Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack

May 17, 2024 Coin Telegraph

Alex Labs freezes .9M of exploited funds sent to CEXs after hack

alex bridge

The team behind the Bitcoin layer-2 developer has successfully frozen some exploited crypto after the attacker tried to cash out by sending funds to exchanges.

Bitcoin layer-2 developer Alex Labs has successfully frozen more than $3.9 million worth of crypto that was exploited from its BNB Smart Chain bridge, according to the team’s May 16 social media post. According to the post, the attacker sent the funds to several different centralized exchanges (CEXs), which allowed them to be frozen with the cooperation of the exchanges.

The team said it recovered the complete balances for 17 different tokens, including “all aBTC, sUSDT, xBTC, xUSD, ALEX, atALEX, LiSTX, LUNR, SKO, CHAX, $B20, ORDG, ORMM, ORNJ, TRIO, TX20 and STXS.”

$13.7 million worth of Stacks (STX) tokens were also exploited. Of these, the attacker made the mistake of sending “about 3 million” to centralized exchanges. The post links to a spreadsheet showing the STX balances at each exchange the hacker used to transfer funds. It shows that a total of $3.7 million is held at exchanges, whereas $9.6 million are held in wallets under the direct control of the attacker.

Astrology NFT project ‘Lucky Star Currency’ rugged for over $1m – Certik

October 9, 2023 Coin Telegraph

Astrology NFT project ‘Lucky Star Currency’ rugged for over m - Certik

Blockchain

The deployer account for LSC drained over $1 million in tokens from the project, then swapped them to BUSD using PancakeSwap.

The astrology-themed NFT project Lucky Star Currency (LSC) has performed an exit scam for over $1 million, according to an October 9 report from blockchain security firm Certik.

The project’s deployer account called the ‘withdrawToken’ function on both the NFTMerge and AdwardCenter contracts, removing over $1 million in LSC from them. These tokens were then swapped for Binance USD (BUSD) stablecoin and sent to another account.

#CertiKSkynetAlert

We can confirm an exit scam on @AstrAstrol75591 LSC token

Bsc: 0x2b3559c3DBdB294cbb71f2B30a693F4C6be6132d

EOA 0x9Ef withdrew LSC tokens from the AwardCenter contract. Tokens were then sold for $1.1mhttps://t.co/sy7vFfqhf5
— CertiK Alert (@CertiKAlert) October 9, 2023

Lucky Star Currency is a project that focuses on NFTs and claims to be founded by astrologists. Its contracts include an Award Center and NFT Marketplace. It is marketed towards the Chinese crypto investment market. The team promotes the project on X (formerly Twitter) under the username @AstrAstrol75591. It also has a Telegram channel. As of October 9, the project’s website and user interface are offline.

Before the alleged rug, Lucky Star Currency was heavily promoted on the Chinese news app Toutiao and Q&A platform Zhihu.

At approximately 02:52 a.m. UTC, BNB Smart Chain address 0x9Ef72Ee68a7c841986A0C60e0FDbAE4e27446Deb removed over 1.6 million LSC from the AwardCenter contract for Lucky Star Currency. In a second transaction, an additional 1.4 million LSC was drained from the project’s NFTMerge contract. After draining funds, the attacker swapped them for over $1 million in BUSD via Pancake swap and then sent them to account 0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896. This account has been receiving BUSD from various sources for the past 82 days, implying that there may be more than one scam depositing funds to it.

According to Certik, the contracts that were drained have been listed on Telegram as the project’s official contracts.

*Admin Telegram post stating the official addresses for LSC contracts 'NFTMerge' and 'AwardCenter.' Source: Certik.*

In addition, blockchain data shows that the attacking account is the deployer for the AwardCenter contract.

The company that promoted the project claimed to have an office in Shenzen City, China.

*Lucky Star Currency office, Shenzhen, China. Source: Certik, Telegram*

Rug-pulls from Chinese projects have become a recurring problem in the Web3 space. Running a centralized cryptocurrency exchange is illegal in the country. Because of this, users who deposit to a Chinese protocol that has centralized elements may risk having their funds confiscated by police.

Over $100 million were lost in July when the China-based Multichain protocol drained all of its users' funds into an attacker’s account. The team alleges that police have arrested their CEO, but victims still search for answers as to what happened to their funds and how they can be reimbursed.

BNB Smart Chain hit with copycat Vyper attack, $73K exploited

July 31, 2023 Coin Telegraph

BNB Smart Chain

While Ethereum-based protocols have been hit with the majority of the exploit activity, BNB Smart Chain has also seen similar copycat exploits, according to BlockSec.

The BNB Smart Chain (BSC) has reportedly suffered copycat attacks due to a vulnerability in the Vyper programming language, following a similar vein to the exploit on the decentralized finance (DeFi) protocol Curve Finance.

Amid the exploits carried out on Ethereum, Blockchain security firm BlockSec tweeted on July 30 that around $73,000 worth of cryptocurrencies on BSC across three exploits had also been stolen.

It comes as similar exploits targeting liquidity pools on Curve Finance have racked up losses exceeding $41 million, according to current BlockSec estimates.

The sheet updated. Losses have already ~$41m!https://t.co/lCaS4uEPzm https://t.co/stQYNJFS7y pic.twitter.com/P7jG8NHnV4
— BlockSec (@BlockSecTeam) July 30, 2023

The vulnerability was caused by a malfunctioning reentrancy lock on Vyper versions 0.2.15, 0.2.16 and 0.3.0, which is used by a number of DeFi pools.

The programming language is believed to be one of the most widely used for Web3 projects. It was designed for the Ethereum Virtual Machine and could affect other protocols that use the afflicted Vyper versions.

Since news of the exploit broke, white hat and black hat hackers have been duking it out on-chain attempting to disrupt each other's exploit attempts or efforts to recover funds.

One potential whitehat, known as “c0ffebabe.eth,” was seemingly able to grab some funds to store for safekeeping. On July 30 they sent an on-chain message asking affected protocols to contact them to organize returning funds.

Excellent news!!! hopefully we can get it backhttps://t.co/sElKdYniT1 pic.twitter.com/AEldRorQaq
— Addison (@0xaddi) July 30, 2023

So far, the wallet has returned nearly 2,900 Ether (ETH) worth over $5 million to Curve according to one transaction.

5M returned back to @CurveFinance pic.twitter.com/BPAvE1ZOZY
— KGJR (@KGJRTG) July 30, 2023

Another transaction saw c0ffebabe.eth move 1,000 ETH to what appears to be a newly-created wallet — likely the cold wallet that they mentioned earlier.

Hall of Flame: Wolf Of All Streets worries about a world where Bitcoin hits $1M