KyberSwap hacker offers $4.6M bounty for return of $46M loot

November 24, 2023 Coin Telegraph

KyberSwap hacker offers .6M bounty for return of M loot

“On the table is a bounty equivalent to 10% of users’ funds taken from them by your hack,” said KyberSwap to its hacker in an on-chain message.

The decentralized exchange KyberSwap has offered a 10% bounty reward to the hacker who stole $46 million on Nov. 22 and left a note of negotiation. The exchange wants 90% of the loot returned by 6 am UTC on Nov. 25.

On Nov. 23, KyberSwap alerted users that its liquidity solution, KyberSwap Elastic, was compromised and advised them to withdraw funds. In the meantime, on Nov. 22, the hacker made away with roughly $20 million in Wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH) and $4 million in Arbitrum (ARB) tokens. The hacker then siphoned the loot across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon and Base.

*KyberSwap hacker shared his openness to negotiate a compromise. Source: etherscan.io*

After hiding the stolen funds, the hacker wrote an on-chain message directed to KyberSwap developers, employees, decentralized autonomous organization members and liquidity providers, stating, “Negotiations will start in a few hours when I am fully rested.”

*KyberSwap team responded to the hacker and offered a 10% bounty. Source: etherscan.io*

Following a day’s silence from both ends, KyberSwap responded to the hacker requesting the return of 90% of the stolen funds. The team acknowledged the skills of the hacker and laid down an offer:

“On the table is a bounty equivalent to 10% of users’ funds taken from them by your hack, for the safe return of all of the users’ funds. But we both know how this works, so lets cut to the chase so you and these users can all get on with life.”

If the hacker fails to pay back or respond to KyberSwap by 6 am UTC, Nov. 25, “you stay on the run,” said KyberSwap. The team is open to further discussion with the hacker via email.

A dissection of the recent KyberSwap hack by a decentralized finance (DeFi) expert suggests that the attacker used an “infinite money glitch” to drain funds.

Ambient exchange founder Doug Colkitt explained the KyberSwap attacker relied on a “complex and carefully engineered smart contract exploit” to carry out the attack.

1/ Finished a preliminary deep dive into the Kyber exploit, and think I now have a pretty good understanding of what happened.

This is easily the most complex and carefully engineered smart contract exploit I've ever seen...
— Doug Colkitt (@0xdoug) November 23, 2023

The attacker then repeated this exploit against other Kyberswap pools on multiple networks, eventually getting away with $46 million in crypto loot.

Magazine: This is your brain on crypto: Substance abuse grows among crypto traders

DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for $455K

July 10, 2023 Coin Telegraph

DeFi protocol Arcadia Finance hacked on Ethereum and Optimism for 5K

Coin Telegraph

A loophole in the code allowed the hacker to drain funds worth roughly $455,000 from Arcadia’s Ethereum and Optimism vaults.

A hacker drained approximately $455,000 from noncustodial decentralized finance (DeFi) protocol Arcadia Finance by exploiting a code vulnerability.

Blockchain investigator PeckShield alerted about the hack on Arcadia Finance, highlighting the cause as “the lack of untrusted input validation.” The code supposedly lacked a validation mechanism to cross-check unverified inputs. This loophole allowed the hacker to drain funds worth roughly $455,000 from Ethereum (darcWETH) and Optimism (darcUSDC) vaults.

*Arcadia Finance code required no validation of untrusted input. Source: PeckShield*

Arcadia Finance has not yet responded to Cointelegraph’s request for comment.

Arcadia Finance confirmed the hack two hours after PeckShield’s intimation and subsequently paused the contracts to prevent further bleeding of funds.

We are aware of a potential exploit in our protocol.
We have paused the contracts and are investigating the root-cause with security experts as we speak. More info will follow as it comes available.
— Arcadia Finance (@ArcadiaFi) July 10, 2023

While the investigations are underway, Arcadia’s code houses another vulnerability, which could prove catastrophic for the protocol if exploited. According to PeckShield:

“In addition, there is a lack of reentrancy protection, which allows for the instant liquidation to bypass the internal vault health check.”

Most of the stolen funds were from Optimism — approximately 180 Ether (ETH) — and have been washed via Tornado Cash. However, the stolen tokens on Ethereum — worth over $103,000 at the time of writing — remain parked at the suspected wallet address.

In the second quarter of 2023, hacks and exploits in the crypto space resulted in a cumulative loss of over $300 million.

A report by blockchain security company CertiK showed that a total of 212 security incidents were recorded in the quarter, resulting in a loss of $313,566,528 from Web3 protocols.

Compared with the previous year’s Q2 data, CertiK found that the crypto hacks declined by 58%. Out of the lot, the BNB Smart Chain recorded the most incidents, with 119 incidents leading to $70,711,385 in losses.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Should you ‘orange pill’ children? The case for Bitcoin kids books

Tornado Cash attacker to potentially give back governance control, proposal reveals

May 22, 2023 Coin Telegraph

Coin Telegraph

A few hours into the hack, to everyone’s surprise, the attacker surprisingly reached out to the Tornado Cash community with a new proposal to supposedly give back governance control.

An attacker who sparked community-wide panic by hijacking the Tornado Cash governance is now proposing to undo their hack — and while not everyone feels the hacker can be trusted, they apparently have little choice in the matter.

On May 21, the passage of a malicious proposal allowed the attacker to gain complete control over Tornado Cash’s governance. With total control over the governance of the decentralized crypto mixer, the attacker was in a position to inflict massive losses, considering they could withdraw all of the locked votes, drain all of the tokens in the governance contract and brick the router.

While the story unfolded, community member Tornadosaurus-Hex or Mr. Tornadosaurus Hex, took proactive steps to minimize the potential damages by publishing a subsequent proposal requesting all members to withdraw all funds locked in governance, as shown below.

*A Tornado Cash community member’s proposal for gaining control from the attacker. Source: Tornado Cash forums*

However, Mr. Tornadosaurus Hex (Hex) was uncertain about the effectiveness of the new proposal considering the attacker’s grip over the mixer’s governance. A few hours into the hack, to everyone’s surprise, the attacker surprisingly reached out to the Tornado Cash community with a new proposal, hinting at their intent to give back the governance control.

*The Tornado Cash attacker’s proposal. Source:* *Tornado Cash forums*

As shown above, Hex communicated the attacker’s plan to the community, stating that:

“The attacker posted a new proposal to restore the state of Governance. I think that there is a good chance he’s going to execute it.”

Hex further pointed out that while the community has no other option other than complying with the attacker’s chosen method of giving back the governance control, his due diligence with regard to verifying storage layouts checks out.

*Mr. Tornadosaurus Hex confirmed the slot matching.* *Source:* *Tornado Cash forums*

While many community members showed optimism toward the attacker’s supposed change of heart, others speculate it was a move to pump the TORN token’s price before cashing out.

On the bright side, the crypto ecosystem has witnessed a sharp decline in the overall hacks in the first quarter of 2023.

*Graph showing hacks and exploits from Q1 2022 - Q1 2023. Source: TRM Labs*

However, history suggests that crypto users shouldn’t get complacent as 2022 witnessed a spike in crypto hacks soon after recording a slow phase.

Magazine: ‘Moral responsibility’: Can blockchain really improve trust in AI?

Crypto phishing attacks up by 40% in one year: Kaspersky

April 15, 2023 Coin Telegraph

Coin Telegraph

Russian cybersecurity and anti-virus provider Kaspersky detected 5,040,520 crypto phishing attacks in the year as compared to 3,596,437 in 2021.

When it comes to cryptocurrency-related cyberattacks, bad actors have seemingly reduced the use of traditional financial threats such as banking PC and mobile malware, and instead have shifted their focus to phishing.

Russian cybersecurity and anti-virus provider Kaspersky revealed that cryptocurrency phishing attacks witnessed a 40% year-on-year increase in 2022. The company detected 5,040,520 crypto phishing attacks in the year as compared to 3,596,437 in 2021.

A typical phishing attack involves reaching out to investors via fake websites and communication channels that mimic the official companies. Users are then prompted to share personal information such as private keys, which ultimately provides attackers with unwarranted access to crypto wallets and assets.

While Kaspersky could not predict if the trend would increase in 2023, phishing attacks continue the momentum in 2023. Most recently, in March, hardware cryptocurrency wallet provider Trezor issued a warning against attempts to steal users’ crypto by tricking investors into entering their recovery phrase on a fake Trezor site.

In a survey conducted by Kaspersky in 2022, one out of seven respondents admitted to being affected by cryptocurrency phishing. While phishing attacks predominantly involve giveaway scams or fake wallet phishing pages, attackers continue to evolve their strategies.

According to Kaspersky, “crypto still remains a symbol of getting rich quick with minimal effort,” which attracts scammers to innovate their techniques and stories to lure in unwary crypto investors.

Arbitrum investors were recently exposed to a phishing link via its official Discord server. A hacker reportedly hacked into the Discord account of one of Arbitrum’s developers, which was then used to share a fake announcement with a phishing link.

#CertiKSkynetAlert

We are seeing reports that a phishing link has been posted in the @arbitrum Discord Server.

Do not click on any links until the team has confirmed they’ve regained control of the server.#Phishing #Discord

Stay vigilant! pic.twitter.com/XoqHmOXGeV
— CertiK Alert (@CertiKAlert) March 25, 2023

Cointelegraph accessed the phishing link to find that it redirects users to a blank website with the text “Astaghfirullah,” which translates to “I seek forgiveness in God.“ According to Wiktionary, the term can also be used to express disbelief or disapproval.

Magazine: Crypto audits and bug bounties are broken: Here’s how to fix them

Euler Labs hacker returns ‘all of the recoverable funds’ — Timeline

April 4, 2023 Coin Telegraph

Coin Telegraph

Twenty-three days after the hack, on April 4, Euler Finance announced the total possible recovery of the lost funds, thus ending the $1 million bounty.

After being robbed of $196 million in a flash loan attack, Euler Finance has convinced its hacker to return most of the funds. The outcome resulted from numerous back-and-forths over 23 days, eventually leading the hacker to do “the right thing.”

On March 13, the Euler Finance hacker carried out multiple transactions, each draining millions of dollars in various tokens, including Dai (DAI), USD Coin (USDC), staked Ether (StETH) and wrapped Bitcoin (WBTC).

*Funds stolen from Euler Finance. Source: BlockSec*

As a result, Euler’s total value locked inside its smart contracts has dropped from over $311 million to $10.37 million. Ultimately, 11 different decentralized finance (DeFi) protocols, including Balancer, Yearn.finance and Yield Protocol, either froze or lost funds.

At 10:00 UTC Balancer contributors became aware of an exploit on Euler. It was determined the best course of action was to pause and put into recovery mode bbeUSD (Euler Boosted USD) and all pools containing bbeUSD. This was executed by the emergency subDAO at 11:00 UTC.
— Balancer (@Balancer) March 13, 2023

The next day, on March 14, Euler took proactive measures to recover funds, disabling its vulnerable etoken module and donation function as the first course of action. In addition, it worked with auditing companies to analyze the root cause of the exploit.

One of our auditing partners, @Omniscia_sec, prepared a technical post-mortem and analysed the attack in great detail. You can read their report here:https://t.co/u4Z2xdutwe

In short, the attacker exploited vulnerable code which allowed it to create an unbacked token debt…
— Euler Labs (@eulerfinance) March 14, 2023

At the same time, Euler tried contacting the hackers to negotiate a bounty. On March 15, Euler gave the hacker an ultimatum to return 90% of the stolen funds, threatening to announce a $1 million reward for information that could lead to the hacker’s arrest. This deal would allow the hacker to get away with $19.6 million.

The hacker, on the other hand, started moving funds at will. One victim received 100 Ether (ETH) after convincing the hacker that his life savings were lost in the Euler hack. Over several days, the hacker returned the stolen funds , each varying in value.

Amid the chaos, Euler Labs CEO Michael Bentley revealed that ten separate audits over two years deemed the protocol “nothing higher than low risk” with “no outstanding issues.”

On March 21, Euler launched a $1 million bounty reward against the hacker after being ghosted mid-conversation while trying to strike a deal. Starting on March 25, the hacker started returning the stolen assets in large numbers on multiple occasions.

23 days after the hack, on April 4, Euler Finance announced the total possible recovery of the lost funds, thus ending the $1 million bounty. “Because the exploiter did the right thing and returned the funds, and the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information,” the protocol stated.

Because the exploiter did the right thing and returned the funds, and the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information.

Full details to follow tomorrow.
— Euler Labs (@eulerfinance) April 3, 2023

In the final transactions, the hacker sent 12 million DAI and 10,580 ETH in multiple transactions. The crypto community applauded Euler Finance’s effort to recover funds and restore investors’ confidence.

Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently launched a hash oracle aggregator to improve the security of bridges by requiring more than one bridge to validate a withdrawal.

As Cointelegraph reported, over $2 billion was stolen from bridges in 2021 and 2022, mainly due to bugs and wallet attacks.

Magazine: Huawei NFTs, Toyota’s hackathon, North Korea vs. Blockchain: Asia Express

Jake Paul-endorsed SafeMoon gets hacked after introducing a bug in upgrade

March 29, 2023 Coin Telegraph

Coin Telegraph

A public burn() function introduced in the latest upgrade allegedly allows users to burn tokens from other addresses.

SafeMoon, a project previously endorsed by A-list celebrities and social influencers such as Jake Paul and Soulja Boy, announced its liquidity pool (LP) was compromised. Without revealing further details about the attack, SafeMoon confirmed undertaking steps “to resolve the issue as soon as possible.”

Just like many other crypto projects in 2021, SafeMoon was backed by numerous celebrities. However, a lawsuit from Feb. 2022 alleged that musicians such as Nick Carter, Soulja Boy, Lil Yachty and YouTubers Jake Paul and Ben Phillips mimicked real-life Ponzi schemes by misleading investors to purchase SafeMoon (SFM) tokens under the pretext of unrealistic profits.

*Jake Paul promoting SafeMoon token in 2021. Source: Twitter*

Investigating the SafeMoon hack shows that the attacker made away with approximately 27,000 BNB (BNB), worth $8.9 million. SafeMoon has not yet responded to Cointelegraph’s request for comment. Moreover, users have been barred from posting comments on the announcement that revealed the LP compromise.

To the @SAFEMOON community: We want to inform you that our LP has been compromised.

We are taking swift action in an attempt to resolve the issue as soon as possible. Follow here for updates.

Thank you for your support as we work to address this situation.
— SafeMoon (@safemoon) March 28, 2023

Blockchain investigator Peckshield narrowed the problem to a recent software upgrade as a potential culprit that introduced the bug. A public burn() function introduced in the latest upgrade allegedly allows users to burn tokens from other addresses.

As explained by community member DeFi Mark, the attacker used the vulnerability to remove SFM tokens, causing an artificial spike in the token’s price. The attacker took advantage of the situation and sold off the tokens at an inflated price.

*SafeMoon exploit overview. Source: Peckshield*

The attacker, on the other hand, left a note along with the transaction, as shown above, stating:

“Hey relax, we are accidently frontrun an attack against you, we would like to return the fund, setup secure communication channel , lets talk.”

Until SafeMoon officially announces a resolution, investors are advised against investing in the project to avoid possible loss of funds.

Following a recent security incident related to illicit access to hot wallets, Bitcoin (BTC) ATM manufacturer General Bytes plans to reimburse customers that lost funds.

On March 17-18th, 2023, GENERAL BYTES experienced a security incident.

We released a statement urging customers to take immediate action to protect their personal information.

We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR…
— GENERAL BYTES (@generalbytes) March 18, 2023

As Cointelegraph reported, the hack caused a loss of 56 BTC and 21.82 Ether (ETH), cumulatively worth nearly $1.9 million.

Magazine: Huawei NFTs, Toyota’s hackathon, North Korea vs. Blockchain: Asia Express

Euler Finance hacker sends 100 ETH to red-flagged North Korean address

March 19, 2023 Coin Telegraph

Coin Telegraph

While Chainalysis suspected the involvement of North Korea in the Euler Finance hack, they highlighted the possibility of misdirection by other hackers.

Ever since Euler Finance fell victim to the biggest decentralized finance (DeFi) hack of 2023, the crypto community closely follows the $197 million loot on-chain — hoping to track down the attacker. Out of the series of transfers made by the hacker, one transaction of 100 Ether (ETH) was allegedly sent to an address associated with North Korea-linked actors.

Blockchain investigator Chainalysis identified 100 ETH from Euler’s stolen funds was transferred to an address that was flagged in an older hack with links to North Korea.

100 ETH stolen in Monday's #Euler Finance hack have moved to an address associated with a previous hack carried out by #NorthKorea-linked actors. This may mean the Euler hack is the work of #DPRK too, or could be misdirection by other hackers. We'll share more details as possible https://t.co/DxvGsc90Z8 pic.twitter.com/5QPphNTyYY
— Chainalysis (@chainalysis) March 17, 2023

Concurrently, the hacker also transferred 3,000 ETH to Euler’s deployer account without disclosing their intent. However, no other transfers were made thereafter at the time of writing. In both cases, it was unclear whether the hacker was trolling or if they genuinely considered accepting Euler Finance’s bounty reward of $20 million.

While Chainalysis suspected the involvement of North Korea in the Euler Finance hack, they highlighted the possibility of misdirection by other hackers.

Euler Labs CEO Michael Bentley shared his displeasure with the $197 million hack as he revealed that ten separate audits conducted over two years assured its security.

Euler has always been a security-minded project. The Euler smart contracts, including the vulnerable lines of code, were audited.https://t.co/SvNeoKEGuY
— Michael Bentley (@euler_mab) March 16, 2023

As Cointelegraph previously reported, blockchain security firms, including Halborn, Solidified, ZK Labs, Certora, Sherlock and Omnisica, conducted smart contract audits on Euler Finance from May 2021 to September 2022.

Crypto investors under attack by two new malware, reveals Cisco Talos

February 18, 2023 Coin Telegraph

Coin Telegraph

Since Dec. 2022, the two malicious files — MortalKombat ransomware and Laplas Clipper malware threats — have been actively scouting the Internet for stealing cryptocurrencies from unwary investors.

Anti-malware software Malwarebytes highlighted two new forms of malicious computer programs propagated by unknown sources that are actively targeting crypto investors in a desktop environment.

Since December 2022, the two malicious files in question — MortalKombat ransomware and Laplas Clipper malware threats — have been actively scouting the Internet for stealing cryptocurrencies from unwary investors, revealed the threat intelligence research team, Cisco Talos. The victims of this campaign are predominantly located in the United States, with a smaller percentage of victims in the United Kingdom, Turkey, and the Philippines, as shown below.

*Victimology of the malicious campaign. Source: Cisco Talos*

The malicious software work in partnership to swoop information stored in the user’s clipboard, which is usually a string of letters and numbers copied by the user. The infection then detects wallet addresses copied onto the clipboard and replaces them with a different address.

The attack relies on the user’s inattentiveness to the sender’s wallet address, which would send over the cryptocurrencies to the unidentified attacker. With no obvious target, the attack spans individuals and small and large organizations.

*Ransom notes shared by MortalKombat ransomware. Source: Cisco Talos*

Once infected, the MortalKombat ransomware encrypts the user’s files and drops a ransom note with payment instructions, as shown above. Revealing the download links (URLs) associated with the attack campaign, Talos’ report stated:

“One of them reaches an attacker-controlled server via IP address 193[.]169[.]255[.]78, based in Poland, to download the MortalKombat ransomware. According to Talos’ analysis, 193[.]169[.]255[.]78 is running an RDP crawler, scanning the internet for exposed RDP port 3389.”

As explained by Malwarebytes, the “tag-team campaign” starts with a cryptocurrency-themed email containing a malicious attachment. The attachment runs a BAT file that helps download and execute the ransomware when opened.

Thanks to the early detection of malicious software with high potential, investors can proactively prevent this attack from impacting their financial well-being. As always, Cointelegraph advises investors to perform extensive due diligence before making investments while ensuring the official source of communications. Check out this Cointelegraph Magazine article to learn how to keep crypto assets safe.

On the flip side, as ransomware victims continue to refuse extortion demands, ransomware revenues for attackers plummeted 40% to $456.8 million in 2022.

*Total value extorted by ransomware attackers between 2017 and 2022. Source:* *Chainalysis*

While revealing the information, Chainalysis noted that the figures don’t necessarily mean the number of attacks is down from the previous year.

DeFi flash loan hacker liquidates Defrost Finance users causing $12M loss

December 25, 2022 Coin Telegraph

DeFi flash loan hacker liquidates Defrost Finance users causing M loss

Avalanche

Moments after a few users complained about the unusual loss of funds, Defrost Finance’s core team member Doran confirmed that Defrost V2 was hit with a flash loan attack.

Defrost Finance, a decentralized leveraged trading platform on Avalanche blockchain, announced that both of its versions — Defrost V1 and Defrost V2 — are being investigated for a hack. The announcement came after investors reported losing their staked Defrost Finance (MELT) and Avalanche (AVAX) tokens from the MetaMask wallets.

Moments after a few users complained about the unusual loss of funds, Defrost Finance’s core team member Doran confirmed that Defrost V2 was hit with a flash loan attack. At the time, the platform believed that Defrost V1 was not impacted by the hack and decided to close down V2 for further investigation.

*Core team member Doran confirming attack on Defrost Finance. Source: Telegram*

At the time, the platform believed Defrost V1 was not impacted by the hack and decided to close down V2 for further investigation.

Defrost Finance is sad to announce that our V2 has suffered a hack, with an attacker using a flash loan function to withdraw funds.

The V1 is not affected. We will soon close the V2 UI and investigate further with our tech team.

Updates will be posted on our official channels.
— Defrost Finance (@Defrost_Finance) December 24, 2022

Blockchain investigator PeckShield found that the hacker manipulated the share price of LSWUSDC, leading to a gain of roughly $173,000 for the hacker. Upon further analysis, PeckShield’s investigation revealed:

“Our analysis shows a fake collateral token is added and a malicious price oracle is used to liquidate current users. The loss is estimated to be >$12M.”

While the company proactively announced the hack, the community suspects a rug-pull situation at play.

Defrost V1 was initially announced unaffected by the hack as the first version of Defrost lacked a flash loan function.

*Core team member Doran confirming attack both Defrost Finance versions. Source: Telegram*

However, the platform later acknowledged an emergency for V1 as well, stating:

“Our team is currently investigating. We kindly ask the community to wait for updates and refrain from using either the V1 or V2 for the moment.”

Until further notice, investors are advised to stop using Defrost Finance. An internal team is currently investigating the situation and will reach out to users through official channels.

Defrost Finance has not yet responded to Cointelegraph’s request for comment.

In 2022, North Korean hackers stole crypto worth more than 800 billion Korean won ($620 million) from decentralized finance (DeFi) platforms alone.

A spokesperson from South Korea’s National Intelligence Service (NIS) revealed that all North Korean hacks were done through overseas DeFi exploits. However, with Know Your Customer (KYC) initiatives in place, the total number of North Korean hacks saw a significant reduction.

Hacker drains $1.08M from Audius following passing of malicious proposal

July 24, 2022 Coin Telegraph

Hacker drains .08M from Audius following passing of malicious proposal

Coin Telegraph

A malicious proposal (Proposal #85) requesting the transfer of 18 million Audius’ in-house AUDIO tokens worth nearly $6 million was approved by community voting.

Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Auduis, the passing of a malicious governance proposal resulted in the transfer of tokens worth $5.9 million, with the hacker making away with $1 million.

On July 24, a malicious proposal (Proposal #85) requesting the transfer of 18 million Audius’ in-house AUDIO tokens was approved by community voting. First pointed out on Crypto Twitter by @spreekaway, the attacker created the malicious proposal wherein they were “able to call initialize() and set himself as the sole guardian of the governance contract.”

Hello everyone - our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more.

If you'd like to help our response team, please reach out.
— Audius (@AudiusProject) July 24, 2022

Further investigation from Auduis confirmed the unauthorized transfer of AUDIO tokens from the company’s treasury. Following the revelation, Auduis proactively halted all Audius smart contracts and AUDIO tokens on the Ethereum blockchain.

Blockchain investigator Peckshield narrowed down the fault to Audius’ storage layout inconsistencies.

The issue of @AudiusProject lies in inconsistent storage layout between its proxy and impl. In particular, the collision of Audius Community Treasury contract results in an equivalence of disabling the initializer modifier. The proxyAdmin addr (0x..abac) plays a role here. pic.twitter.com/x4CqRncahp
— PeckShield Inc. (@peckshield) July 24, 2022

While the hacker’s governance proposal drained out 18 million tokens worth nearly $6 million from the treasury, it was soon dumped and sold for $1.08 million. While the dumping resulted in maximum slippage, investors recommended an immediate buyback to prevent existing investors from dumping and further lowering the token’s floor price.

Investors are yet to get clarity on the stolen funds as one investor asked, “They hacked the community fund right? The team's fund is separate correct?”

While a post-mortem report is underway, Audius has not yet responded to Cointelegraph’s request for comment.

Bored Ape Yacht Club (BAYC) creator Yuga Labs issued its second warning about an expected “coordinated attack” on its social media accounts.

Our security team has been tracking a persistent threat group that targets the NFT community. We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe.
— Yuga Labs (@yugalabs) July 18, 2022

In June, Gordon Goner, pseudonymous co-founder of Yuga Labs, issued the first warning of a possible incoming attack on its Twitter social media accounts. Soon after the warning, Twitter officials actively monitored the accounts and fortified their existing security.

EXP Attack