Maiar decentralized crypto exchange goes offline after bug discovery

June 7, 2022 Coin Telegraph

The DEX has been taken offline due to the discovery of the bug, and the team has implemented an “emergency fix” and update.

The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD).

Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange.

Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implemented.

In a Twitter thread posted almost 24 hours later at around 11:00 pm UTC on Monday, Mincu said a potentially critical bug was identified that opened “an exploit area that we simply had to address and mitigate immediately.”

The suspicious activities have been possibly identified and explained in a Twitter thread by pseudonymous on-chain analyst Foudres, who revealed that the potential attacker deployed a smart contract that somehow allowed them to withdraw over 1.65 million EGLD.

Three wallets were able to mysteriously withdraw 800,000, 400,000 and 450,000 EGLD, respectively, which at current prices is worth nearly $113 million in total.

The attackers were able to sell around 800,000 EGLD, worth around $54 million, which caused the price of EGLD on Maiar to plummet from $76 down to around $5. The rest of the crypto is either still held in various wallets, has been bridged to USD Coin (USDC) and Ether (ETH), or was sold on centralized exchanges.

The price of EGLD dropped 9.5% from around $74 down to a 24-hour low of $65.50 but has since slightly recovered, now trading near $68.

Mincu stated in his update that an upgrade was implemented to fix the bug and a technical explanation would be provided after clarification that the implemented solutions are tested and working.

He claimed that all funds are safe and will be available when the DEX restarts, which is scheduled for Tuesday, saying most exploited funds have been either recovered in full or will be covered by the Elrond Foundation.

As previously reported by Cointelegraph, approximately $1.6 billion in cryptocurrency has been stolen from decentralized finance (DeFi) platforms in the first quarter of 2022, and over 90% of all stolen crypto is from hacked decentralized finance (DeFi) protocols such as DEXs.

Crypto.com Reveals 483 Accounts Compromised in Recent Hack — $34 Million in Bitcoin, Ether Stolen

January 20, 2022 Bitcoin.com

Hotbit crypto exchange shuts down for maintenance after attempted hack

April 30, 2021 Coin Telegraph

Coin Telegraph

The Chinese crypto exchange says funds are “SAFU” and that the emergency maintenance could take up to two weeks.

Cryptocurrency exchange platform Hotbit has shut down all of its services after an attempted cyberattack on Thursday.

“Hotbit just suffered a serious cyber-attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services,” a notice on the platform’s website reads.

The hackers were reportedly unsuccessful in gaining access to Hotbit’s wallets but did manage to compromise the platform’s user database. Thus, the Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange.

With all normal operations currently paused during the ongoing maintenance, Hotbit also revealed that pending trading orders are canceled to prevent losses. Also, the exchange promised to bear any losses stemming from exchange-traded funds listed on its platform during the duration of the maintenance.

According to the Hotbit announcement, the maintenance will last for at least seven days with reports that the investigation and system upgrade could take as long as two weeks.

Addressing users on the exchange’s Telegram group, Alex Zhou, chief security officer of Hotbit, revealed that user funds were unaffected by the attack, stating: “The attacker tried to break into the wallet server to steal funds but the action was identified and blocked successfully by Hotbit risk control system. All users’ funds are safe.”

“At the same time, Hotbit is in the process of transferring all funds in hot wallet to cold wallet, the details of the whole integration could be seen on the chain,” he said.

Indeed, data from Ethereum transaction monitoring tool Etherscan shows multiple token outflows from one of Hotbit’s known wallets to another address that currently holds about $14 million in several altcoins.

However, the length of time given for the maintenance is causing significant unrest among Hotbit users judging by comments on social media and in the platform’s Telegram channel.

Fears over the incident being an exit scam by the Hotbit team are palpable. Earlier in April, two major exchanges in Turkey went offline, with their executives fleeing with millions of dollars in user funds. Both incidents have led to sweeping arrests by law enforcement agencies as well as plans by the government to establish a central custodian bank for cryptocurrency exchanges in Turkey.

crypto exchange hack