1. Home
  2. Exploits

Exploits

Connext, Alchemix launch cross-chain token standard to reduce bridge exploit losses

Coin Telegraph
Connext, Alchemix launch cross-chain token standard to reduce bridge exploit losses
alchemix

The two protocols will implement a standard for issuers to control the "canonical" minting of tokens, helping to reduce losses from unofficial bridges.

Connext cross-chain bridging protocol has announced a new token standard to reduce losses from bridge hacks. According to a July 24 announcement, the new “xERC-20” standard allows token-issuers to maintain a list of official bridges and control how many tokens can be minted by each.

In addition to Connext, DeFi platform Alchemix Finance will implement xERC-20 tokens, the announcement stated.

The new token standard was originally put forth on July 7 as Ethereum Improvement Proposal (EIP) 7281. It was co-authored by Connext’s founder, Arjun Bhuptani. At the time, Bhuptani said it would help to minimize losses from bridge hacks by acting on the principle that “Token issuers are the ones who get rekt when bridges get hacked.”

Instead of each bridge issuing its own version of a token on every network, the new standard would allow bridges to mint “official” or “canonical” versions of each token. However, they can only do this with the permission of the token issuer, and this permission would be enforced through smart contracts. Token-issuers would also be able to limit the number of coins that a particular bridge could mint, the proposal stated.

Under EIP-7281, bridges could still mint their own versions of tokens, but such derivative coins would not be considered “canonical” versions. As a result, consumers would eventually come to reject unofficial versions of coins. In Bhuptani’s view, this would lead to a safer DeFi space because it would put the responsibility of avoiding bridge hacks squarely on the shoulders of each token-issuer, which would help to prevent end-users from suffering losses.

To become an official part of the Ethereum ecosystem, an EIP has to be approved by EIP Editors, a process that can take months. The July 24 announcement said the standard will now be implemented in Connext and Alchemix ahead of its official approval, allowing end-users to rely on it immediately.

Related: Multichain bridge hack was a “big blow” to Fantom ecosystem, says Cronje

In the announcement, Connext stated that the token standard will be “forward compatible” with the official version should it eventually be approved by the EIP Editors. Bhuptani argued that the new implementation will prevent bridges with bad security or excessive centralization from being taken seriously, stating:

“This approach [...] encourages open competition and innovation as token issuers now have the flexibility [to] granularly update their preferences for supported bridges over time. Instead of prioritizing building a monopoly on liquidity, or trying to corner market share by locking-in token issuers (or in some cases entire chains), bridges are now forced to have an ongoing focus on their security and quality of service, lest they be delisted."

The issue of bridge security has become a hot topic in the crypto community. These concerns were amplified on July 7, when over $100 million was mysteriously withdrawn from the Multichain bridging protocol. The Multichain team at first only referred to the withdrawals as “abnormal,” but later clarified that an unknown individual had accessed their CEO’s cloud storage system to withdraw the funds without users’ consent.

Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

April’s crypto scams, exploits and hacks lead to $103M lost — CertiK

Coin Telegraph
April’s crypto scams, exploits and hacks lead to 3M lost — CertiK
certik

The month was particularly bad for exploits, with the amount lost accounting for half of the total crypto exploited so far in 2023.

Crypto exploits, exit scams, and flash loan attacks saw little signs of letting up in April, with more than $103 million of funds stolen from crypto projects and investors in the month. 

On April 30, crypto security and auditing firm CertiK posted an April roundup of crypto exploits, scams, and hacks, revealing total funds lost in April was $103.7 million, bringing the year-to-date total loss to $429.7 million.

The month was particularly marred with major crypto exploits, such as $25.4 million lost due to an exploit of several MEV trading bots on April 3, $22 million stolen in a hot wallet exploit at the Bitrue exchange and the hack of South Korean GDAC exchange leading to a loss of $13 million.

April 2023 crypto exploits. Source: CertiK

The total lost to crypto and DeFi exploits in the month amounted to $74.5 million, making up around half of the total $145 million exploited in the first four months of the year, according to CertiK.

The month also saw around $20 million lost to flash loan attacks, led mainly by Yearn Finance after a hacker exploited an old smart contract on April 13.

The blockchain security firm noted that total funds lost to exit scams reached $9.4 million in the month, with the top exit scam for the month being Merlin DEX which lost $2.7 million. On April 26, CertiK reported that it was investigating a “potential private key management issue” at the exchange.

Furthermore, the exit scam occurred after the protocol was audited by CertiK which warned about centralization issues. CertiK launched a compensation plan following the attack in which it urged the rogue developer to return 80% of the stolen funds with a 20% white hat bounty offered.

April 2023 crypto exit scams. Source: CertiK

Related: One crypto wallet launched 114 dodgy memecoins in two months

According to De.Fi’s Rekt Database, there were over 50 crypto exploits, scams, hacks, and rug pulls in April. Moreover, a large portion of them was memecoin rug pulls.

The most recent was the Polygon-based Ovix protocol which lost $2 million in a flash loan attack on April 28.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Hacker Offered Bounty After Exploiting $573,000 in Crypto From DeFi Platform

The Daily Hodl
Hacker Offered Bounty After Exploiting 3,000 in Crypto From DeFi Platform
Allbridge
Hacker Offered Bounty After Exploiting 3,000 in Crypto From DeFi Platform

Cross-chain bridging solution provider Allbridge is promising leniency to the hacker who exploited the multichain tool days ago if stolen funds are returned. While offering a “white hat bounty” to the hacker, Allbridge says that it won’t take legal action against the attacker if the funds are sent back. “Firstly, we propose a white hat […]

The post Hacker Offered Bounty After Exploiting $573,000 in Crypto From DeFi Platform appeared first on The Daily Hodl.

Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Openai’s GPT-4 Launch Sparks Surge in AI-Centric Crypto Assets

Bitcoin.com
Openai’s GPT-4 Launch Sparks Surge in AI-Centric Crypto Assets
AGIX
Openai’s GPT-4 Launch Sparks Surge in AI-Centric Crypto AssetsFollowing Openai’s release of GPT-4, a deep learning and artificial intelligence product, crypto assets focused on AI have spiked in value. The AGIX token of the Singularitynet project has risen 25.63% in the last 24 hours. Over the last seven days, four out of the top five AI-centric digital currencies have seen double-digit gains against […]
Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

7 DeFi protocol hacks in Feb sees $21 million in funds pilfered: DefiLlama

Coin Telegraph
7 DeFi protocol hacks in Feb sees million in funds pilfered: DefiLlama
Coin Telegraph

DeFi platforms lost over $21 million to hackers throughout February, according to data released by DeFi project aggregator DefiLlama.

Reentrancy, price oracle attacks and exploits across seven protocols caused the decentralized finance (DeFi) space to bleed at least $21 million in crypto in February. 

According to DeFi-centric data analytics platform DefiLlama, one of the largest in the month was the flash loan reentrancy attack on Platypus Finance, which led to $8.5 million of funds lost.

DefiLlama highlighted six other noteworthy hacks in the month, the first being the price oracle attack on BonqDAO on Feb 1.

DeFi platforms suffered seven attacks throughout February. Source: DefiLlama

BonqDAO: $1.7 million

BonqDAO revealed to its followers in a Feb. 1 post that its Bonq protocol was exposed to an oracle attack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token.

The exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which triggered the liquidation of ALBT troves.

Blockchain security firm PeckShield estimated the losses to be around $120 million, however, it was later revealed hackers reportedly only cashed out around $1 million due to a lack of liquidity on BonqDAO.

Orion Protocol: $3 million

Just a day later, decentralized exchange Orion Protocol suffered a loss of roughly $3 million on Feb. 2 through a reentrancy attack, where attackers used a malicious smart contract to drain funds from a target with repeated withdrawal orders.

Orion Protocol CEO Alexey Koloskov confirmed the attack at the time, assuring everyone, "All users' funds are safe and secure."

"We have reasons to believe that the issue was not a result of any shortcomings in our core protocol code, but rather might have been caused by a vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers," he said.

dForce Network: $3.65 million

DeFi protocol dForce network was another February victim of a reentrancy attack resulting in losses of around $3.65 million.

In a Feb. 10 post, dForce confirmed the exploit; however in a twist, all funds were returned when the hacker came forward as a whitehat hacker.

“On Feb. 13, 2023, the exploited funds were fully returned to our multi-sig on both Arbitrum and Optimism, a perfect ending for all,” dForce said.

Platypus Finance: $9.1 million

On Feb. 16, DeFi protocol Platypus Finance suffered a flash loan attack resulting in $8.5 million being drained from the protocol.

A post-mortem report from Platypus auditor Omniscia noted that the attack was possible because of code in the wrong order.

On Feb. 23, the team announced that they are seeking to return around 78% of the main pool funds by reminting frozen stablecoins.

The team also confirmed second and third incidents, which led to another $667,000 exploited, bringing total losses to around $9.1 million.

French police arrested two suspects related to the hack and seized around $222,000 worth of crypto assets on Feb. 25.

Hope Finance: $1.86 million

A few days later, users of arbitrum-based algorithmic stablecoin project, Hope Finance, fell prey to a smart contract exploit on Feb. 20, which saw roughly $2 million stolen from users.

Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying users of the scam.

A member of the CertiK team told Cointelegraph at the time that the scammer had changed the details of the smart contract, which led to funds being drained from Hope Finance genesis protocol:

“It appears that the scammer changed the TradingHelper contract which meant that when 0x4481 calls OpenTrade on the GenesisRewardPool the funds are transferred to the scammer.”

Dexible: $2 million

Multichain exchange aggregator Dexible was hit by an exploit that targeted the app’s selfSwap function, with $2 million worth of cryptocurrency lost as a result of the Feb. 17 attack.

According to a Feb. 18 post from the exchange, “a hacker exploited a vulnerability in our newest smart contract. This allowed the hacker to steal funds from any wallet that had an unspent spend approval on the contract.”

After investigating, the Dexible team found the attacker had used the app’s selfSwap function to move over $2 million worth of crypto from users that had previously authorized the app to move their tokens.

After receiving the tokens into their own smart contract, the attacker withdrew the coins through Tornado Cash into unknown BNB wallets.

LaunchZone: $700,000

BNB Chain-based DeFi protocol LaunchZone had $700,000 worth of funds drained on Feb. 27.

According to blockchain security firm Immunefi, an attacker leveraged an unverified contract to drain the funds.

"An approval had been made to the unverified contract 473 days ago by the LaunchZone deployer," Immunefi said.

Related: Crypto exploit losses in January see nearly 93% year-on-year decline

The February figures are a stark increase from January, according to DefiLlama figures.

The tracker lists only $740,000 in hacks to DeFi platforms in the month across two protocols — Midas Capital and ROE Finance.

In its 2023 Crypto Crime Report, blockchain data firm Chainalysis revealed that hackers stole $3.1 billion from DeFi protocols in 2022, accounting for more than 82% of the total amount stolen in the year.

Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

DeFi exploits and access control hacks cost crypto investors billions in 2022: Report

Coin Telegraph
DeFi exploits and access control hacks cost crypto investors billions in 2022: Report
Coin Telegraph

Cyber criminals used a variety of methods to siphon funds through hacks and exploits in 2022, amounting to over $2.8 billion in losses.

Cyber criminals used a variety of novel ways to carry out hacks and exploits in 2022, with over $2.8 billion of cryptocurrency stolen last year.

According to a report from CoinGecko using data sourced from DeFiYield’s REKT Database, nearly half of the total crypto stolen in 2022 was fleeced using diverse methods. This includes bypassing verification processes, market manipulation, ‘crowd looting’ as well as smart contract and bridge exploits.

The biggest hack of 2022 was carried out through an access control hack. Sky Mavis, the developer behind popular game Axie Infinity, saw its Ronin bridge hacked in March 2022, leading to $625 million being drained from the bridge between the Ronin chain and Ethereum network.

It was later revealed that North Korean hacking group Lazarus gained access to five private keys which were used to sign transactions from five Ronon Network validator nodes. This was how the hackers drained 173,600 ETH and 25.5 million USDC from the bridge.

According to CoinGecko, access control exploit is carried out by attackers that have gained access to wallets or accounts through compromised private keys, networks or security systems. As Cointelegraph explored last year, cross-chain bridge hacks were prevalent in 2022 with 65% of funds stolen from these types of attacks alone.

Related: Crypto exploit losses in January see nearly 93% year-on-year decline

The second largest exploit of 2022 took place in Feb. 2022, as attackers bypassed verification with a forged signature on the Wormhole token bridge before minting $326 million worth of crypto. Wormhole’s failure to validate ‘guardian’ accounts allowed hackers to mint tokens without needing the required collateral.

‘Crowd looting’ came to the fore in August 2022, as an insecure smart contract configuration on Decentralized Finance (DeFi) token bridge Nomad allowed users to withdraw an unlimited amount of funds. Hundreds of wallets took advantage of the exploit, seeing over $190 million drained.

Mango Markets suffered a market manipulation exploit in October 2022, as a hacker purchased and artificially inflated Mango (MNGO) tokens before taking out under-collateralized loans from the project's treasury. $116 million was stolen in the flash loan attack.

Reentrancy attacks, in which attackers make use of a malicious smart contract that drains funds from a target with repeated withdrawal orders, amounted to $81 million stolen last year.

Oracle issue hacks led to $54 million of funds stolen. This method sees hackers gain access to an oracle service and manipulate its price feed data service to enforce smart contract failure or carry out flash loan attacks.

Phishing attacks only amounted to $17 million of cryptocurrency stolen in 2022. This method was prevalent between 2017 and 2020, as attackers preyed on unwitting victims through social engineering methods to steal login credentials and private keys.

An oracle attack in February 2023 is the largest hacking incident to date of the new year. Hackers managed to manipulate the price of the AllianceBlock token through an oracle hack, leading to an estimated $120 million being stolen from the protocol.

Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Crypto exploit losses in January see nearly 93% year-on-year decline

Coin Telegraph
Crypto exploit losses in January see nearly 93% year-on-year decline
Attacks

Around $8.8 million was lost to crypto exploits in January, a massive decline from the figures this time last year.

Aside from the bullish crypto market rally in January, there’s been more positive industry news as the month saw a decline in losses from exploits compared to the same time last year.

According to data from blockchain security firm PeckShield on Jan. 31, there were $8.8 million in losses from crypto exploits in January.

There were 24 exploits over the month, with $2.6 million worth of crypto being sent to mixers such as Tornado Cash. The breakdown of assets sent to mixers includes 1,200 Ether (ETH) and around 2,668 BNB (BNB).

The January figures are 92.7% lower than the $121.4 million lost to exploits in January 2022.

PeckShield reported the largest exploit from last month, representing 68% of the total, was the one carried out on the DeFi lending and borrowing platform LendHub which lost $6 million on Jan. 12.

Other notable exploits for the month included Thoreum Finance which lost $580,000 and Midas Capital which was exploited for $650,000 in a flash loan attack.

January’s figure is also down 68% from December 2022 which saw almost $27.3 million in exploit losses, according to PeckShield.

Other losses not included in the data include a $2.6 million rug pull on the FCS BNB Chain token, according to DeFiYield’s Rekt database. There was a further $150,000 lost to fake BONK tokens, and a $200,000 rug pull on the Doglands Metaverse gaming platform, DeFiYield reported.

A phishing attack on the GMX decentralized trading protocol on Jan. 4 also resulted in a victim losing as much as $4 million.

Related: Crypto wallets combat scammers with transaction previews and blocklists

Despite the relatively quiet month, blockchain security company CertiK told Cointelegraph in early January that there is unlikely to be a slowdown in attacks and exploits this year.

The firm also reported that the $62 million in crypto stolen in December was the "lowest monthly figure" in 2022.

As of the end of last year, the ten largest exploits of 2022 resulted in a whopping $2.1 billion stolen from crypto protocols.

Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Why DeFi should expect more hacks this year: Blockchain security execs

Coin Telegraph
Why DeFi should expect more hacks this year: Blockchain security execs
2022

One reason is that “hackers have gotten smarter, gained more experience, and learned how to look for bugs,” according to the founder of a crypto auditing firm.

Decentralized finance (DeFi) investors should buckle themselves up for another big year of exploits and attacks as new projects enter the market and hackers become more sophisticated.

Executives from blockchain security and auditing firms HashEx, Beosin and Apostro were interviewed for Drofa’s An Overview of DeFi Security In 2022 report shared exclusively with Cointelegraph.

The executives were asked about the reason behind a significant increase in DeFi hacks last year, and were asked whether this will continue through 2023.

Tommy Deng, managing director of blockchain security firm Beosin, said while DeFi protocols will continue to strengthen and improve security, he also admitted that “there is no absolute security,” stating:

“As long as there is interest in the crypto market, the number of hackers will not decrease.”

Deng added that many new DeFi projects “don’t go through complete security testing before going live."

Additionally, a significant amount of projects are now exploring the use of cross-chain bridges, which were a prime target for exploiters last year, leading to $1.4 billion stolen across six exploits in 2022.

The comments mirror those of blockchain security firm CertiK, who told Cointelegraph on Jan. 3 that it doesn’t “anticipate a respite in exploits, flash loans or exit scams” in the coming year.

In particular, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023” citing the historically high returns from attacks in 2022.

Crypto auditing firm HashEx founder and CEO, Dmitry Mishunin, said “hackers have gotten smarter, gained more experience, and learned how to look for bugs.”

“The crypto industry is still relatively new, and everyone is growing with each other, so it’s difficult to get too far ahead of bad actors.”

He added the amount of value in some DeFi projects made the industry “very attractive” to malicious actors, and that the number of hacks “is only going to grow going forward.”

Mishuin said these attacks may even spread outside of DeFi, with attackers setting their sights on “crypto exchanges and banks” that enter the market offering “more secure solutions for storing digital assets.”

Related: Crypto’s recovery requires more aggressive solutions to fraud

Smart contract security and auditing firm Apostro co-founder, Tim Ismiliaev gave a more hopeful take, however, as he expects the space to “mature over the next five years, and new best practices for securing decentralized finance protocols will emerge.”

Too long; didn’t read

Interestingly, both Mishunin and Deng noted that many of the post-incident reports provided by blockchain security firms often fail to reach their target audience — blockchain developers.

“The people that read such analyses are average investors that are concerned about their money. Actual blockchain developers are too busy coding; they don’t have time to read stuff like that,” said Mishunin.

Meanwhile, Deng said the reports are usually about “event-based vulnerabilities and related recommendations,” so doesn’t often help other developers as they might still be vulnerable to other exploits.

He admitted, however, that reports on “general vulnerabilities” in DeFi “tend to do a good job of ramping up protection.”

“The reentrancy vulnerabilities are now not as common as they used to be.”
Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Crypto Incidents Involving Exit Scams, Hacks, and Code Exploits Reach Record Low in December 2022 According to Certik

Bitcoin.com
Crypto Incidents Involving Exit Scams, Hacks, and Code Exploits Reach Record Low in December 2022 According to Certik
binance smart chain
Crypto Incidents Involving Exit Scams, Hacks, and Code Exploits Reach Record Low in December 2022 According to CertikAccording to blockchain security company Certik, the number of cryptocurrency incidents involving exit scams, hacks, and code exploits in Dec. 2022 was the lowest monthly figure of the year. Certik noted that the combined incidents amounted to $62.2 million “lost to exploits, hacks, and scams.” Record Low Cyber Attacks in December 2022 Result in $62.2 […]
Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Metaverse exploitation and abuse to rise in 2023: Kaspersky

Coin Telegraph
Metaverse exploitation and abuse to rise in 2023: Kaspersky
Coin Telegraph

Cybercriminals will flock to the Metaverse next year to prey on unsuspecting virtual world participants according to a report by cybersecurity firm Kaspersky.

Malware, ransomware attacks and phishing are not the only scourges of the crypto industry as the Metaverse could become a big target next year, according to cybersecurity experts.

In its “Consumer Cyberthreats: Predictions for 2023” report on Nov. 28, cybersecurity firm Kaspersky forewarned that there will be greater exploitation of the Metaverse due to lacking data protection and moderation rules.

Kaspersky acknowledged there are currently only a handful of metaverse platforms, but the number of metaverses is set to expand in the coming years and the market could even top $50 billion by 2026. That expansion will entice cyber criminals to the ecosystem seeking to exploit unwitting virtual world participants.

“As the metaverse experience is universal and does not obey regional data protection laws, such as GDPR, this might create complex conflicts between the requirements of the regulations regarding data breach notification.”

Social media is already a hotbed of data breach activity so it stands to reason that the Metaverse will be an extension of this. As reported by Cointelegraph earlier this year, Social media was responsible for more than $1 billion in crypto scam-related losses in 2021.

Kaspersky also predicted that virtual abuse and sexual assault will spill over into Metaverse ecosystems. It mentioned cases of “avatar rape and abuse” adding that without protection mechanisms or moderation rules “this scary trend is likely to follow us into 2023.”

Meta, the firm formerly known as Facebook, has already received a lot of pushback over its Metaverse ambitions due to the lack of user protection and privacy concerns on its social media platform.

The report predicted that in-game virtual currencies and valuable items will be one of the “prime goals” among cybercriminals who will seek to hijack player accounts or trick them into fraudulent deals to fork over valuable virtual assets. Most modern games have introduced some form of monetization or digital currency support which will become a honeypot for malicious actors.

Related: The Metaverse is a new frontier for earning passive income

Kaspersky noted that new forms of social media will also bring more risks. It specifically mentioned a shift to augmented reality-based social media, adding that cybercriminals can start “distributing fake trojanized applications” to infect devices for further malicious purposes.

Threats to new AR-based social media and metaverse platforms are primarily data and money theft, phishing, and account hacking, the report concluded.

Read more
Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

Telegram Gaming Token Could Surge by Over 40% Based on a Trend Indicator, According to Crypto Analyst

WordPress Theme by cactus.com
Close

Share this video