Blockchain-based gaming platform Gala (GALA) says it recovered over $20 million worth of crypto assets that were stolen during a security breach earlier this week. In a statement, Gala says that a hacker initiated a transfer of $200 million in Gala tokens on May 20th, but the monitoring system flagged the suspicious activity, which allowed […]
The post Gala Says Hacker Has Returned Over $20,000,000, Plans To Reimburse Users Affected by the Exploit appeared first on The Daily Hodl.
On Monday, an attacker minted $200 million worth of GALA tokens but managed to sell only a portion of them. It’s just been returned.
Gala Games has received around $22 million in Ether (ETH) from the person responsible for a May 20 “security incident” where $200 million worth of Gala (GALA) tokens were minted and a small portion sold before the wallet was frozen.
On May 21, the attacker’s wallet sent back 5913.2 ETH worth $22.3 million — close to the market value of the 600 million GALA they sold a day earlier.
Gala said in a May 21 blog post that the ETH’s return came after the team’s “swift, effective response and the involvement of Federal law enforcement agencies.”
The hacker who looted the crypto exchange Poloniex has started moving Ethereum (ETH) to the mixing service Tornado Cash, according to the digital asset de-anonymizing platform Arkham. Arkham notes the hacker moved 1126.1 ETH worth more than $3.4 million into Tornado Cash across a series of 20 transactions on Monday and Tuesday. They represent the […]
The post Hackers With $182,000,000 Stolen From Poloniex Starts Moving Funds to Tornado Cash appeared first on The Daily Hodl.
Kronos Research was exploited for $25 million in November 2023, with one of the six wallets linked to the hacker moving funds to Tornado Cash on May 7.
The hacker behind the $25 million exploit of quantitative trading firm Kronos Research in mid-November 2023 started moving funds nearly six months after the exploit.
The hacker wallet first transferred 1,314 Ether (ETH) worth $4 million to a new address, starting with 0x8F5e4 and later transferred all the ETH to another address starting with 0x164A24b.
The hacker made 10 transactions of 100 ETH from the final wallet and transferred it to Tornado Cash, a crypto-mixing tool.
The DEX aggregator has been exploited across multiple blockchains with millions in wrapped Ether and other assets stolen.
Around $46 million in various crypto assets has seemingly been drained from the decentralized KyberSwap exchange in the latest decentralized finance exploit.
On Nov. 23, the Kyber Network team alerted its users stating in an X (Twitter) post that KyberSwap Elastic “has experienced a security incident.”
It advised users to withdraw their funds as a precaution and added it was investigating the situation.
Urgent
— Kyber Network (@KyberNetwork) November 22, 2023
Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.
As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…
Blockchain sleuths highlighted the impacted and exploiter wallet addresses, which were still recently active.
According to Debank data, around $46 million has been pilfered in the attack, including roughly $20 million in wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB).
The funds were split across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
Kyberswap is being drained, several sources report.
— olimpio (@OlimpioCrypto) November 22, 2023
If you have assets, withdraw pic.twitter.com/Y5ooYYzcTd
In an X post, blockchain sleuth “Spreek” said he was “fairly sure this is NOT an approval-related issue and is only related to the TVL held in the Kyber pools themselves.”
The attacker has also left an on-chain message for protocol developers and DAO members, saying “negotiations will start in a few hours when I am fully rested.”
Related: KyberSwap announces potential vulnerability, tells LPs to withdraw ASAP
DefiLlama data shows KyberSwap’s total value locked (TVL) tanked by 68% over a few hours and almost $78 million left the protocol due to the hack and user withdrawals. Its TVL currently stands at $27 million, down from its 2023 peak of $134 million.
Kyber Network Crystal KNC token prices briefly dipped 7% as news of the exploit broke but have since recovered to trade at $0.74.
The team identified a vulnerability in April, advising users to withdraw liquidity. However, no funds were lost in that incident.
Magazine: Should crypto projects ever negotiate with hackers? Probably
Tron (TRX) founder Justin Sun is offering a 5% white hat bounty to the hacker who exploited the exchange Poloniex for $125 million in crypto. Sun, who acquired Poloniex in 2019, says that the hacker has a week to accept the offer and return the assets to the wallets he took them from, otherwise, law […]
The post Tron Founder Justin Sun Offers 5% Cut to Hacker After Poloniex Crypto Exchange Loses $125,000,000 in Cyber Heist appeared first on The Daily Hodl.
Unusually large withdrawals were made from Stake to an account with no previous activity, including $3.9 million in Tether and $9.8 million in Ether.
Crypto gambling site Stake has experienced $16 million in withdrawals on Sept. 4 in what security platform Cyvers Alerts is calling “suspicious transactions.” The withdrawing account has been labeled “Stake.com Hacker” by Etherscan, implying that the drained funds may be the result of a stolen private key.
ALERTOur AI-powered system has detected multiple suspicious transactions with @Stake.https://t.co/0ZoMITOyF5 address received about $16M in $ETH $USDC $USDT and $DAI
— Cyvers Alerts (@CyversAlerts) September 4, 2023
All the stable coins are converted to $ETH and distributed to different EOAs.
FYI: @tayvano_ @zachxbt pic.twitter.com/CSGwRHEiVm
Blockchain data shows very large withdrawals from Stake.com contracts into the alleged attacker’s account. The first transaction occurred at 12:48 p.m., transferring approximately $3.9 million worth of Tether (USDT) stablecoin from Stake to the attacker’s account. The next two transactions removed 6,001 Ether (ETH), worth approximately $9.8 million at the current price. The attacker continued to remove tokens over the next few minutes, including approximately $1 million USD Coin (USDC), $900,000 worth of Dai (DAI) stablecoin, and 333 Stake Classic (STAKE) ($75.48). Cyvers has estimated the total value of crypto drained at $16 million.
After draining the funds, the alleged attacker distributed them to multiple accounts. At the time of publication, Stake has not made an announcement regarding the suspicious withdrawals.
Related: Atomic Wallet faces lawsuit over $100M crypto hack losses: Report
Stake is a crypto gambling protocol that offers dice games, Blackjack, Lingo, and other casino games, as well as sports betting for basketball, tennis, volleyball and others.
This is not the first time in 2023 that crypto gambling sites may have been targeted by hackers. On July 23, payments provider Alphapo suffered $31 million in suspicious withdrawals. Alphapo was a provider for several crypto gambling sites, including Hypedrop, Bovada, and Ignition.
This is a developing story, and further information will be added as it becomes available.
Crypto hackers have turned their attention toward the crypto user, and “security hygiene” is more important than ever, according to Binance’s Jimmy Su.
Lurking in the shadiest corners of the dark web is a “well-established” ecosystem of hackers that target cryptocurrency users with poor “security hygiene,” according to Binance’s chief security officer, Jimmy Su.
Speaking to Cointelegraph, Su said that hackers had shifted their gaze toward crypto end-users in recent years.
Su noted when Binance first opened in July 2017, the team saw plenty of hacking attempts on its internal network. However, the focus has shifted as crypto exchanges continued to beef up their security.
Phishing scams are particularly prevalent in emails.
— Binance (@binance) July 4, 2023
They are used as a way to collect your sensitive information by impersonating someone you trust.
Use the blog below to learn how to stay safe from them. https://t.co/UtKBvR52lX
“Hackers always choose the lowest bar to achieve their goals because, for them, it’s a business as well. The hacker community is a well-established ecosystem.”
According to Su, this ecosystem comprises four distinct layers: intelligence gatherers, data refiners, hackers and money launderers.
The most upstream layer is what Su described as “threat intelligence.” Here, bad actors collect and collate ill-gotten intel about crypto users, creating entire spreadsheets filled with details about different users.
This could include crypto websites a user frequents, what emails they use, their name, and whether they’re on Telegram or social media.
“There is a market for this on the dark web where this information is sold [...] that describes the user,” explained Su in a May interview.
Su noted this information is usually gathered in bulk, such as previous customer information leaks, or hacks targeting other vendors or platforms.
An employee of our email vendor, https://t.co/6vM4WAcJal, misused their employee access to download & share email addresses with an unauthorized external party.
— OpenSea (@opensea) June 30, 2022
Email addresses provided to OpenSea by users or newsletter subscribers were impacted.https://t.co/Osb6qqkqZZ
In April, a research paper by Privacy Affairs revealed cybercriminals have been selling hacked crypto accounts for as little as $30 a pop. Forged documentation, often used by hackers to open accounts on crypto trading sites, can also be bought on the dark web.
According to Su, the data gathered is then sold downstream to another group — usually made up of data engineers specializing in refining data.
“For example, there was a data set last year for Twitter users. [...] Based on the information there, they can further refine it to see, based on the tweets to see which ones are actually crypto-related.”
These data engineers will then use “scripts and bots” to figure out which exchanges the crypto enthusiast may be registered with.
They do this by attempting to create an account with the user’s email address. If they get an error that says the address is already in use, they’ll know if they use the exchange, which could be valuable information that more targeted scams could use, said Su.
The third layer is usually what creates headlines. Phishing scammers or hackers will take the previously refined data to create “targeted” phishing attacks.
“Because now they know ‘Tommy’ is a user of exchange ‘X,’ they can just send an SMS saying, ‘Hey Tommy, we detected someone withdrew $5,000 from your account; please click this link and reach customer service if it wasn’t you.’”
In March, hardware wallet provider Trezor warned its users about a phishing attack designed to steal investors’ money by making them enter the wallet’s recovery phrase on a fake Trezor website.
The phishing campaign involved attackers posing as Trezor and contacting victims via phone calls, texts, or emails, claiming that there has been a security breach or suspicious activity on their Trezor account.
Once the funds are stolen, the final step is getting away with the heist. Su explained this could involve leaving the funds dormant for years and then moving them to a crypto mixer such as Tornado Cash.
Related: Arbitrum-based Jimbos Protocol hacked, losing $7.5M in Ether
“There are groups that we know that may sit on their stolen gains for two, three years without any movement,” added Su.
While not much can stop crypto hackers, Su urges crypto users to practice better “security hygiene.”
This could involve revoking permissions for decentralized finance projects if they no longer use them, or ensuring communication channels, such as email or SMS used for two-factor authentication, are kept private.
Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers
Developers say third-party apps can’t access Ledger users’ keys without the device owner’s consent.
On May 18, crypto hardware wallet provider Ledger clarified how its firmware works after a controversial May 17 tweet was deleted by the company. The deleted tweet, which Ledger said was written by a customer support agent, had stated that it was “possible” for Ledger to write firmware that could extract users’ private keys.
[1/3] You may have seen a tweet from our Ledger Support account being shared regarding Ledger firmware updates.
— Ledger Support (@Ledger_Support) May 18, 2023
Unfortunately, in our attempt to clarify how Ledger and all wallets work with the firmware, a customer support agent posted a tweet with confusing wording. https://t.co/cL6UrBzxWr
Ledger chief technology officer Charles Guillemet clarified in a new Twitter thread that the wallet’s operating system (OS) requires the consent of the user anytime “a private key is touched by the OS.” In other words, the OS shouldn’t be able to copy the device’s private key without the user’s consent — though Guillemet also said that using a Ledger does require “a minimal amount of trust.”
The original tweet from Ledger customer service stated, “Technically speaking, it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.”
The tweet ignited a firestorm of controversy on Twitter, as many users accused the company of misrepresenting the security of its wallet. Critics shared an alleged Ledger post from November that stated, “A firmware update cannot extract the private keys from the Secure Element,” implying that the company contradicted itself.
Though the deleted tweet fueled the controversy, the matter first sparked on May 16, when the company unveiled a new “Ledger Recover” service that allows users to back up their secret recovery phrase by splitting it into three shards and sending it to different data custody services. The deleted tweet was in response to the release of the new feature.
Nov 2022: A firmware update cannot extract the private keys from the Secure Element — Ledger
— olimpio (@OlimpioCrypto) May 17, 2023
May 2023: Technically speaking it is and always has been possible to write firmware that facilitates key extraction — Ledger@Ledger, do you now understand the problem? pic.twitter.com/czG53SuCOu
The new Twitter thread from Guillemet states that the wallet’s firmware, or OS, is “an open platform” in the sense that “anyone can write their own app and load it on the device.” Before being allowed on the Ledger Manager software, apps are first evaluated by the team to make sure that they aren’t malicious and don’t have security flaws.
According to Ledger, even after an app is approved, the OS does not allow it to use the private key for a network it isn’t made for. The company raised the example of Bitcoin apps not being allowed to use the device’s Ethereum private keys and vice versa for Ethereum apps and Bitcoin keys. In addition, every time a private key is used by an app, Ledger says the OS requires users to confirm their consent to use the key. This seems to imply that third-party apps installed on Ledger shouldn’t be able to use a person’s private key without the user first consenting to its use.
Guillemet also confirmed that this system is part of the current OS, which could theoretically be changed if Ledger were to become dishonest or if an attacker were to somehow gain control of the company’s computers:
“If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. It’s even possible to create signatures so that the private key can be retrieved only by monitoring the blockchain.”
Related: “Trusted” marketplace sold fake Trezor hardware wallets stealing crypto
Yet, the Ledger chief technology officer dismissed this concern, stating, “Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed.” He went on to say that the only way users can protect themselves against a dishonest wallet developer is to build their own computer, compiler, wallet stack, node and synchronizer, which the executive said is “a lifetime journey.”
Rival hardware wallet provider GridPlus has offered to open-source its firmware in an attempt to attract Ledger users. On the other hand, Guillemet stated that open-sourcing firmware would not protect against a dishonest wallet provider since the user would have no way of knowing whether the published code was actually running on the device.
Magazine: Joe Lubin: The truth about ETH founders split and ‘Crypto Google’
A U.K. hacker who caused a stir in 2020 and stole hundreds of thousands of dollars worth of crypto is pleading guilty to two sets of charges following his extradition from Spain on April 26th. In a statement published on Tuesday, the U.S. Attorney’s Office Southern District of New York says Joseph James O’Connor, also […]
The post U.S. Justice Department Extradites Notorious Twitter Hacker and Alleged Crypto Thief From UK appeared first on The Daily Hodl.
