1. Home
  2. DeFi hack

DeFi hack

Radiant Capital says North Korea posed as ex-contractor to carry out $50M hack

A North Korean threat actor was behind the $50 million attack on Radiant Capital in October and spoofed being an ex-contractor, the DeFi platform said.

Radiant Capital has said a $50 million hack on its decentralized finance (DeFi) platform in October was carried out through malware sent via Telegram from a North Korea-aligned hacker posing as an ex-contractor.

Radiant said in a Dec. 6 update of the ongoing investigation that its contracted cybersecurity firm Mandiant has assessed “with high-confidence that this attack is attributable to a Democratic People’s Republic of Korea (DPRK)-nexus threat actor.”

The platform said a Radiant developer received a Telegram message with a zip file from a “trusted former contractor” on Sept. 11 asking for feedback on a new endeavor they were planning.

Read more

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

DeFi platform Delta Prime suffers $6M breach

The ongoing hack has already netted the attackers over $6 million worth of stablecoins, which have been swapped to ETH by the attacker.

Delta Prime was hacked for at least $6 million worth of digital currency, in the latest crypto-related cybersecurity incident.

The decentralized finance (DeFi) platform first suffered a loss of approximately $4.5 million, onchain security platform Cyvers, who wrote in a Sept. 16 X post:

Delta Prime hack. Source: Cyvers

Read more

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

Middle East-Focused Crypto Exchange, Rain, ‘Likely Exploited’ for $14.8 Million, Says Zachxbt

Middle East-Focused Crypto Exchange, Rain, ‘Likely Exploited’ for .8 Million, Says ZachxbtThe cryptocurrency exchange Rain, which focuses on the Middle East, was likely exploited for $14.8 million on April 29, according to online crypto investigator Zachxbt. Zachxbt says he traced the stolen funds to a bitcoin address with 137.9 bitcoins and an ethereum address holding 1,881 ether. Crypto Exchange Yet to Confirm Attack According to online […]

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

Playdapp Breach: Hacker Mints Tokens Worth $31 Million, Gaming Platform Offers Reward for Silence

Playdapp Breach: Hacker Mints Tokens Worth  Million, Gaming Platform Offers Reward for SilencePlaydapp, a Web3 gaming platform, recently confirmed that it was a victim of a hacking incident which saw criminals mint tokens worth approximately $31 million. Playdapp said it has offered to reward the hackers if they agree to return the stolen assets and contracts. Crypto Exchanges Urged to Block Compromised PLA Tokens Playdapp, a Web3 […]

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

JPEG’d confirms return of 5,495 ETH from Curve hacker

The hacker drained a number of pools on Curve Finance, stealing roughly $70 million, but has gradually started returning funds to various projects.

Nonfungible token finance (NFT-Fi) protocol JPEG’d has confirmed that 5,495 Ether (ETH), worth roughly $10 million at current prices, has been returned by the Curve Finance hacker.

In exchange for returning the funds that were stolen on July 30, the hacker received a 610.6 ETH ($1.1 million) bounty.

JPEG'd is a decentralized lending protocol that enables users to borrow funds against their collateralized NFTs. As part of the major hack on Curve Finance, the protocol lost $11.6 million worth of crypto.

In an Aug. 4, X (Twitter) thread, the team stated that the funds have been returned to the JPEG’d decentralized autonomous organization multisig wallet address.

“Any further investigations or legal matters against the entity will end. We view this occurrence as a white-hat rescue,” the JPEG’d team stated.

The decentralized finance (DeFi) ecosystem copped a significant hit in late July, after several liquidity pools on Curve Finance were drained.

The hacker managed to exploit a security vulnerability in the Vyper smart contract programming language that these particular pools were coded with, and the total losses were estimated to be around $70 million worth of crypto.

The exploit impacted projects such as decentralized exchange Ellipsis, lending platform Alchemix, JPEG’d and synthetic protocol Metronome, which all saw millions of dollars worth of assets stolen from liquidity pools, while Curve Finance also lost around $22 million worth of Curve DAO (CRV) tokens.

Related: CRV exposure risk throws a curveball at the DeFi ecosystem: Finance Redefined

On Aug. 3, Curve, Metronome and Alchemix jointly announced an initiative to retrieve the stolen funds, offering the hacker a 10% bounty and no legal action if they returned the other 90% of the funds.

In less than 24 hours, the hacker seemingly agreed to the deal, and has gradually started returning the stolen funds to the various projects.

Apart from JPEG’d, they have so far returned 4,820.55 Alchemix ETH (alETH), worth roughly $8.8 million to the Alchemix Finance team, and 1 ETH ($1,829) to the Curve Finance team.

Magazine: Deposit risk: What do crypto exchanges really do with your money?

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

Sushiswap Smart Contract Bug Results in Over $3M in Losses; Head Chef Says Hundreds of ETH Recovered

Sushiswap Smart Contract Bug Results in Over M in Losses; Head Chef Says Hundreds of ETH RecoveredAccording to several reports, a bug introduced to the decentralized exchange (dex) protocol Sushiswap’s smart contract has resulted in more than $3 million in losses. The blockchain and smart contract security firm Peckshield explained the exploited contract was “deployed in multiple blockchains.” Dex Platform Sushiswap Suffers From Smart Contract Exploit Over the weekend, the dex […]

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

Jump Crypto & Oasis.app counter exploits Wormhole hacker for $225M

The counter exploit came after the High Court of England and Wales ordered Oasis.app to work with Jump Crypto to retrieve the stolen funds.

Web3 infrastructure firm Jump Crypto and decentralized finance (DeFi) platform Oasis.app have conducted a “counter exploit” on the Wormhole protocol hacker, with the duo managing to claw back $225 million worth of digital assets and transfer them to a safe wallet.

The Wormhole attack occurred in February 2022 and saw roughly $321 million worth of Wrapped ETH (wETH) siphoned via a vulnerability in the protocol’s token bridge.

The hacker has since shifted around the stolen funds through various Ethereum-based decentralized applications (dApps), and via Oasis, they recently opened up a Wrapped Staked ETH (wstETH) vault on Jan. 23, and a Rocket Pool ETH (rETH) vault on Feb. 11.

In a Feb. 24 blog post, the Oasis.app team confirmed that a counter exploit had taken place, outlining that it had “received an order from the High Court of England and Wales” to retrieve certain assets that related to the “address associated with the Wormhole Exploit.”

The team stated that the retrieval was initiated via “the Oasis Multisig and a court-authorized third party,” which was identified as being Jump Crypto in a preceding report from Blockworks Research.

Transaction history of both vaults indicates that 120,695 wsETH and 3,213 rETH were moved by Oasis on Feb. 21 and placed in wallets under Jump Crypto’s control. The hacker also had around $78 million worth of debt in MakerDao’s DAI stablecoin that was retrieved.

“We can also confirm the assets were immediately passed onto a wallet controlled by the authorized third party, as required by the court order. We retain no control or access to these assets,” the blog post reads.

@spreekaway tweet on the counter exploit: Twitter

Referencing the negative implications of Oasis being able to retrieve crypto assets from its user vaults, the team emphasized that it was “only possible due to a previously unknown vulnerability in the design of the admin multisig access.”

Related: DeFi security: How trustless bridges can help protect users

The post stated that such a vulnerability was highlighted by white hat hackers earlier this month.

“We stress that this access was there with the sole intention to protect user assets in the event of any potential attack, and would have allowed us to move quickly to patch any vulnerability disclosed to us. It should be noted that at no point, in the past or present, have user assets been at risk of being accessed by any unauthorized party.”

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm

The industry is likely to see “further attempts from hackers targeting bridges in 2023," while users are urged to be warier of their private keys.

The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.

The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:

“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”

Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.

Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”

Protect your keys

On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.

The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.

Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:

“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”

The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.

Related: Revoke your smart contract approvals ASAP, warns crypto investor

Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.

The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

Polygon-Based Decentralized Exchange Quickswap Loses $220K in Flash Loan Exploit

Polygon-Based Decentralized Exchange Quickswap Loses 0K in Flash Loan ExploitOn Monday, the Polygon-based decentralized exchange (dex) Quickswap lost $220K in a flash loan exploit and following the attack, the team detailed the Quickswap Lend platform will be terminated. Quickswap Hacked for $220K, Dex Project Sunsets Lending Platform 2022 has been quite the year for decentralized finance (defi) hacks as billions have been stolen due […]

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols

Wintermute inside job theory ‘not convincing enough’ —BlockSec

The theory is “not convincing enough to accuse the Wintermute project,” wrote BlockSec, as it highlighted that Wintermute’s actions during the hack made sense given the circumstances.

Blockchain security firm BlockSec has debunked a conspiracy theory alleging the $160 million Wintermute hack was an inside job, noting that the evidence used for allegations is “not convincing enough."

Earlier this week cyber sleuth James Edwards published a report alleging that the Wintermute smart contract exploit was likely conducted by someone with inside knowledge of the firm, questioning activity relating to the compromised smart contract and two stablecoin transactions in particular.

BlockSec has since gone over the claims in a Wednesday post on Medium, suggesting that the “accusation of the Wintermute project is not as solid as the author claimed,” adding in a Tweet:

“Our analysis shows that the report is not convincing enough to accuse the Wintermute project.

In Edward’s original post, he essentially drew attention as to how the hacker was able to enact so much carnage on the exploited Wintermute smart contract that “supposedly had admin access,” despite showing no evidence of having admin capabilities during his analysis.

BlockSec however promptly debunked the claims, as it outlined that “the report just looked up the current state of the account in the mapping variable _setCommonAdmin, however, it is not reasonable because the project may take actions to revoke the admin privilege after knowing the attack.”

It pointed to Etherscan transaction details which showed that Wintermute had removed admin privileges once it became aware of the hack.

BlockSec report: Medium

Edwards also questioned the reasons why Wintermute had $13 million worth of Tether (USDT) transferred from two or their accounts on two different exchanges to their smart contract just two minutes after it was compromised, suggesting it was foul play.

Related: Tribe DAO votes in favor of repaying victims of $80M Rari hack

Addressing this, BlockSec argued that this is not as suspicious as it appears, as the hacker could have been monitoring Wintermute transferring transactions, possibly via bots, to swoop in there.

“However, it is not as plausible as it claimed. The attacker could monitor the activity of the transferring transactions to achieve the goal. It is not quite weird from a technical point of view. For example, there exist some on-chain MEV-bots which continuously monitor the transactions to make profits.”

As previously stated in Cointelegraph’s first article on the matter, Wintermute has strongly refuted Edwards claims, and has asserted that his methodology is full of inaccuracies.

Angel Investor: Multichain a Stopgap, Future Lies in Advanced Protocols