US charges 5 in $11M crypto hacking scheme linked to ‘Scattered Spider’

November 21, 2024 Coin Telegraph

EigenLayer says $5.7M hack ‘isolated’ incident, no vulnerability on protocol

October 5, 2024 Coin Telegraph

DeFi platform Delta Prime suffers $6M breach

September 16, 2024 Coin Telegraph

WazirX slams external forces for delaying restructuring efforts

August 25, 2024 Coin Telegraph

Frax Finance X account hacked, CEO suspects ‘inside job’ at Elon Musk’s office

June 3, 2024 Coin Telegraph

$4,500,000 in Crypto Stolen From Victims of LassPass Hack in One Day Alone: On-Chain Data

October 31, 2023 The Daily Hodl

Stars Arena recovers 90% of stolen funds after offering $257K bounty

October 12, 2023 Coin Telegraph

bounty

The exploiter of the Web3 social media platform agreed to keep a 10% bounty in exchange for returning the remainder of the stolen funds.

Web3 social media platform Stars Arena says it has recovered nearly all of the crypto stolen from an Oct. 7 exploit — minus a 10% bounty to the person responsible.

In an Oct. 11 X (Twitter) post, Stars Arena said around 90% of the 266,000 Avalanche (AVAX) exploited, at the time worth around $3 million, was returned after reaching an agreement to give a 27,610 AVAX bounty worth nearly $257,000 to the exploiter.

The bounty also included compensation for 1,000 AVAX worth over $9,000 seemingly lost by the exploiter in a bridge.

UPDATE:

We have recovered approximately 90% of the lost funds.

We reached an agreement with the individual responsible for the recent security breach.

The funds have been returned in exchange for a 10% bounty fee + 1000 AVAX that was lost in a bridge.

Total funds lost:…
— Stars Arena (@starsarenacom) October 11, 2023

In a separate post, Stars Arena added it had written a new smart contract and before placing the returned funds and launching, it was finalizing an audit of the new contract.

Stars Arena first alerted its community to the exploit on Oct. 7, calling it a “major security breach” with its smart contract leading to funds being drained.

In a subsequent post, Stars Arena said it secured funding to plug the hole left by the exploit and it had contracted a development team to do a full security audit, though the team has yet to detail how the exploit took place.

Days earlier, on Oct. 5, Stars Arena was hit by a smaller exploit, though hackers only made off with around $2,000, they claimed.

The exploit was caused by Stars Arena developers missing a vulnerable price function in the platform’s smart contract. This allowed the exploiter to sell user shares for nothing and get AXAX in return, pseudonymous X user “0xlilitch” explained in a post.

Stars Area claimed to have patched the vulnerability.

Users of Stars Arena’s main competitor, Friend.tech, have also seen targeted SIM-swap attacks with Friend.tech recently adding security features to mitigate the attempts.

Magazine: Recursive inscriptions — Bitcoin ‘supercomputer’ and BTC DeFi coming soon

Mark Cuban’s loses $870K in hot wallet hack

September 16, 2023 Coin Telegraph

<div>Mark Cuban's loses 0K in hot wallet hack</div>

Coin Telegraph

Mark Cuban confirmed that he was hacked, but doesn’t appear to know exactly how it happened as of yet.

Nearly $900,000 worth of crypto was reportedly drained from one of the hot wallets belonging to billionaire investor and Dallas Mavericks owner Mark Cuban.

Independent blockchain sleuth @WazzCrypto was the first to spot the hack on Sept. 15 at around 8 PM UTC, after they highlighted suspicious behavior happening with one of Cuban’s wallets that the 65-year-old hadn’t interacted with for roughly five months.

Lmao, did Mark Cuban's wallet just get drained?

Wallet inactive for 160 days and all assets just moved pic.twitter.com/vWnMZFyHB5
— Wazz (@WazzCrypto) September 15, 2023

According to the transaction history on Etherscan, several batches of assets such as USD Coin (USDC), Tether (USDT) and Lido Staked Ether (stETH) were suddenly withdrawn from the wallet within a 10- minute window.

Adding complexity to the matter, another $2 million worth of USDC was then also withdrawn and sent to a different wallet, leading WazzCrypto to suspect that Cuban may have just been moving assets around.

However, a few hours later Cuban then confirmed to DL News that he had gone on MetaMask for the first time in months, and vaguely suggested that the hacker or hackers may have been watching and waiting for a moment to pounce.

Cuban added that he had transferred any remaining assets to Coinbase Custody, essentially confirming that the $2 million USDC transaction was him.

In terms of the hack, members of the community were quick to point out that as opposed to hackers watching Cuban’s activity, he must have done something that led to the security breach.

Some suggested that Cuban may have mistakenly signed a malicious transaction, while others asserted that his private key was compromised given that the funds were directly transferred out of the wallet.

*Speculation on how Mark Cuban was hacked. Source: X*

This is not the first time Cuban has taken a hit in the crypto market.

Back in June 2021, Cuban lost an unspecified amount of capital on what he called a “rug pull” after an algorithmic stablecoin project called Iron Finance imploded amid a supposed bank run.

Magazine: Hodler’s Digest, Aug. 27 – Sept. 2: SEC delays BTC ETF decision, Grayscale triumphs over SEC and BitBoy gets the boot

Top Crypto Exchange Binance Sinks $5,000,000 Into Curve (CRV) Following Massive Hack on the DeFi Platform

August 11, 2023 The Daily Hodl

$794K SIM swap hacker PlugwalkJoe sentenced to five years in prison

June 25, 2023 Coin Telegraph

Coin Telegraph

The hacker managed to steal $794,000 worth of crypto from an exchange via a SIM swap attack on an exec, but ultimately he didn’t cover his tracks well.

British Hacker Joseph O’Connor, also known online as PlugwalkJoe, has been sentenced to five years in U.S. prison for his role in stealing $794,000 worth of cryptocurrency via a SIM swap attack on a crypto exchange executive back in April 2019.

O’Connor was initially arrested in Spain in July 2021 and was extradited to the U.S. on April 26, 2023. In May he pled guilty to a slew of charges relating to conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and conspiracy to commit money laundering, to name a few.

plugwalkjoe is getting his sentence in 5 days, so it’s time to bring this gem back pic.twitter.com/OOBqD2FaFA
— rip @ironic (@ripironic) June 18, 2023

The prison sentence was highlighted in a June 23 statement from the U.S. Attorney's Office of the Southern District of New York.

“In addition to the prison term, O’Connor was sentenced to three years of supervised release. O’Connor was further ordered to pay $794,012.64 in forfeiture,” the statement reads.

The hacked crypto exec has not been named, however after SIM swapping them, O’Connor gained unauthorized access to accounts and computing systems belonging to the exchange that the exec worked at.

“After stealing and fraudulently diverting the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services.”

“Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor,” the statement adds.

O’Connor’s sentence also covers offenses relating to the major Twitter hack of July 2020, which ultimately fetched him and his crew around $120,000 worth of ill-gotten crypto gains.

1/ Time for a story that combines the craziness of crypto, the perils of hacking, and the consequences of shady actions. Buckle up as we explore the case of Joseph James O'Connor, aka PlugwalkJoe, the mastermind behind the infamous Twitter hack of July 2020!#Crypto
— Crypto Camel (@CamelChronicles) June 24, 2023

The hackers deployed a series of “social engineering techniques” and SIM-swapping attacks to hijack around 130 prominent Twitter accounts, along with two large accounts on TikTok and Snapchat.

“In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others,” the statement reads.

As part of this scheme, O’Connor attempted to blackmail the Snapchat victim by threatening to publicly release private messages if they didn’t make posts promoting O’Connor’s online persona.

Additionally, O’Connor also “stalked and threatened” a victim, and “orchestrated a series of swatting attacks” on them by falsely reporting emergencies to authorities.

SIM swaps are still a big issue

A SIM swap attack involves a bad actor taking control of a victim’s phone number by linking it to another sim card controlled by them.

As a result, the bad actors can then re-route the victim’s calls and messages to a device controlled by them, and gain access to any accounts the victim uses SMS-based two-factor authentication on.

The scheme is generally used to dupe followers of prominent accounts into clicking phishing links that ultimately end up swiping their crypto assets.

Despite O’Connor’s antics occurring roughly three years ago, SIM swapping attacks continue to be a significant issue in the crypto sector.

Earlier this month blockchain sleuth ZachXBT identified a group of scammers that SIM-swapped at least eight accounts belonging to well-known figures in crypto, including Pudgy Penguins founder Cole Villemain, DJ and NFT collector Steve Aoki and Bitcoin Magazine editor Pete Rizzo.

According to ZachXBT, the group stole almost $1 million by promoting phishing links from the hacked accounts.

Magazine: ‘Moral responsibility’ — Can blockchain really improve trust in AI?

crypto hack

SIM swaps are still a big issue

Share this video