An on-chain sleuth says that users of the LastPass password manager application have lost millions of dollars in crypto to threat actors. The on-chain researcher pseudonymously known as ZachXBT tells his 449,400 followers on the X social media platform that dozens of crypto users were compromised on a single day last week following the LastPass […]
The post $4,500,000 in Crypto Stolen From Victims of LassPass Hack in One Day Alone: On-Chain Data appeared first on The Daily Hodl.
The exploiter of the Web3 social media platform agreed to keep a 10% bounty in exchange for returning the remainder of the stolen funds.
Web3 social media platform Stars Arena says it has recovered nearly all of the crypto stolen from an Oct. 7 exploit — minus a 10% bounty to the person responsible.
In an Oct. 11 X (Twitter) post, Stars Arena said around 90% of the 266,000 Avalanche (AVAX) exploited, at the time worth around $3 million, was returned after reaching an agreement to give a 27,610 AVAX bounty worth nearly $257,000 to the exploiter.
The bounty also included compensation for 1,000 AVAX worth over $9,000 seemingly lost by the exploiter in a bridge.
UPDATE:
— Stars Arena (@starsarenacom) October 11, 2023
We have recovered approximately 90% of the lost funds.
We reached an agreement with the individual responsible for the recent security breach.
The funds have been returned in exchange for a 10% bounty fee + 1000 AVAX that was lost in a bridge.
Total funds lost:…
In a separate post, Stars Arena added it had written a new smart contract and before placing the returned funds and launching, it was finalizing an audit of the new contract.
Stars Arena first alerted its community to the exploit on Oct. 7, calling it a “major security breach” with its smart contract leading to funds being drained.
In a subsequent post, Stars Arena said it secured funding to plug the hole left by the exploit and it had contracted a development team to do a full security audit, though the team has yet to detail how the exploit took place.
Related: Galxe replacing 110% of funds users lost in recent front-end hack, over $400K
Days earlier, on Oct. 5, Stars Arena was hit by a smaller exploit, though hackers only made off with around $2,000, they claimed.
The exploit was caused by Stars Arena developers missing a vulnerable price function in the platform’s smart contract. This allowed the exploiter to sell user shares for nothing and get AXAX in return, pseudonymous X user “0xlilitch” explained in a post.
Stars Area claimed to have patched the vulnerability.
Users of Stars Arena’s main competitor, Friend.tech, have also seen targeted SIM-swap attacks with Friend.tech recently adding security features to mitigate the attempts.
Magazine: Recursive inscriptions — Bitcoin ‘supercomputer’ and BTC DeFi coming soon
Mark Cuban confirmed that he was hacked, but doesn’t appear to know exactly how it happened as of yet.
Nearly $900,000 worth of crypto was reportedly drained from one of the hot wallets belonging to billionaire investor and Dallas Mavericks owner Mark Cuban.
Independent blockchain sleuth @WazzCrypto was the first to spot the hack on Sept. 15 at around 8 PM UTC, after they highlighted suspicious behavior happening with one of Cuban’s wallets that the 65-year-old hadn’t interacted with for roughly five months.
Lmao, did Mark Cuban's wallet just get drained?
— Wazz (@WazzCrypto) September 15, 2023
Wallet inactive for 160 days and all assets just moved pic.twitter.com/vWnMZFyHB5
According to the transaction history on Etherscan, several batches of assets such as USD Coin (USDC), Tether (USDT) and Lido Staked Ether (stETH) were suddenly withdrawn from the wallet within a 10- minute window.
Adding complexity to the matter, another $2 million worth of USDC was then also withdrawn and sent to a different wallet, leading WazzCrypto to suspect that Cuban may have just been moving assets around.
However, a few hours later Cuban then confirmed to DL News that he had gone on MetaMask for the first time in months, and vaguely suggested that the hacker or hackers may have been watching and waiting for a moment to pounce.
Cuban added that he had transferred any remaining assets to Coinbase Custody, essentially confirming that the $2 million USDC transaction was him.
Related: North Korean crypto hacks down 80%, but that could change overnight: Chainalysis
In terms of the hack, members of the community were quick to point out that as opposed to hackers watching Cuban’s activity, he must have done something that led to the security breach.
Some suggested that Cuban may have mistakenly signed a malicious transaction, while others asserted that his private key was compromised given that the funds were directly transferred out of the wallet.
This is not the first time Cuban has taken a hit in the crypto market.
Back in June 2021, Cuban lost an unspecified amount of capital on what he called a “rug pull” after an algorithmic stablecoin project called Iron Finance imploded amid a supposed bank run.
The venture capital arm of crypto exchange Binance just announced that it is putting money into the native token of the decentralized finance (DeFi) platform Curve. In a statement, Binance Labs says that its $5 million investment in the Curve DAO Token (CRV) signifies its commitment to join forces with the largest stableswap and second-largest […]
The post Top Crypto Exchange Binance Sinks $5,000,000 Into Curve (CRV) Following Massive Hack on the DeFi Platform appeared first on The Daily Hodl.
The hacker managed to steal $794,000 worth of crypto from an exchange via a SIM swap attack on an exec, but ultimately he didn’t cover his tracks well.
British Hacker Joseph O’Connor, also known online as PlugwalkJoe, has been sentenced to five years in U.S. prison for his role in stealing $794,000 worth of cryptocurrency via a SIM swap attack on a crypto exchange executive back in April 2019.
O’Connor was initially arrested in Spain in July 2021 and was extradited to the U.S. on April 26, 2023. In May he pled guilty to a slew of charges relating to conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and conspiracy to commit money laundering, to name a few.
plugwalkjoe is getting his sentence in 5 days, so it’s time to bring this gem back pic.twitter.com/OOBqD2FaFA
— rip @ironic (@ripironic) June 18, 2023
The prison sentence was highlighted in a June 23 statement from the U.S. Attorney's Office of the Southern District of New York.
“In addition to the prison term, O’Connor was sentenced to three years of supervised release. O’Connor was further ordered to pay $794,012.64 in forfeiture,” the statement reads.
The hacked crypto exec has not been named, however after SIM swapping them, O’Connor gained unauthorized access to accounts and computing systems belonging to the exchange that the exec worked at.
“After stealing and fraudulently diverting the stolen cryptocurrency, O’Connor and his co-conspirators laundered it through dozens of transfers and transactions and exchanged some of it for Bitcoin using cryptocurrency exchange services.”
“Ultimately, a portion of the stolen cryptocurrency was deposited into a cryptocurrency exchange account controlled by O’Connor,” the statement adds.
O’Connor’s sentence also covers offenses relating to the major Twitter hack of July 2020, which ultimately fetched him and his crew around $120,000 worth of ill-gotten crypto gains.
1/ Time for a story that combines the craziness of crypto, the perils of hacking, and the consequences of shady actions. Buckle up as we explore the case of Joseph James O'Connor, aka PlugwalkJoe, the mastermind behind the infamous Twitter hack of July 2020!#Crypto
— Crypto Camel (@CamelChronicles) June 24, 2023
The hackers deployed a series of “social engineering techniques” and SIM-swapping attacks to hijack around 130 prominent Twitter accounts, along with two large accounts on TikTok and Snapchat.
“In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others,” the statement reads.
As part of this scheme, O’Connor attempted to blackmail the Snapchat victim by threatening to publicly release private messages if they didn’t make posts promoting O’Connor’s online persona.
Additionally, O’Connor also “stalked and threatened” a victim, and “orchestrated a series of swatting attacks” on them by falsely reporting emergencies to authorities.
A SIM swap attack involves a bad actor taking control of a victim’s phone number by linking it to another sim card controlled by them.
As a result, the bad actors can then re-route the victim’s calls and messages to a device controlled by them, and gain access to any accounts the victim uses SMS-based two-factor authentication on.
The scheme is generally used to dupe followers of prominent accounts into clicking phishing links that ultimately end up swiping their crypto assets.
Related: Darknet hackers are selling crypto accounts for as low as $30 a pop
Despite O’Connor’s antics occurring roughly three years ago, SIM swapping attacks continue to be a significant issue in the crypto sector.
Earlier this month blockchain sleuth ZachXBT identified a group of scammers that SIM-swapped at least eight accounts belonging to well-known figures in crypto, including Pudgy Penguins founder Cole Villemain, DJ and NFT collector Steve Aoki and Bitcoin Magazine editor Pete Rizzo.
According to ZachXBT, the group stole almost $1 million by promoting phishing links from the hacked accounts.
Magazine: ‘Moral responsibility’ — Can blockchain really improve trust in AI?
The statement is the first major update from the wallet provider since the exploit in early June, but users are still in the dark about the actual cause.
Atomic Wallet users have been left wanting more answers, despite the decentralized wallet provider finally releasing a full "event statement" about the June exploit — which some estimate has run up to $100 million in losses.
In a June 20, blog post — the first major update from the firm since the June 3 exploit — Atomic Wallet claimed there have been no new confirmed cases after initial reports of the hack.
It has reiterated that “less than 0.1%” of app users were affected. Atomic Wallet has made the claim at least once before in a now-deleted June 5 tweet. The figure is still rebuffed by many online.
June 3rd event Statement. To summarise, less than 0.1% of Atomic app users have been affected. Since then, no new cases have been reported.
— Atomic - Crypto Wallet (@AtomicWallet) June 21, 2023
None of the possible issues are confirmed as potentially causing massive breaches, at least in the latest app versions. Builds are verified… pic.twitter.com/YTcOFpo3M3
Atomic Wallet didn’t point to what exactly led to the exploit, only laying out the four most “probable” causes, including a virus on user devices, an infrastructure breach, a man-in-the-middle attack or malware code injection.
However, none of these scenarios “are confirmed as potentially causing massive breaches," said Atomic Wallet, while adding its “security infrastructure has been updated.”
Additionally, Atomic Wallet said an app update to boost security is being worked on, which is verified “by external auditors.”
However, questions have been swirling around certain aspects of the June 20 statement.
Former smart contract audit head at cybersecurity firm Hacken, Yevhenii Bezuhlyi, asked who the mentioned “external auditors” are and where users can find their statements.
Related: On-chain sleuth ZachXBT sued for libel after claiming plaintiff drained funds from project
Ouriel Ohayon, the CEO of rival wallet provider ZenGo asked why Atomic Wallet needed to update its security infrastructure and what happened for it to undertake such a measure.
“Our security infrastructure has been updated.”
— Ouriel @ZenGo (@OurielOhayon) June 21, 2023
why did you need to update it? what happened?
Others highlighted the wide array of probabilities posed by the firm as evidence it was no closer to understanding how the exploit took place.
Atomic Wallet said it can see the laundering and mixing of user funds, most of which remain traceable. It's engaged the help of blockchain analytics firms Chainalysis and Crystal Blockchain. It said that the investigation is still ongoing.
Chainalysis told Cointelegraph it can't comment on its work or findings relating to Atomic Wallet.
Cointelegraph contacted Atomic Wallet for clarity on aspects of its statement. Crystal Blockchain was also contacted for comment on its findings related to Atomic Wallet.
Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers
Floating Point Group informed customers that withdrawals had been halted after experiencing a security breach on Sunday evening.
Cryptocurrency brokerage firm Floating Point Group (FPG) has confirmed it has halted trading, withdrawals and deposits on its platform after falling victim to a cyberattack on June 11. FPG estimates the attack resulted in a total loss of between $15 million and $20 million.
According to a June 15 tweet from FPG’s official twitter account, upon discovering the security breach FPG locked all third party accounts and migrated wallets. It later halted trading, deposits and withdrawals out of “an abundance of caution.”
1/5 On Sunday, we experienced a cyber security incident. Upon discovery, we locked all third party accounts and migrated and secured all wallets until we better understand the scope and circumstances of this incident.
— Floating Point Group (@fpgcrypto) June 14, 2023
Additionally, the firm noted that its account segregation “limited the overall impact” of the attack.
FPG is an international brokerage firm that provides institutional clients with access to crypto markets. According to its website, FPG and its clients manage $50 billion in assets.
The latest development isn’t likely to bolster institutional appetite for the crypto sector, which has already been hit by dwindling market conditions and increased hostility from regulators.
In December 2022, FPG voluntarily consulted cybersecurity firm Prescient Auditors and received its SOC 2 Type 1 certification. This certification is an official audit that verifies the overall safety of a firm’s internal data controls.
“We are working with the FBI, the Department of Homeland Security, our regulators, and Chainalysis to understand how this occurred and to recover assets,” wrote FPG in a subsequent comment.
Related: North Korean hackers swipe over $100M from Atomic Wallet users
FPG also noted that due to the ongoing nature of the investigation with respective law enforcement agencies, it couldn’t publicly share any additional details.
Cointelegraph contacted FPG for further information concerning the attack but has not yet received a response.
Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers
A sponsored advertising link on Google hid malware that siphoned thousands of dollars worth of crypto and NFTs from an influencer’s wallet.
An NFT influencer claims to have lost “a life-changing amount” of their net worth in nonfungible tokens (NFTs) and crypto after accidentally downloading malicious software found via a Google Ad search result.
The pseudo-anonymous influencer known on Twitter as “NFT God” posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” came under attack including a compromise of his crypto wallet and multiple online accounts.
Last night my entire digital livelihood was violated.
— NFT God (@NFT_GOD) January 15, 2023
Every account connected to me both personally and professionally was hacked and used to hurt others.
Less importantly, I lost a life changing amount of my net worth
NFT God, known also as “Alex,” said he used Google's search engine to download OBS, an open-source video streaming software. But instead of clicking on the official website, he clicked the sponsored advertisement for what he thought was the same thing.
It wasn’t until hours later — after a series of phishing tweets posted by attackers on two Twitter accounts that Alex operates — that he realized malware was downloaded from the sponsored advertisement alongside the software he wanted.
Following a message from an acquaintance, Alex noticed his crypto wallet was also compromised. The next day, attackers breached his Substack account and sent phishing emails to his 16,000 subscribers.
Then I get the DM I've been dreading. "Dude you WETH'd your ape?"
— NFT God (@NFT_GOD) January 15, 2023
I pop open the Opensea bookmark of my ape and there it is. A completely different wallet listed as the owner.
I knew at that moment it was all gone. Everything. All my crypto and NFTs ripped from me
Blockchain data shows that at least 19 Ether (ETH) worth nearly $27,000 at the time, a Mutant Ape Yacht Club (MAYC) NFT with a current floor price of 16 ETH ($25,000), and multiple other NFTs were siphoned from Alex’s wallet.
The attacker moved most of the ETH through multiple wallets before sending it to the decentralized exchange (DEX) FixedFloat, where it was swapped for unknown cryptocurrencies.
Alex believes the “critical mistake” that allowed the wallet hack was setting up his hardware wallet as a hot wallet by entering its seed phrase “in a way that no longer kept it cold,” or offline, which allowed the hackers to gain control of his crypto and NFTs.
Related: Navigating the World of Crypto: Tips for Avoiding Scams
Unfortunately, NFT God’s experience isn’t the first time the crypto community has dealt with crypto-stealing malware in Google Ads.
A Jan. 12 report from cybersecurity firm Cyble warned of an information-stealing malware called “Rhadamanthys Stealer” spreading through Google Ads on “highly convincing phishing webpage[s].”
In October, Binance CEO Changpeng “CZ” Zhao warned that Google search results were promoting crypto phishing and scamming websites.
Cointelegraph contacted Google for comment but did not receive a response. In its help center, however, Google said it “actively works with trusted advertisers and partners to help prevent malware in ads.”
It also describes its use of “proprietary technology and malware detection tools” to regularly scan Google Ads.
Cointelegraph was unable to replicate the results of Alex’s search nor verify if the malicious website was still active.
Just the top 10 major cryptocurrency exploits garnered over $2 billion for malicious actors in a year that was marred with bankruptcies and collapses.
It's been a turbulent year for the cryptocurrency industry — market prices have taken a huge dip, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks.
It was not even halfway through October when Chainalysis declared 2022 to be the “biggest year ever for hacking activity.”
As of Dec. 29, the 10 largest exploits of 2022 have seen $2.1 billion stolen from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.
Stablecoin protocol Beanstalk Farms suffered a $76 million exploit on April 18 from an attacker using a flash loan to buy governance tokens. This was used to pass two proposals that inserted malicious smart contracts.
The exploit was initially thought to have cost around $182 million as Beanstalk was drained of all its collateral but in the end, the attacker only managed to get away with less than half that.
Qubit Finance, a decentralized finance (DeFi) protocol on BNB Smart Chain, had over $80 million worth of BNB (BNB) stolen on Jan. 28 in a bridge exploit.
The attacker duped the protocol's smart contract into believing they had deposited collateral that allowed them to mint an asset representing bridged Ether (ETH).
They repeated this multiple times and borrowed multiple cryptocurrencies against the unbacked bridged ETH, draining the protocol’s funds.
Another DeFi protocol called Rari Capital was exploited on April 30 for the sum of roughly $79.3 million.
The attacker exploited a reentrancy vulnerability in the protocol’s Rar Fuse liquidity pool smart contracts, making them call a function to a malicious contract to drain the pools of all crypto.
In September, Tribe DAO, which includes Rari Capital and other DeFi protocols, voted to reimburse affected users from the hack.
In yet another bridge hack, the Horizon Bridge that links Ethereum, Bitcoin (BTC), and BNB Chain to Harmony’s layer-1 blockchain was drained of around $100 million in multiple cryptocurrencies.
Blockchain forensics firm Elliptic pinned the hack on North Korean cybercriminal syndicate Lazarus Group, as the funds were laundered in a similar way to other known Lazarus attacks.
Lazarus is understood to have targeted Harmony employee login credentials, breaching the platform’s security system and gaining control of the protocol before deploying automated laundering programs to move their ill-gotten gains.
The BNB Chain was paused on Oct. 6 due to “irregular activity” on the network, which later was revealed as an exploit that drained around $100 million from its cross-chain bridge, the BSC Token Hub.
Initially, it was thought the attacker was able to take around $600 million due to a vulnerability that allowed the creation of roughly two million BNB, the chain’s native token.
Unfortunately for the attacker, they had roughly over $400 million worth of digital assets frozen on the blockchain and more was possibly stuck in cross-chain bridges on the BNB blockchain side.
United Kingdom based crypto market-maker Wintermute suffered from a compromised hot wallet that saw approximately $160 million across 70 tokens transferred out of the wallet.
Analysis from blockchain cybersecurity firm CertiK claimed a vulnerable private key was attacked that was likely generated by Profanity — an app that allows users to generate vanity crypto addresses, that has a known exploit.
According to CertiK, this allowed the attacker to use a function with the private key that allowed the hacker to change the platform’s swap contract to the hacker’s own.
Conspiracy theories alleging the hack was an “inside job” due to how it was carried out were debunked by blockchain security firm BlockSec, who said the allegations were “not convincing enough.”
On Aug. 2, the Nomad token bridge, which allows users to swap cryptocurrencies across multiple blockchains, was drained by multiple attackers to the tune of $190 million.
A smart contract vulnerability that failed to properly validate transaction inputs was the cause of the exploit.
Multiple users, seemingly both malicious and benevolent, were able to copy the original attacker’s moves to funnel funds to themselves. Around 88% of addresses taking part in the exploit were identified as “copycats” in a report.
Only around $32.6 million worth of funds were able to be intercepted and returned to the protocol by white hat hackers.
The Wormhole token bridge suffered an exploit on Feb. 2 that resulted in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.
Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and was able to mint 120,000 wETH on Solana (SOL) unbacked by collateral and was then able to swap this for ETH.
At the time it was marked as the largest exploit in 2022 and is the third-largest protocol loss overall for the year.
During the start of FTX’s bankruptcy proceedings on Nov. 11 and 12, a series of unauthorized transactions took place at the exchange, with Elliptic suggesting that around $477 million worth of crypto was stolen.
Sam Bankman-Fried said in a Nov. 16 interview that he believed it was “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer” and had narrowed the perpetrator down to eight people before he was shut out of the company’s systems.
Related: 7 biggest crypto collapses of 2022 the industry would like to forget
According to reports, on Dec. 27 the United States Department of Justice launched an investigation into the whereabouts of around $372 million of the missing crypto.
The largest exploit to take place in 2022 happened on March 23, when the Ronin bridge was exploited for around $612 million — 173,600 ETH and 25.5 million USD Coin (USDC).
Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-earn nonfungible token (NFT) game. Sky Mavis, Axie Infinity’s developers, said the hackers gained access to private keys, compromised validator nodes and approved transactions that drained funds from the bridge.
The U.S. Treasury Department updated its Specially Designated Nationals and Blocked Persons (SDN) list on April 14 to reflect the possibility that Lazarus Group was behind the bridge’s exploit.
The Ronin bridge hack is the largest cryptocurrency exploit to ever take place.
FTX founder Sam Bankman-Fried said the exchange won’t be “making a habit of compensating” users that are “phished by fake versions of other companies.”
Cryptocurrency exchange FTX will provide around $6 million in compensation to victims of a phishing scam that allowed hackers to conduct unauthorized trades on certain FTX users’ accounts.
FTX founder and CEO Sam Bankman-Fried posted in a Twitter thread on Oct. 23 that the exchange generally doesn’t award compensation to its users “phished by fake versions of other companies in the space” but in this case, it would compensate users.
Bankman-Fried said that this was a “one-time thing” and FTX would “not do this going forward.”
“THIS IS NOT A PRECEDENT,” he wrote, clarifying it was only the accounts of FTX users that would be reimbursed.
14) But this once, we'll do it; roughly $6m total.
— SBF (@SBF_FTX) October 23, 2022
(To be clear, only for FTX accounts! Hopefully other exchanges will comp theirs.)
BUT AGAIN NOT A PRECEDENT, WE WILL NOT GOING FORWARD.
The recent phishing attack saw attackers gaining user account application programming interface (API) keys which allowed them to conduct unauthorized trades with their crypto exchange accounts.
The attack came to light on Oct. 21 after 3Commas said it was alerted that some of its users had unauthorized trading activity.
After an initial investigation, FTX and 3Commas then suspended the suspicious accounts to avoid further losses and disabled all compromised API keys.
Related: Mango Market exploiter brags after rug pulling Mango Inu 'shitcoin'
On Oct.19 Bankman-Fried published a blog post detailing his thoughts on crypto regulation that included a proposal he dubbed the “5-5 standard” where hackers keep either $5 million or 5% of the amount they’ve stolen, whatever is smaller.
In his most recent tweet thread, he thought it time to try his newly thought-up standard, imploring the hacker to send back 95%, around $5.7 million, of the stolen funds within 24 hours, saying “we’ll absolve them.”
October has been dubbed “hacktober” by the crypto community as Chainalysis revealed on Oct. 13 that October 2022 has been the “biggest month” ever for hacking activity, despite the report coming out not even halfway through the month.
At the time of the report around $3 billion had been exploited through over 125 separate incidents since the start of the month.
