Crema Finance shuts liquidity protocol on Solana amid hack investigation

July 3, 2022 Coin Telegraph

While awaiting Crema Finance’s report on the situation, the Crypto Twitter community took it to themselves to track down the hacker’s wallet and better understand the problem.

Crema Finance, a concentrated liquidity protocol over the Solana blockchain, announced the temporary suspension of its services owing to a successful exploit that has drained a substantial but undisclosed amount of funds.

Soon after realizing the hack on its protocol, Crema Finance suspended the liquidity services to refrain the hacker from draining out its liquidity reserves — which include the funds of the service provider and investors.

Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP.
— CremaFinance (@Crema_Finance) July 3, 2022

While the company is yet to provide an update based on an investigation that was ongoing at the time of writing, the Crypto Twitter community took it to themselves to track down the hacker’s wallet and gain a better understanding of the situation.

Based on a personal investigation, crypto community member @HarveyMackinto2 allegedly spotted the hacker’s wallet address. The address in question holds 69,422.89 Solana (SOL) tokens — roughly over $2.3 million, procured through a series of transactions over several hours.

Other members of the crypto community, however, suspect the hacker made away with 90% of the total liquidity from some of Crema Finance’s pools. Henry Du, the co-founder of Crema Finance, too, confirmed that all the functions of the protocol have been suspended indefinitely and asked investors to stay tuned for further information in the form of an update.

Readers must note that Crema Finance is not related to Cream Finance, a decentralized finance DeFi lending protocol, that also lost $19 million in a flash loan hack last year. Crema Finance has not yet responded to Cointelegraph’s request for comment.

North Korean hacking syndicate — the Lazarus Group — has become the primary suspect of a recent attack that made away $100 million from the Harmony protocol.

Investigations from blockchain analysis firm Elliptic claimed the involvement of North Korea based on the laundering methods of the stolen funds:

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds.”

Ethereum liquidity provider XCarnival negotiates return of 50% stolen ETH

June 27, 2022 Coin Telegraph

Coin Telegraph

According to blockchain investigator Packshield, the hacker used a previously withdrawn pledged NFT from the Bored Ape Yacht Club (BAYC) collection as collateral to drain the assets.

XCarnival, a liquidity provider for the Ethereum ecosystem, recovered 1,467 Ether (ETH) just a day after suffering an exploit that drained 3,087 ETH, worth roughly $3.8 million, from the protocol.

Blockchain investigator Peckshield noticed the XCarnival hack as it came across a stream of transactions that eventually bled 3,087 ETH from the protocol. Explaining the nature of the exploit, Peckshield stated:

“The hack is made possible by allowing a withdrawn pledged NFT to be still used as the collateral, which is then exploited by the hacker to drain assets from the pool.”

Soon after the revelation, XCarnival proactively informed the users about the hack while temporarily suspending a part of its services to counter the annoying attack. The protocol also offered the hacker 1,500 ETH as a bounty in addition to offering exemption from legal proceedings.

XCarnival was attacked on June 26, 2022 and suspended part of the protocol. XCarnival officials will give 0xb7CBB4d43F1e08327A90B32A8417688C9D0B800a owner 1500 ETH bounty.
At the same time, XCarnival officals explicitly exempt the person from legal action.

By XCarnival team
— XCarnival (@XCarnival_Lab) June 27, 2022

Eventually, XCarnival suspended the smart contracts and deposit and borrowing features until it could identify and rectify the internal bug that made the hack possible. According to Packshield, the hacker used a previously withdrawn pledged NFT from the Bored Ape Yacht Club (BAYC) collection as collateral to drain the assets.

Flowchart showing the transfer of the stolen XCarnival funds. Source: Peckshield

While the XCarnival hacker’s wallet showed the presence of 3,087 ETH after the hack, the remaining funds seem to be siphoned successfully — with the wallet showing 0 ETH at the time of writing.

ETH wallet balance of the XCarnival hacker. Source: etherscan.io

XCarnival announced plans to reveal details about the situation in time to come.

What could have been the story of the year turned out to be a disappointment after efforts from a white hat hacker to recover a locked phone full of Bitcoin (BTC) resulted in the discovery of just 0.00300861 BTC.

As Cointelegraph reported, Joe Grand, a computer engineer and hardware hacker, traveled from Portland to Seattle to potentially recover BTC from a Samsung Galaxy SIII phone owned by Lavar, a local bus operator.

Meticulous efforts that involved micro soldering, downloading the memory and discovering the Samsung’s swipe pattern for access, Lavar opened his MyCelium Bitcoin wallet and discovered only 0.00300861 BTC — worth $105 at the time, down to roughly $63 at the time of publication.

Terra’s Mirror protocol warns community against governance attack

December 25, 2021 Coin Telegraph

Coin Telegraph

The attacker launched a public poll on Mirror’s official website, which falsely proposes a freeze on the community pool in case of a scam. If executed as planned, the attacker would receive 25 million MIR tokens.

Public blockchain network Terra has confirmed an ongoing scam attack via an official governance poll on Mirror, an in-house synthetic assets protocol.

According to Mirror, the attacker launched a public poll on Mirror’s official website, which proposes a freeze on the community pool in case of a scam.

NEW MIRROR POLL! ALERT: Poll 211 is SCAM -- sending 25,000,000 MIR to itself ... #vote on 212: https://t.co/FH6RqTbJ2j $MIR $LUNA #terra
— Mirror Polls (@mirror_polls) December 25, 2021

According to Poll ID: 211, named “Freeze the community pool in case of scam”, the scammer proposes an upgrade of safer community governance rules in case of a hack. If the hacker manages to get a positive majority on the poll, 25 million MIR tokens (worth $64.2 million at the time of writing) will be sent to the hacker’s address.

Voting results of Poll 211. Source: mirrorprotocol.app

As evidenced by the above screenshot, Mirror’s proactive approach to warn the community has seen a sizable increase in the number of ‘No’ votes — confirming the security of the funds. According to WuBlockchain, the attacker initiated Proposal 185, disguised as a request for cooperation with Solana, effectively trying to defraud 25 million MIR tokens from the community fund pool.

The attacker's poll will remain publicly available for voting till Jan. 01. However, the Mirror team launched Poll 212 to warn the unwary investors:

"Poll 211 sending 25,000,000 MIR to itself. VOTE NO to any poll sending community funds out."

Mirror has also identified six other polls — with IDs 185, 198, 204, 206, 207 and 208 — that have attempted to substantially drain the community pool and cause MIR dumping:

“Poll# 208 is the 2nd attack on mDOT and is created by the same thief who started this wave of community pool stealing with its fake-burn poll #177.”

Public blockchain platform Solana has amped up its on-chain development initiatives following a recent distributed denial-of-service (DDoS) attack.

Daily GitHub submissions Bitcoin, Solana, Cardano and Polkadot from Nov. 12–Dec. 13, 2021. Source: Santiment

As Cointelegraph reported, the fifth-largest blockchain managed to overcome the attack without having to shutdown the network. However, citing concerns over network vulnerability, Solana has increased its on-chain activities.

EXP Attack