend.tech allow users to add 2FA to logins, key decryptions and transactions.

Users should also be given the option to change the login method from a number to email and allow for third-party wallets to be used.

High-profile crypto figures have previously been successfully SIM-swapped, with their accounts used to carry out phishing attacks, such as Ethereum co-founder Vitalik Buterin’s X account in September.

Cointelegraph contacted Friend.tech for comment but did not immediately receive a response.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis

Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

On the move: FTX hacker splits nearly $200M in ETH across 12 wallets

Coin Telegraph
On the move: FTX hacker splits nearly 0M in ETH across 12 wallets
attacker

Meanwhile, Ethereum users are sending encoded messages to the FTX hacker pleading for a share of funds.

The hacker behind the theft of more than $447 million of crypto from the crypto exchange FTX has been again spotted moving their ill-gotten funds. 

According to Etherscan data, between 4:11 to 4:17 pm UTC on November 21, the attacker moved a total of 180,000 Ether (ETH) across 12 newly created wallets — each receiving 15,000 ETH. The total amount moved totaled $199.3 million at current prices.

Recent transactions from wallet labeled "FTX Accounts Drainer" — Source: Etherscan

At the time of publication, the ETH has not moved from any of the 12 wallets.

Some in the crypto community suggest the attacker may be planning to subdivide it into smaller and smaller amounts in order to confuse investigators, a process known as “peel chaining,” or they may be planning to use a mixing service at some point to obscure which coins are theirs.

Meanwhile, some Ethereum users appear to have sent coded messages to the hacker asking for a share of the loot.

One user registered the Ethereum Name Service (ENS) domain name, “ftx-rekt200k-pls-help.eth” to express that they have lost money from the FTX collapse and to ask for a reimbursement from the hacker.

They sent 21 transactions of 0.000001 Ether to the hacker’s address in an attempt to get noticed.

Another user was even more creative. They registered the ENS domain, “pleasecheckutf8data.eth” and sent 12 transactions of 0.0001 ETH or less to the hacker’s wallet address.

An encoded message asking the FTX Accounts Drainer for a share of funds. Source: Etherscan

Inside each transaction was a UTF8 encoded message that said “Please send me 100k~, I have medical bills to pay and visit the USA this coming December. I can't walk properly, and have aggressive muscle issues. Please help! I lost most of my money on FTX.”

The message also contained a link to an Imgur post which the user claimed was proof of their medical appointment.

Related: FTX hacker dumps 50,000 ETH, still among top 40 Ether holders

The hack occurred on Nov. 11, the same day that FTX filed for chapter 11 bankruptcy protection.

On November 20, the attacker transferred 50,000 ETH to a separate wallet and then converted it to Bitcoin using two separate renBTC bridges.

As of today, the hacker is the 40th largest holder of ETH.

Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Moola Market attacker returns most of $9M looted for $500K bounty

Coin Telegraph
Moola Market attacker returns most of M looted for 0K bounty
attacker

The attacker has scored about a half-million dollar “bug bounty” after choosing to return a majority of the cryptocurrency they exploited from the Celo-based lending protocol.

An attacker has returned just over 93% of the more than $9 million worth of cryptocurrencies they exploited from the Celo (CELO) blockchain-based decentralized finance (DeFi) lending protocol Moola Market.

At around 6PM UTC on Oct. 18 the Moola Market team tweeted it was investigating an incident and had paused all activity, adding it had contacted authorities and offered a bug bounty to the exploiter if funds were returned within 24 hours.

Analysis of the exploit by Web3 security company Hacken shows the attacker manipulated the price of the protocols’ low-liquidity native MOO token by initially purchasing around $45,000 worth and depositing it as collateral to borrow CELO.

The borrowed CELO, along with further CELO provided by the attacker, was then used as collateral to borrow more MOO, driving up the token’s price. The attacker continued repeating this until the MOO token price had increased by 6,400%.

With the inflated token price, the attacker was able to borrow $6.6 million worth of CELO, $1.2 million of MOO, along with $740,000 of Cello Euros (cEUR) and $644,000 Celo Dollars (cUSD) all worth multiples more than their initial posted collateral resulting in the protocol's loss of around $9.1 million.

Five hours after the initial confirmation of the exploit, Moola Market tweeted it had received just over 93% of the funds exploited, with the attacker seemingly keeping the rest making around $500,000 as a bug bounty.

Moola Market did not immediately respond to Cointelegraph’s request for comment.

The attack draws similarities to the $117 million exploit suffered by Mango Markets on Oct. 11 in which Avraham Eisenberg and his team manipulated the price of the Solana (SOL)-based DeFi protocols’ native token to borrow cryptocurrencies with an undercollateralized backing. Eisenberg negotiated to keep $47 million as a “bounty.”

Related: BNB Chain responds with next steps for cross-chain security after network exploit

Multi-chain cryptocurrency wallet BitKeep also suffered an exploit late on Oct. 17 with an attacker making off with $1 million worth of Binance Coin (BNB) through a service used to swap tokens, BitKeep says it will fully reimburse any affected users.

The attacks are the latest in a series of exploits to have taken place in October which has also shaped up to be the biggest month ever for hacking activity with the total hacked value reaching around $718 million up until Oct. 12 according to analytics firm Chanalysis.

Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Crema Finance Hacker Negotiates With Defi Project’s Team, Returns $8 Million in ETH and SOL

Bitcoin.com
Crema Finance Hacker Negotiates With Defi Project’s Team, Returns Million in ETH and SOL
$8.7 million
Crema Finance Hacker Negotiates With Defi Project’s Team, Returns Million in ETH and SOLFollowing the hack on July 2, 2022, the team behind the decentralized finance (defi) protocol Crema Finance detailed that after some negotiation, the hacker returned roughly $8 million in crypto assets. According to the team, the hacker agreed to take a white hat bounty worth 45,455 solana. Hacker Returns $8 Million in Crypto to Crema […]
Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Exploit Forces Crema Finance to Temporarily Suspend Services, $8.7 Million Stolen

Bitcoin.com
Exploit Forces Crema Finance to Temporarily Suspend Services, .7 Million Stolen
$8.7 million
Exploit Forces Crema Finance to Temporarily Suspend Services, .7 Million StolenAccording to the decentralized finance (defi) protocol Crema Finance, the application was hacked on July 2, 2022. A Twitter account called “Solanafm” says the defi protocol lost around $8.7 million from the attack. Crema Finance Vulnerability Causes Defi App to Lose Millions — 6 Flashloans Executed Another defi protocol has lost funds to a hacker […]
Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing Scams

Bitcoin.com
Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing Scams
attacker
Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing ScamsOn June 4, 2022, the Bored Ape Yacht Club (BAYC) Discord server was compromised and a phishing scam targeted non-fungible token (NFT) collectors holding BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFTs. According to an analysis by the Web3 and blockchain auditing and security firm Certik, the BAYC Discord server attacker may have been […]
Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Anonymous Allegedly Hacks Sberbank, Russia’s Largest Bank

Bitcoin.com
Anonymous Allegedly Hacks Sberbank, Russia’s Largest Bank
addresses
Anonymous Allegedly Hacks Sberbank, Russia’s Largest BankHacktivist collective Anonymous has allegedly breached the systems of one of the largest financial institutions in Russia, Sberbank. The attackers announced on social media they have published thousands of emails, phone numbers, and addresses. Anonymous Hackers Reportedly Gain Access to Sberbank Database Decentralized hacking group Anonymous claims to have hacked Sberbank. A Twitter account associated […]
Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct

Coin Telegraph
Hacker bungles DeFi exploit: Leaves stolen M in contract set to self destruct
attacker

A hacker apparently so thrilled by a successful theft left behind over $1 million in a smart contract that was set to destruct, permanently ensuring the crypto could never be moved.

In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto.

Just after 8AM UTC on Thursday April 21st, blockchain security and analytics firm BlockSec shared it had detected an attack on a little known DeFi lending protocol called Zeed, which styles itself a “decentralized financial integrated ecosystem”.

The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens which were then sold, crashing the price to zero, but netting just over $1 million for the exploiter.

Blockchain analytics firm PeckShield noted the stolen crypto was transferred to an “attack contract”, a smart contract which automatically and quickly executes the found exploit.

However the attacker was apparently so excited by their successful heist that they forgot to transfer over $1 million worth of stolen crypto out of their attack contract before they set it to self-destruct, permanently and irreversibly ensuring the funds can never be moved.

Using a blockchain scanner to view the attack contract address shows that $1,041,237.57 worth of BSC-USD Binance-Peg token is forever stuck in the contract and the successful self-destruction of the contract was confirmed at 7:15AM UTC on April 21.

Related: Truth or fiction? Popular former hacker claims to have $7B in BTC

It's one of the more bizarre turns of events since the Polygon hacker did an “Ask Me Anything” using embedded messages on Ethereum(ETH) transactions after stealing $612 million from the protocol in August 2021. The question and answer session revealed the attacker hacked “for fun” and thought “cross-chain hacking is hot.”

This latest hack is on the smaller end regarding the amount stolen, and other DeFi protocol hacks have seen hundreds of millions siphoned off as with the recent Ronin bridge hack where attackers made off with over $600 million.

Other notable DeFi exploits include the $80 million worth of crypto stolen from Qubit Finance in January where attackers tricked the protocol into believing they had deposited collateral, allowing them to mint an asset representing a bridged crypto.

DeFi marketplace Deus Finance was exploited in March when hackers manipulated the price feed of a pair of stablecoins resulting in the insolvency of user funds, netting the hackers over $3 million.

Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Attacker Hacks Arbitrum’s Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit

Bitcoin.com
Attacker Hacks Arbitrum’s Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit
100 NFTs
Attacker Hacks Arbitrum’s Treasure DAO for Over 100 NFTs by Leveraging Marketplace ExploitA non-fungible token market platform built on top of Arbitrum called Treasure DAO was hacked on March 3 at 7:33 a.m. (EST), according to a post mortem analysis authored by the security-focused firm Certik. The company’s report notes that “over 100 NFTs were stolen in the attack,” as the attacker leveraged a vulnerability in the […]
Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Jump Crypto Replaces $320 Million in Ethereum Taken From Wormhole Exploit

Bitcoin.com
Jump Crypto Replaces 0 Million in Ethereum Taken From Wormhole Exploit
Analysis
Jump Crypto Replaces 0 Million in Ethereum Taken From Wormhole ExploitOn February 2, 2022, the Wormhole Network’s ethereum ↔ solana bridge was exploited for 120,000 WETH (wrapped ethereum) worth $320 million and the following day, the team explained that “all funds have been restored and Wormhole is back up.” The team has also said a “detailed incident report” will be published soon. Wormhole Network Returns, […]
Read more
Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

Beyond Stablecoins: USDT-Issuer Tether Announces New Distinct Business Divisions

WordPress Theme by cactus.com
Close

Share this video