The ongoing hack has already netted the attackers over $6 million worth of stablecoins, which have been swapped to ETH by the attacker.
Delta Prime was hacked for at least $6 million worth of digital currency, in the latest crypto-related cybersecurity incident.
The decentralized finance (DeFi) platform first suffered a loss of approximately $4.5 million, onchain security platform Cyvers, who wrote in a Sept. 16 X post:
Delta Prime hack. Source: Cyvers
The cryptocurrency exchange Rain, which focuses on the Middle East, was likely exploited for $14.8 million on April 29, according to online crypto investigator Zachxbt. Zachxbt says he traced the stolen funds to a bitcoin address with 137.9 bitcoins and an ethereum address holding 1,881 ether. Crypto Exchange Yet to Confirm Attack According to online […]
Playdapp, a Web3 gaming platform, recently confirmed that it was a victim of a hacking incident which saw criminals mint tokens worth approximately $31 million. Playdapp said it has offered to reward the hackers if they agree to return the stolen assets and contracts. Crypto Exchanges Urged to Block Compromised PLA Tokens Playdapp, a Web3 […]
The hacker drained a number of pools on Curve Finance, stealing roughly $70 million, but has gradually started returning funds to various projects.
Nonfungible token finance (NFT-Fi) protocol JPEG’d has confirmed that 5,495 Ether (ETH), worth roughly $10 million at current prices, has been returned by the Curve Finance hacker.
In exchange for returning the funds that were stolen on July 30, the hacker received a 610.6 ETH ($1.1 million) bounty.
JPEG’d exploit update:
— ZachXBT (@zachxbt) August 4, 2023
Seems 5495 ETH was returned just now for a 10% whitehat bounty.
0x003b00378ac52c10200d8fcac0e42138a34e46b9d7c3350ad3372ae0eb141df3
Michael Razum is not the exploiter but was linked on-chain bc a few of his contracts were drained by this person. pic.twitter.com/mc3GGx2gyd
JPEG'd is a decentralized lending protocol that enables users to borrow funds against their collateralized NFTs. As part of the major hack on Curve Finance, the protocol lost $11.6 million worth of crypto.
In an Aug. 4, X (Twitter) thread, the team stated that the funds have been returned to the JPEG’d decentralized autonomous organization multisig wallet address.
“Any further investigations or legal matters against the entity will end. We view this occurrence as a white-hat rescue,” the JPEG’d team stated.
The JPEG'd DAO confirms receipt of 5,494.4 WETH back to the JPEG'd Multisig for a total of 5,495.4 WETH. A 10% white-hat bounty of 610.6 WETH was awarded to the owner of the address that recovered funds from the pETH exploit.https://t.co/nIBwHHxfQU
— JPEG'd (@JPEGd_69) August 4, 2023
The decentralized finance (DeFi) ecosystem copped a significant hit in late July, after several liquidity pools on Curve Finance were drained.
The hacker managed to exploit a security vulnerability in the Vyper smart contract programming language that these particular pools were coded with, and the total losses were estimated to be around $70 million worth of crypto.
The exploit impacted projects such as decentralized exchange Ellipsis, lending platform Alchemix, JPEG’d and synthetic protocol Metronome, which all saw millions of dollars worth of assets stolen from liquidity pools, while Curve Finance also lost around $22 million worth of Curve DAO (CRV) tokens.
Related: CRV exposure risk throws a curveball at the DeFi ecosystem: Finance Redefined
On Aug. 3, Curve, Metronome and Alchemix jointly announced an initiative to retrieve the stolen funds, offering the hacker a 10% bounty and no legal action if they returned the other 90% of the funds.
In less than 24 hours, the hacker seemingly agreed to the deal, and has gradually started returning the stolen funds to the various projects.
Apart from JPEG’d, they have so far returned 4,820.55 Alchemix ETH (alETH), worth roughly $8.8 million to the Alchemix Finance team, and 1 ETH ($1,829) to the Curve Finance team.
Magazine: Deposit risk: What do crypto exchanges really do with your money?
According to several reports, a bug introduced to the decentralized exchange (dex) protocol Sushiswap’s smart contract has resulted in more than $3 million in losses. The blockchain and smart contract security firm Peckshield explained the exploited contract was “deployed in multiple blockchains.” Dex Platform Sushiswap Suffers From Smart Contract Exploit Over the weekend, the dex […]
The counter exploit came after the High Court of England and Wales ordered Oasis.app to work with Jump Crypto to retrieve the stolen funds.
Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have conducted a “counter exploit” on the Wormhole protocol hacker, with the duo managing to claw back $225 million worth of digital assets and transfer them to a safe wallet.
The Wormhole attack occurred in February 2022 and saw roughly $321 million worth of Wrapped ETH (wETH) siphoned via a vulnerability in the protocol’s token bridge.
The hacker has since shifted around the stolen funds through various Ethereum-based decentralized applications (dApps), and via Oasis, they recently opened up a Wrapped Staked ETH (wstETH) vault on Jan. 23, and a Rocket Pool ETH (rETH) vault on Feb. 11.
In a Feb. 24 blog post, the Oasis.app team confirmed that a counter exploit had taken place, outlining that it had “received an order from the High Court of England and Wales” to retrieve certain assets that related to the “address associated with the Wormhole Exploit.”
The team stated that the retrieval was initiated via “the Oasis Multisig and a court-authorized third party,” which was identified as being Jump Crypto in a preceding report from Blockworks Research.
Transaction history of both vaults indicates that 120,695 wsETH and 3,213 rETH were moved by Oasis on Feb. 21 and placed in wallets under Jump Crypto’s control. The hacker also had around $78 million worth of debt in MakerDao’s DAI stablecoin that was retrieved.
“We can also confirm the assets were immediately passed onto a wallet controlled by the authorized third party, as required by the court order. We retain no control or access to these assets,” the blog post reads.
Referencing the negative implications of Oasis being able to retrieve crypto assets from its user vaults, the team emphasized that it was “only possible due to a previously unknown vulnerability in the design of the admin multisig access.”
Related: DeFi security: How trustless bridges can help protect users
The post stated that such a vulnerability was highlighted by white hat hackers earlier this month.
“We stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party.”
— foobar (@0xfoobar) February 24, 2023
The industry is likely to see “further attempts from hackers targeting bridges in 2023," while users are urged to be warier of their private keys.
The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.
The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:
“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”
Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.
Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”
On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.
The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.
Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:
“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”
The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.
Related: Revoke your smart contract approvals ASAP, warns crypto investor
Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.
The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.
On Monday, the Polygon-based decentralized exchange (dex) Quickswap lost $220K in a flash loan exploit and following the attack, the team detailed the Quickswap Lend platform will be terminated. Quickswap Hacked for $220K, Dex Project Sunsets Lending Platform 2022 has been quite the year for decentralized finance (defi) hacks as billions have been stolen due […]
The theory is “not convincing enough to accuse the Wintermute project,” wrote BlockSec, as it highlighted that Wintermute’s actions during the hack made sense given the circumstances.
Blockchain security firm BlockSec has debunked a conspiracy theory alleging the $160 million Wintermute hack was an inside job, noting that the evidence used for allegations is “not convincing enough."
Earlier this week cyber sleuth James Edwards published a report alleging that the Wintermute smart contract exploit was likely conducted by someone with inside knowledge of the firm, questioning activity relating to the compromised smart contract and two stablecoin transactions in particular.
BlockSec has since gone over the claims in a Wednesday post on Medium, suggesting that the “accusation of the Wintermute project is not as solid as the author claimed,” adding in a Tweet:
“Our analysis shows that the report is not convincing enough to accuse the Wintermute project.
In Edward’s original post, he essentially drew attention as to how the hacker was able to enact so much carnage on the exploited Wintermute smart contract that “supposedly had admin access,” despite showing no evidence of having admin capabilities during his analysis.
BlockSec however promptly debunked the claims, as it outlined that “the report just looked up the current state of the account in the mapping variable _setCommonAdmin, however, it is not reasonable because the project may take actions to revoke the admin privilege after knowing the attack.”
Our short analysis of the Accusation of the Wintermute Project: https://t.co/6Lw6FjUrLp@wintermute_t @evgenygaevoy @librehash @WuBlockchain @bantg
— BlockSec (@BlockSecTeam) September 27, 2022
Our analysis shows that the report is not convincing enough to accuse the Wintermute project.
It pointed to Etherscan transaction details which showed that Wintermute had removed admin privileges once it became aware of the hack.
Edwards also questioned the reasons why Wintermute had $13 million worth of Tether (USDT) transferred from two or their accounts on two different exchanges to their smart contract just two minutes after it was compromised, suggesting it was foul play.
Related: Tribe DAO votes in favor of repaying victims of $80M Rari hack
Addressing this, BlockSec argued that this is not as suspicious as it appears, as the hacker could have been monitoring Wintermute transferring transactions, possibly via bots, to swoop in there.
“However, it is not as plausible as it claimed. The attacker could monitor the activity of the transferring transactions to achieve the goal. It is not quite weird from a technical point of view. For example, there exist some on-chain MEV-bots which continuously monitor the transactions to make profits.”
As previously stated in Cointelegraph’s first article on the matter, Wintermute has strongly refuted Edwards claims, and has asserted that his methodology is full of inaccuracies.
Reports indicate that the decentralized finance (defi) protocol Curve was hacked for $570,000 in ethereum after people noticed that Curve’s front end was exploited. The attackers then tried to launder the funds via the crypto exchange Fixedfloat, and the trading platform’s team managed to freeze $200K worth of the stolen funds. Curve Finance Exploited for […]