1. Home
  2. Hack


Major Cryptocurrency ATM Manufacturer General Bytes Hacked, Over $1.5M in Bitcoin Stolen

Major Cryptocurrency ATM Manufacturer General Bytes Hacked, Over .5M in Bitcoin StolenGeneral Bytes experienced a security incident on March 17 and 18 that enabled a hacker to remotely access the master service interface and send funds from hot wallets, according to the company and sources. The breach forced a majority of U.S.-based crypto automated teller machine (ATM) operators to temporarily shut down. The hacker was able […]

Circle announces USDC launch for Cosmos via Noble network

More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm

Dogecoin, Zcash and Litecoin have already patched the “critical” vulnerability, but hundreds of others may not have, risking billions’ worth of crypto.

More than 280 blockchain networks are at risk of “zero-day” exploits that could put at least $25 billion worth of crypto at risk, according to cybersecurity firm Halborn.

In a March 13 blog post, Halborn warned of the vulnerability it dubbed “Rab13s” — adding it has already worked with some blockchains, such as Dogecoin, Litecoin and Zcash, to institute a fix for it.

Halborn said it was contracted in March 2022 to conduct a security review of Dogecoin’s codebase and found “several critical and exploitable vulnerabilities.”

It later determined those same vulnerabilities “affected over 280 other networks” that risked billions of dollars worth of cryptocurrencies.

Halborn outlined three vulnerabilities, the “most critical” of which allows an attacker to “send crafted malicious consensus messages to individual nodes, causing each to shut down.”

It added these messages over time could expose the blockchain to a 51% attack where an attacker controls the majority of the network’s mining hash rate or staked tokens to make a new version of the blockchain or take it offline.

Other zero-day vulnerabilities it found would allow potential attackers to crash blockchain nodes by sending Remote Procedure Call (RPC) requests — a protocol allowing a program to communicate and request services from another.

It added the likelihood of RPC-related exploits was lower as it requires valid credentials to undertake the attack.

“Due to codebase differences between the networks not all the vulnerabilities are exploitable on all the networks, but at least one of them may be exploitable on each network,” Halborn warned.

Related: Jump Crypto and Oasis.app ‘counter exploits’ Wormhole hacker for $225M

The firm said at this time it’s not releasing further technical details of the exploits due to their severity and added it made a “good faith effort” to contact all affected parties to disclose the potential exploits and provide remediation for the vulnerabilities.

Dogecoin, Zcash and Litecoin have already implemented patches for the discovered vulnerabilities, but hundreds could still be exposed, according to Halborn.

Circle announces USDC launch for Cosmos via Noble network

Hacker returns stolen funds to Tender.fi, gets $97K bounty reward

The bounty, which was offered via an on-chain message was approximately $97,000 or approximately 6% of the exploit amount.

The hacker behind the exploit of the decentralized finance (DeFi) lending platform Tender.fi has returned the stolen funds for a $97,000 bounty reward in Ether (ETH). 

The exploit was executed at 10:28 am UTC on Mar. 7, with Tender.fi confirming the incident on Twitter soon after citing “an unusual amount of borrows,” and adding it has paused all borrowing.

Blockchain data showed the exploiter used a price oracle glitch to borrow $1.59 million worth of assets from the protocol by depositing 1 GMX token, valued at around $71.

“It looks like your oracle was misconfigured. contact me to sort this out,” wrote the hacker in an on-chain message.

Message sent to Tender.fi from the price oracle exploiter. Source: Arbiscan

Eight hours later, the DeFi protocol announced it had come to an agreement with the “White Hat” exploiter, in which the hacker would repay all loans minus a 62.16 ETH “bounty,” worth around $97,000 at current prices. 

Another hour later, Tender.fi confirmed on Twitter that the exploiter had completed the loan repayments.

“Funds are officially SaFu, post mortem on the way,” it wrote. 

Related: DeFi lender Tender.fi suffers exploit, white hat hacker suspected

Last year in August, cross-chain Nomad Bridge appealed to exploiters that participated in a smart contract exploit that extracted $190 million in funds from the bridge in less than three hours.

Mere hours later, approximately $32.6 million worth of funds were already returned, suggesting some of the exploiters may have been white hat hackers attempting to extract funds for a later safe return.

Later in the month, nonfungible token (NFT) firm Metagame even offered a “Whitehat Prize” in the form of an NFT for anyone that proved they returned at least 90% of the funds they stole from the protocol.

Blockchain data from the Official Nomad Funds Recovery Address shows that funds continued to be returned to the recovery address since then, with the latest transaction recorded on Feb. 18, 2023, for $7,868 in Covalent Query Token (CQT).

Circle announces USDC launch for Cosmos via Noble network

Tornado Cash dev says ‘sequel’ to crypto mixer aims to be regulator-friendly

Soleimani explained that the “critical flaw” with Tornado Cash is that users cannot prove that they’re not associated with a criminal enterprise stealing or laundering crypto funds.

A former Tornado Cash developer claims to be building a new crypto mixing service that aims to solve a “critical flaw” of the sanctioned crypto mixer — which he hopes will convince U.S. regulators to reconsider its position on privacy mixers.

The code of a new Ethereum-based mixer, “Privacy Pools,” was launched on GitHub on Mar. 5 by its creator, Ameen Soleimani.

In a 22-part Twitter thread, Soleimani explained that the “critical flaw” with Tornado Cash is that users cannot prove that they’re not associated with North Korea’s Lazarus Group or any criminal enterprise for that matter.

With Privacy Pools, however, Soleimani explained that depositors and withdrawers could opt out of an anonymity set that contains an address associated with stolen or laundered funds.

This feature of Privacy Pools is executed with zero-knowledge (ZK) proofs, meaning that the privacy of the user is preserved:

“Now, users have the option to help regulators isolate illicit funds, without revealing their entire transaction history [...] With privacy pools, just because someone deposits into the same smart contract as you, it doesn't mean they can also force you into sharing an anonymity set with them. It's your choice.”

Soleimani provided a demonstration of how Privacy Pools is used:

The developer hopes the solution will empower “the community to defend against hackers abusing the anonymity sets of honest users without requiring blanket regulation or sacrificing on crypto ideals.”

While Privacy Pools is already live on Optimism, Soleimani noted that the first version of the privacy protocol is still in its “experimental” stage because the code isn’t complete and has not been audited, but he is “pretty close to having this ready.”

To see the protocol progress further, Soleimani wants on-chain forensics platforms like Chainlaysis and TRM Labs to conduct tracebacks on deposits so that users of the privacy tool don’t have to manually create their own subset exclusion lists.

In making the case for on-chain privacy protocols, Soleimani cited what he described as an “excellent” report by the Federal Reserve Bank of St. Louis in Missouri which examined the trade-offs between on-chain privacy and regulation:

“Their report proposes to achieve effective regulation by having Tornado Cash users provide receipts to an intermediary, thus revealing their entire transaction history to the intermediary, but still being able to have privacy with respect to other public blockchain users.”

The developer hopes this can help “start a conversation” with U.S. regulators on how on-chain privacy can be preserved whilst restricting criminal activity through the use of ZK proofs.

Related: On-chain privacy is key to the wider mass adoption of crypto

Soleimani’s attempt to create a crypto-friendly on-chain privacy solution comes after the U.S. Office of Foreign Asset Control (OFAC) sanctioned ETH and USDC addresses linked to Tornado Cash on Aug. 8 in response to several alleged thefts by North Korea’s Lazarus Group, who were claimed to have routinely used the privacy mixer to preserve its anonymity.

Photograph of a #FreeAlex protest. Source: Ameen.eth Twitter

Shortly after the sanction on Aug. 10, Alexey Pertsev, the creator of Tornado Cash was arrested by authorities in the Netherlands and is currently facing a series of money laundering charges. He remains behind bars and his next hearing will take place in late April.

Circle announces USDC launch for Cosmos via Noble network

BitKeep remains on track to fully compensate victims of $8M APK exploit

The company says users' losses will be 100% reimbursed by mid-March.

According to an official Telegram statement on March 1, Singaporean cross-chain crypto wallet developer BitKeep says it has reimbursed 50% of user assets lost during a security breach stemming from Dec. 26, 2022. On the date of the incident, an estimated $8 million was stolen by hackers after BitKeep's APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped. Users who downloaded the malware subsequently saw their private keys compromised, leading to the theft of assets. 

As told by BitKeep, a total of 6,731 verified addresses were breached during the incident. The firm has since completed reimbursing 50% of stolen assets in the affected addresses, with "expedited processing" for the remaining 50% of funds. BitKeep says it will complete its compensation plan ahead of schedule and release the remaining funds within two weeks.

In a statement to Cointelegraph, a spokesperson for BitKeep said the company has yet to recover the remaining assets through law enforcement efforts, and all reimbursements are "currently coming out of the company's own pockets, including those to be completed in the near future." As told by the spokesperson:

"BitKeep is adamant about the safety of users' assets and that is why we have stepped up to take responsibility for all damages as a result of the incident. Users' losses are being compensated by BitKeep's 2022 revenue and its Secure Assets Fund, and we will complete all reimbursements by March. Finally, we would like to express our gratitude to our users for their trust and support, as well as to our partners for working with us to overcome the recent challenges."

On Dec. 29, three days after the incident, BitKeep announced that it had alerted law enforcement and would reimburse 100% of users' losses. The wallet currently has over 8 million users worldwide. Last May, the firm raised $15 million in its Series A at a valuation of $100 million. 

Circle announces USDC launch for Cosmos via Noble network

Norwegian Authorities Seize Nearly $6,000,000 in Crypto Stolen in 2022 Hack on Axie Infinity (AXS) Ronin Network

Norwegian Authorities Seize Nearly ,000,000 in Crypto Stolen in 2022 Hack on Axie Infinity (AXS) Ronin Network

Norway’s central unit for fighting economic crimes has seized some of the crypto assets that hackers stole from the Ronin Network, an Ethereum (ETH)-linked sidechain made for the blockchain game Axie Infinity (AXS). In March, attackers believed to be from the North Korean cybercriminal organization Lazarus group hacked the private keys of the Ronin bridge […]

The post Norwegian Authorities Seize Nearly $6,000,000 in Crypto Stolen in 2022 Hack on Axie Infinity (AXS) Ronin Network appeared first on The Daily Hodl.

Circle announces USDC launch for Cosmos via Noble network

Wormhole hacker moves another $46M of stolen funds

The Wormhole exploiter appears to be seeking arbitrage opportunities with Ethereum-pegged assets.

The ill-gotten crypto from one of the industry’s largest exploits is on the move again, with on-chain data showing another $46 million of stolen funds has just shifted from the hacker’s wallet.

The Wormhole attack was the third largest crypto hack in 2022 resulting from an exploit of Wormhole’s token bridge in February 2022. Around $321 million of Wrapped ETH (wETH) was stolen.

According to blockchain security firm PeckShield, the hacker’s associated wallet has become active once again, moving d $46 million worth of crypto assets.

This was made up of around 24,400 of Lido Finance-wrapped Ethereum staking token (wstETH), worth approximately $41.4 million and 3,000 Rocket Pool Ethereum staking token (rETH), worth about $5 million, which was moved to MakerDAO.

The hacker appears to be seeking yield or arbitrage opportunities on their stolen loot as the assets were exchanged for 16.6 million DAI, PeckShield reported.

The MakerDAO stablecoin was then used to buy 9,750 ETH priced at around $1,537 and 1,000 stETH. These were then wrapped back into 9,700 wstETH.

On Feb. 10, an on-chain sleuth observed that the hacker was “buying the dip.”

However, the price of Ethereum has since fallen below those levels over the past few hours. At the time of writing, ETH was trading down 2.6% on the day at $1,505 according to CoinGecko.

At the time of the transfers, stETH prices depegged from Ethereum and climbed as high as $1,570. They’re currently trading 2.4% higher than ETH at $1,541. Furthermore, wstETH also has depegged and rose to $1,676, 11.3% higher than the underlying asset.

Related: Crypto exploit losses in January see nearly 93% year-on-year decline

The latest funds movement comes only a few weeks after the hacker moved another $155 million worth of Ethereum to a decentralized exchange on Jan. 24.

95,630 ETH was sent to the OpenOcean DEX and then subsequently converted into ETH-pegged assets including Lido’s stETH and wstETH.

Circle announces USDC launch for Cosmos via Noble network

Popular Hardware Crypto Wallet OneKey Hacked by Security Firm, Proving Critical Vulnerability

Popular Hardware Crypto Wallet OneKey Hacked by Security Firm, Proving Critical Vulnerability

A cybersecurity firm has hacked a popular crypto wallet, proving to its developers that it has critical vulnerabilities. In a new video update, cybersecurity firm Unciphered reveals to its YouTube audience how they were able to crack the defenses of crypto wallet OneKey and inform its developers of the exploit. “Here’s how the hack works. […]

The post Popular Hardware Crypto Wallet OneKey Hacked by Security Firm, Proving Critical Vulnerability appeared first on The Daily Hodl.

Circle announces USDC launch for Cosmos via Noble network

Seoul Sanctions North Korea Over Crypto Theft

Seoul Sanctions North Korea Over Crypto TheftSouth Korea has imposed sanctions on the North in relation to a number of cyberattacks often resulting in the theft of cryptocurrency. The authorities in Seoul say the regime in Pyongyang is using the digital assets to fund its nuclear and missile development projects. South Korea Hits North Korean Hackers With First Cybercrime Sanctions The […]

Circle announces USDC launch for Cosmos via Noble network

Darknet Market Solaris Hacked by Competitor, Elliptic Reveals

Darknet Market Solaris Hacked by Competitor, Elliptic RevealsA leading marketplace on the dark web, Solaris, has been hit by a rival, according to crypto analytics company Elliptic. The Russia-linked platform, which tried to occupy space vacated by the busted Hydra, is believed to have conquered up to a fifth of the illicit market before the hack. Solaris Allegedly Taken Over by Darknet […]

Circle announces USDC launch for Cosmos via Noble network