A gaming-focused Ethereum (ETH) sidechain is integrating with Binance Pay as a means of making wallet funding easier for consumers. In a new blog post, Ethereum sidechain Ronin (RON) says that it is collaborating with the world’s largest crypto exchange by volume to make it easier to fund the Ronin crypto wallet. According to Ronin, […]
The post Gaming-Focused Ethereum (ETH) Sidechain Ronin Integrates Binance Pay To Enable Easier Wallet Funding appeared first on The Daily Hodl.
A total of $4.8 million in funds have now been moved by the hacker to Bitcoin and now Avalanche.
The hackers behind cryptocurrency casino Stake’s $41 million hack have shifted another $328,000 million worth of Polygon (MATIC) and Binance Coin (BNB) tokens — its latest moves following the Sept. 4 exploit, according to blockchain security firm CertiK.
The most recent transfer involved 300 BNB tokens worth about $61,500 to an externally owned address “0x695…” which were then bridged to the Avalanche blockchain on Sept. 11 at 4:09 pm UTC.
Another 520,000 MATIC tokens worth over $266,000 were also moved to Avalanche seven hours earlier at 7:18 am UTC.
#CertiKSkynetAlert
— CertiK Alert (@CertiKAlert) September 11, 2023
We are seeing a further movement of funds from the Stake exploiter.
520k MATIC was swapped and bridged to Avalanche before being bridged to BTC as per other fund movements from the exploiter.
See more on Skynet https://t.co/Sdsfh29AoF
The 520,000 MATIC and 300 BNB — totaling $328,000 — add to the $4.5 million in stolen funds that were bridged to the Bitcoin blockchain (in the form of BTC) on Sept. 7, according to blockchain security firm Arkham.
The total $4.8 million transferred however only represents 1.2% of the total $41 million stolen from the hackers.
Over the past 24 hours, the Hacker has been gradually bridging funds to the BTC Blockchain using a series of new wallets on Polygon and Avalanche.
— Arkham (@ArkhamIntel) September 7, 2023
They have so far bridged $4.5M to BTC addresses, with the remaining $36M still held on ETH/BNB/Polygon. pic.twitter.com/fiMy62ABwL
It is understood the hacker gained access to the private key of Stake’s Binance Smart Chain and Ethereum hot wallets to perpetrate the hack on Sept. 4.
The United States Federal Bureau of Investigation believes North Korea’s Lazarus Group was behind the exploit.
With $41 million stripped from Stake, the industry’s malicious actors have now taken the cryptocurrency hacks and scams toll to well over $1 billion in 2023.
CertiK previously reported the figure to be $997 million at the end of August, though several attacks in the last two weeks will push the figure over the $1 billion mark.
Related: CertiK drops findings on alleged scammer who stole $1M in crypto
In September, a cryptocurrency whale lost $24 million in staked Ether (ETH) in a phishing attack on Sept. 6, and Vitalik Buterin’s X (formerly Twitter) account was then compromised on Sept. 9, where the hacker then lured several victims into a nonfungible token scam which totaled $691,000.
The three incidents would take CertiK’s August figure to at least $1.04 billion.
Crypto Hacks And Scams Reach Nearly a Billion Dollars In 2023!
— Interlock (@interlockweb3) September 11, 2023
⚔️ThreatSlayer is your security sidekick that keeps you safe! pic.twitter.com/pZmPCdZzP2
Other recent incidents include Pepe (PEPE) coin’s withdrawal incident which set back investors $13.2 million, Exactly Protocol’s $7.3 million exploit and an exposed security vulnerability on Balancer which did $2.1 million in damage.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story
The Federal Bureau of Investigation (FBI) is issuing a warning to crypto investors that North Korean hackers are looking to unload tens of millions of dollars worth of stolen Bitcoin (BTC) onto the market. In a new press release, the enforcement agency says they have identified wallet addresses associated with the North Korean hacking group […]
The post FBI Issues Warning to Crypto Investors, Says North Korean Hackers May Sell Off $40,000,000 in Bitcoin (BTC) appeared first on The Daily Hodl.
On Jan. 15, 2023, onchain researchers discovered that funds stolen during the Harmony bridge attack had been moved. The suspected thieves, who are allegedly associated with the North Korean hacking syndicate Lazarus Group, moved 41,000 ethereum, worth $63.2 million at current exchange rates. Onchain Researchers Track Stolen Ethereum From Harmony Bridge Attack and Help Major […]
Just the top 10 major cryptocurrency exploits garnered over $2 billion for malicious actors in a year that was marred with bankruptcies and collapses.
It's been a turbulent year for the cryptocurrency industry — market prices have taken a huge dip, crypto giants have collapsed and billions have been stolen in crypto exploits and hacks.
It was not even halfway through October when Chainalysis declared 2022 to be the “biggest year ever for hacking activity.”
As of Dec. 29, the 10 largest exploits of 2022 have seen $2.1 billion stolen from crypto protocols. Below are those exploits and hacks, ranked from smallest to largest.
Stablecoin protocol Beanstalk Farms suffered a $76 million exploit on April 18 from an attacker using a flash loan to buy governance tokens. This was used to pass two proposals that inserted malicious smart contracts.
The exploit was initially thought to have cost around $182 million as Beanstalk was drained of all its collateral but in the end, the attacker only managed to get away with less than half that.
Qubit Finance, a decentralized finance (DeFi) protocol on BNB Smart Chain, had over $80 million worth of BNB (BNB) stolen on Jan. 28 in a bridge exploit.
The attacker duped the protocol's smart contract into believing they had deposited collateral that allowed them to mint an asset representing bridged Ether (ETH).
They repeated this multiple times and borrowed multiple cryptocurrencies against the unbacked bridged ETH, draining the protocol’s funds.
Another DeFi protocol called Rari Capital was exploited on April 30 for the sum of roughly $79.3 million.
The attacker exploited a reentrancy vulnerability in the protocol’s Rar Fuse liquidity pool smart contracts, making them call a function to a malicious contract to drain the pools of all crypto.
In September, Tribe DAO, which includes Rari Capital and other DeFi protocols, voted to reimburse affected users from the hack.
In yet another bridge hack, the Horizon Bridge that links Ethereum, Bitcoin (BTC), and BNB Chain to Harmony’s layer-1 blockchain was drained of around $100 million in multiple cryptocurrencies.
Blockchain forensics firm Elliptic pinned the hack on North Korean cybercriminal syndicate Lazarus Group, as the funds were laundered in a similar way to other known Lazarus attacks.
Lazarus is understood to have targeted Harmony employee login credentials, breaching the platform’s security system and gaining control of the protocol before deploying automated laundering programs to move their ill-gotten gains.
The BNB Chain was paused on Oct. 6 due to “irregular activity” on the network, which later was revealed as an exploit that drained around $100 million from its cross-chain bridge, the BSC Token Hub.
Initially, it was thought the attacker was able to take around $600 million due to a vulnerability that allowed the creation of roughly two million BNB, the chain’s native token.
Unfortunately for the attacker, they had roughly over $400 million worth of digital assets frozen on the blockchain and more was possibly stuck in cross-chain bridges on the BNB blockchain side.
United Kingdom based crypto market-maker Wintermute suffered from a compromised hot wallet that saw approximately $160 million across 70 tokens transferred out of the wallet.
Analysis from blockchain cybersecurity firm CertiK claimed a vulnerable private key was attacked that was likely generated by Profanity — an app that allows users to generate vanity crypto addresses, that has a known exploit.
According to CertiK, this allowed the attacker to use a function with the private key that allowed the hacker to change the platform’s swap contract to the hacker’s own.
Conspiracy theories alleging the hack was an “inside job” due to how it was carried out were debunked by blockchain security firm BlockSec, who said the allegations were “not convincing enough.”
On Aug. 2, the Nomad token bridge, which allows users to swap cryptocurrencies across multiple blockchains, was drained by multiple attackers to the tune of $190 million.
A smart contract vulnerability that failed to properly validate transaction inputs was the cause of the exploit.
Multiple users, seemingly both malicious and benevolent, were able to copy the original attacker’s moves to funnel funds to themselves. Around 88% of addresses taking part in the exploit were identified as “copycats” in a report.
Only around $32.6 million worth of funds were able to be intercepted and returned to the protocol by white hat hackers.
The Wormhole token bridge suffered an exploit on Feb. 2 that resulted in the loss of 120,000 Wrapped Ether (wETH) tokens worth $321 million.
Wormhole allows users to send and receive crypto between multiple blockchains. An attacker found a vulnerability in the protocol’s smart contract and was able to mint 120,000 wETH on Solana (SOL) unbacked by collateral and was then able to swap this for ETH.
At the time it was marked as the largest exploit in 2022 and is the third-largest protocol loss overall for the year.
During the start of FTX’s bankruptcy proceedings on Nov. 11 and 12, a series of unauthorized transactions took place at the exchange, with Elliptic suggesting that around $477 million worth of crypto was stolen.
Sam Bankman-Fried said in a Nov. 16 interview that he believed it was “either an ex-employee or somewhere someone installed malware on an ex-employee’s computer” and had narrowed the perpetrator down to eight people before he was shut out of the company’s systems.
Related: 7 biggest crypto collapses of 2022 the industry would like to forget
According to reports, on Dec. 27 the United States Department of Justice launched an investigation into the whereabouts of around $372 million of the missing crypto.
The largest exploit to take place in 2022 happened on March 23, when the Ronin bridge was exploited for around $612 million — 173,600 ETH and 25.5 million USD Coin (USDC).
Ronin is an Ethereum sidechain built for Axie Infinity, a play-to-earn nonfungible token (NFT) game. Sky Mavis, Axie Infinity’s developers, said the hackers gained access to private keys, compromised validator nodes and approved transactions that drained funds from the bridge.
The U.S. Treasury Department updated its Specially Designated Nationals and Blocked Persons (SDN) list on April 14 to reflect the possibility that Lazarus Group was behind the bridge’s exploit.
The Ronin bridge hack is the largest cryptocurrency exploit to ever take place.
The chief executive of blockchain gaming platform Axie Infinity is debunking reports that he moved millions of dollars in AXS as the protocol’s sidechain was hacked to the tune of $600 million. A recent report by Bloomberg details how a crypto wallet belonging to Axie Infinity CEO Trung Nguyen moved about $3 million worth of AXS […]
The post Axie Infinity CEO Denies Rumors of Moving Millions of Dollars in AXS During Massive $600,000,000 Ronin Attack appeared first on The Daily Hodl.
The Ronin bridge tied to Axie Infinity is back up with a new design after Sky Mavis introduced a circuit breaker system and daily withdrawal limits.
Sky Mavis, developers of the popular play-to-earn (P2E) NFT game Axie Infinity have announced that the Ronin bridge is back online three months after it was hacked for more than $600 million.
The Ronin bridge is an Ethereum sidechain built for Axie Infinity, and it enables users to transfer assets between the sidechain and the Ethereum mainnet.
On March 29, 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) was drained from the bridge after hackers managed to gain access to private validator keys. The hack was worth more than $620 million at the time.
According to the June 28 announcement from the Sky Mavis team, the Ronin bridge is back online after three audits (one internal, two external), a new design and full compensation of users' stolen assets.
“All wETH and USDC owned by Ronin Network users is now fully backed 1:1 by ETH and USDC on Ethereum, as promised. All users’ have been made whole.”
In total, Sky Mavis has now reimbursed 117,600 ETH and 25.5 million USDC by providing the ETH liquidity to back users’ wrapped ETH (wETH) on the Ronin network.
In April, around 46,000 of that ETH had already been compensated after Binance provided a bridge to its exchange so that users could swap out wETH for ETH. Liquidity was sourced from the Axie Infinity balance and founders' funds to support the move. Binance also led a $150 million funding round to help Sky Mavis repay Axie Infinity users.
The remaining 56,000 of the total stolen ETH belongs to the Axie DAO Treasury and will remain uncollateralized as Sky Mavis “works with law enforcement to recover the funds.”
good job.
— CZ Binance (@cz_binance) June 28, 2022
As part of the revamped bridge design, Sky Mavis has updated the smart contract software to enable validators to set daily withdrawal limits, with the initial amount set at $50 million at this stage. The team also introduced a circuit breaker system that breaks down the monetary value of withdrawals into three tiers.
Tier 1 is for withdrawals less than $1 million, and requires 70% of validators to sign off, and tier 2 is for amounts greater than $1 million and requires 90% of validator signatures. Tier 3 is for withdrawals greater than $10 million and requires a 90% validator sign-off, a small transaction fee and a seven-day review process.
“The new bridge design includes a circuit-breaker system as a contingency plan which increases the security of the bridge by halting large suspicious withdrawals.”
Sky Mavis admitted in a postmortem report in late April that its lack of decentralization had made the Ronin bridge vulnerable to the hack. At the time it had just nine validator nodes, with employees having access to four of them.
After promptly raising the number of node to 11, Sky Mavis outlined intentions to raise the count to 21 within three months of the postmortem, with the long-term goal of surpassing 100 total nodes.
Related: Harmony hacker sends stolen funds to Tornado Cash mixer
The team did not provide an update on how many validators nodes the Ronin network now has in the latest announcement however.
Axie Infinity has seen its monthly NFT sales volume tank dramatically in 2022, with data from CryptoSlam showing that the game went from generating $126.4 million in January to just $2.8 million in June.
South Korean law enforcement recently announced the arrest of a serving military captain and an operator of a cryptocurrency exchange on charges of spying for a North Korean hacker. In return for the acts of espionage, the two South Korean individuals were allegedly paid bitcoins worth a total of $637,789. South Korea’s Joint Command and […]
According to the project’s official Twitter account, Tornado Cash, the ethereum mixing service that allows participants to shuffle ether, is blocking flagged ethereum addresses listed on the Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals And Blocked Persons list (SDN). The decision follows the recent OFAC update, that lists the Ronin exploiter’s ethereum address, […]
According to Sky Mavis, the creators of the blockchain NFT game Axie Infinity, the Ronin network has been attacked, and a hacker has managed to siphon 173,600 in ethereum and 25.5 million usd coin (USDC). The attacker has obtained roughly $620 million worth of crypto assets, and the Ronin bridge and Katana Dex have been […]