1. Home
  2. stake

stake

Surprise ETH price drop below $2.5K raises questions about Ethereum fundamentals

Ethereum price followed the broader crypto market sell-off, but its longer term price weakness is driven by network-specific factors.

Ether (ETH) prices declined by 9.6% from Oct. 20 to Oct. 23, following a strong rejection at the $2,700 level. This move erased the gains of the previous 10 days, and as Ether now stabilizes near $2,500, its 30-day performance remains negative, down by 6%.

The chance of ETH reclaiming the $2,800 support is diminishing and onchain data suggests that high transaction fees are pushing activity away from the Ethereum network, ultimately reducing demand for native staking. 

Total crypto capitalization (blue) vs. Ether/USD (green). Source: TradingView

Read more

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Ethereum’s value accretion narrative under duress after 19% drop in ETH DApp volumes 

ETH price struggles to find reasons to rally after the network’s DApp volumes drop and Ether languishes near the $2,250 support.

Ether (ETH) has struggled to break above $2,450 for more than two weeks, and the recent 17% drop in Ethereum decentralized application (DApp) activity has raised concerns, particularly as it affects the layer-2 ecosystem. Traders are now questioning whether the current $2,250 support level will hold much longer.

On the positive side, Ethereum remains the dominant platform in terms of both activity and development, although competitors are gaining ground.

Top blockchains ranked by 7-day DApps volumes, USD. Source: DappRadar

Read more

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Tether Invests $200 Million in Blackrock Neurotech, Launches Evo Division

Tether Invests 0 Million in Blackrock Neurotech, Launches Evo DivisionTether, the giant behind the world’s largest stablecoin USDT, announced a $200 million strategic investment in Blackrock Neurotech, a brain-interface company. The investment also marks the launch of Evo, a new business division for the company that will examine investments in initiatives that merge tech and human potential. Tether Dabbles in Biotech, Acquires $200 Million […]

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Fidelity Incorporates Staking in Spot Ethereum ETF Offering to Boost Fund’s Income

Fidelity Incorporates Staking in Spot Ethereum ETF Offering to Boost Fund’s IncomeOn March 18, the financial behemoth Fidelity Investments updated its application for a spot ethereum exchange-traded fund (ETF) to encompass staking capabilities. The firm, Fidelity, has made it known that the sponsor might “from time to time” opt to “stake a portion of the fund’s assets through one or more trusted staking providers.” Fidelity Updates […]

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Lazarus used ‘Kandykorn’ malware in attempt to compromise exchange — Elastic

Lazarus members posed as engineers and fooled exchange employees into downloading difficult-to-detect malware.

Lazarus Group used a new form of malware in an attempt to compromise a crypto exchange, according to an Oct. 31 report from Elastic Security Labs.

Elastic has named the new malware “Kandykorn” and the loader program that loads it into memory “Sugarload,” as the loader file has a novel “.sld” extension in its name. Elastic did not name the exchange that was targeted.

Crypto exchanges have suffered a rash of private-key hacks in 2023, most of which have been traced to the North Korean cybercrime enterprise Lazarus Group.

Kandykorn infection process. Source: Elastic Security Labs

According to Elastic, the attack began when Lazarus members posed as blockchain engineers and targeted engineers from the unnamed crypto exchange. The attackers made contact on Discord, claiming they had designed a profitable arbitrage bot that could profit from discrepancies between the prices of cryptocurrencies on different exchanges.

The attackers convinced the engineers to download this “bot.” The files in the program’s ZIP folder had disguised names like “config.py” and “pricetable.py” that made it appear to be an arbitrage bot.

Once the engineers ran the program, it executed a “Main.py” file that ran some ordinary programs as well as a malicious file called “Watcher.py.” Watcher.py established a connection to a remote Google Drive account and began downloading content from it to another file named testSpeed.py. The malicious program then ran testSpeed.py a single time before deleting it in order to cover its tracks.

During the single-time execution of testSpeed.py, the program downloaded more content and eventually executed a file that Elastic calls “Sugarloader.” This file was obfuscated using a “binary packer,” Elastic stated, allowing it to bypass most malware detection programs. However, they were able to discover it by forcing the program to stop after its initialization functions had been called, then snapshotting the process’ virtual memory.

According to Elastic, it ran VirusTotal malware detection on Sugarloader, and the detector declared that the file was not malicious.

Related: Crypto firms beware: Lazarus’ new malware can now bypass detection

Once Sugarloader was downloaded onto the computer, it connected to a remote server and downloaded Kandykorn directly into the device’s memory. Kandykorn contains numerous functions that can be used by the remote server to perform various malicious activities. For example, the command “0xD3” can be used to list the contents of a directory on the victim’s computer, and “resp_file_down” can be used to transfer any of the victim’s files to the attacker’s computer.

Elastic believes that the attack occurred in April 2023. It claims that the program is probably still being used to perform attacks today, stating:

“This threat is still active and the tools and techniques are being continuously developed.”

Centralized crypto exchanges and apps suffered a rash of attacks in 2023. Alphapo, CoinsPaid, Atomic Wallet, Coinex, Stake and others have been victims of these attacks, most of which seem to have involved the attacker stealing a private key from the victim’s device and using it to transfer customers’ cryptocurrency to the attacker’s address. 

The United States Federal Bureau of Investigation has accused the Lazarus Group of being behind the Coinex hack, as well as performing the Stake attack and others.

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Exclusive: Hackers selling discounted tokens linked to CoinEx, Stake hacks

Blockchain analytics firm Match Systems has made contact with an individual who is believed to be selling tokens linked to the recent CoinEx and Stake hacks at discounted prices.

Blockchain analytics investigators have uncovered an individual linked to a cryptocurrency laundering operation that is offering stolen tokens at discounted prices from recent high-profile exchange hacks.

Speaking exclusively to Cointelegraph, a representative from blockchain security firm Match Systems outlined how investigations into several major breaches featuring similar methods through the summer months of 2023 have pointed to an individual who is allegedly selling stolen cryptocurrency tokens via peer-to-peer transfers.

Related: CoinEx hack: Compromised private keys led to $70M theft

The investigators managed to identify and make contact with an individual on Telegram offering stolen assets. The team confirmed that the user was in control of an address containing over $6 million worth of cryptocurrencies after receiving a small transaction from the corresponding address.

A message from the seller advertising stolen tokens being linked to CoinEx and Stake hacks. Source: Match Systems

The exchange of stolen assets was then conducted through a specially created Telegram bot, which offered a 3% discount off the token’s market price. Following initial conversations, the owner of the address reported that the initial assets on offer had been sold and that new tokens would be available some three weeks later:

“Maintaining our contact, this individual notified us about the commencement of new asset sales. Based on the available information, it is logical to assume that these are funds from CoinEx or Stake companies.”

The Match Systems team has not been able to fully identify the individual but has narrowed down their location to the European time zone based on several screenshots they had received and timings of conversations:

“We believe he is not part of the core team but is associated with them, possibly having been de-anonymized as a guarantee that he will not misuse the delegated assets.”

The individual also reportedly displayed "unstable" and "erratic" behavior during various interactions, abruptly leaving conversations with excuses like "Sorry, I must go; my mom is calling me to dinner”.

"Typically, he offers a 3% discount. Previously, when we first identified him, he would send 3.14 TRX as a form of proof to potential clients.”

Match Systems told Cointelegraph that the individual accepted Bitcoin (BTC) as a means of payment for the discounted stolen tokens and had previously sold $6 million worth of TRON (TRX) tokens. The latest offering from the Telegram user has listed $50 million worth of TRX, Ether (ETH) and Binance Smart Chain (BSC) tokens.

Blockchain security firm CertiK previously outlined the movement of stolen funds from the Stake heist in correspondence with Cointelegraph, with around $4.8 million of the total $41 million being laundered through various token movements and cross-chain swaps.

FBI later identified North Korean Lazarus Group hackers as the culprits of the Stake attack, while cyber security firm SlowMist also linked the $55 million CoinEx hack to the North Korean group. 

This is in slight contrast to information obtained by Cointelegraph from Match Systems which suggests that the perpetrators of the CoinEx and Stake hacks had slightly different identifiers in methodology.

Their analysis highlights that previous Lazarus Group laundering efforts did not involve Commonwealth of Independent States (CIS) nations like Russia and Ukraine while the 2023 summer hacks saw stolen funds being actively laundered in these jurisdictions.

Related: Stake hack of $41M was performed by North Korean group: FBI

Lazarus hackers left minimal digital footprints behind while recent incidents have left plenty of breadcrumbs for investigators. Social engineering has also been identified as a key attack vector in the summer hacks while Lazarus Group targeted “mathematical vulnerabilities”.

Lastly the firm notes that Lazarus hackers typically used Tornado Cash to launder stolen cryptocurrency while recent incidents have seen funds mixed through protocols like Sinbad and Wasabi. Key similarities are still significant. All these hacks have used BTC wallets as the primary repository for stolen assets as well as the Avalanche Bridge and mixers for token laundering.

Blockchain data reviewed at the end of Sept. 2023 suggests that North Korean hackers have stolen an estimated $47 million worth of cryptocurrency this year, including $42.5 million in BTC and $1.9 million ETH.

Magazine: Blockchain detectives: Mt. Gox collapse saw birth of Chainalysis

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Criminals more reliant on cross-chain bridges than ever after mixer crackdowns

The sanction of cryptocurrency mixer Tornado Cash in August caused the first major shift, but that is now accelerating even faster than projected.

Cybercriminals have accelerated their shift away from crypto mixers for cross-chain bridges over the past year, according to blockchain forensics firm Elliptic.

In June and July, nearly all of the crypto stolen was laundered through cross-chain bridges, Elliptic’s data shows a complete reversal from the first half of 2022.

In a Sept. 18 blog post, Elliptic explained the cross-chain crime trend is due to the “crime displacement” effect — where criminals move to a new method to carry out the illicit activity when the existing method gets over-policed. However, the shift to cross-chain bridges is rising ahead of their projections. 

Proportion of funds laundered between cryptocurrency mixers and cross-chain bridges between January 2022 and July 2023. Source: Elliptic.

Between July and September 2022, the ratio of laundered funds passing through mixers vs. cross-chain bridges flipped, corresponding to the U.S. Office of Foreign Asset Control’s sanctioning of Tornado Cash in August 2022, said the firm.

Elliptic said many cybercriminals, like the North Korean-backed Lazarus Group, flocked to the Avalanche bridge after the sanctions.

This same bridge was reportedly used recently by the Lazarus Group to facilitate some of the stolen funds in Stake’s $41 million exploit on Sept. 4, according to blockchain security firm CertiK.

Crypto mixers saw a small comeback between November 2022 and January 2023, due to the shutdown of RenBridge — which closed in December after its financer, Alameda Research collapsed from FTX’s bankruptcy.

Elliptic estimates that RenBridge facilitated $500 million in laundered funds throughout its operation.

However, shortly after, criminals have moved back to cross-chain bridges again, even more than before.

Related: 3 steps crypto investors can take to avoid hacks by the Lazarus Group

Elliptic said that criminals may be preferring cross-chain bridges as it is difficult for blockchain forensic firms to track illicit activity across chains in a scalable manner.

“Criminals are aware that legacy blockchain analytics solutions do not have the means to trace illicit blockchain activity across blockchains or tokens in a programmatic or scalable manner.”

In addition, many of these stolen tokens are only exchangeable through cross-chain bridges, while most of these DeFi services do not require identity verification to use, Elliptic explained.

The firm estimates that $4 billion in illicit or high-risk cryptocurrencies have been laundered through cross-chain bridges since 2020.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

3 steps crypto investors can take to avoid hacks by the Lazarus Group

The Lazarus Group has mastered the art of stealing crypto investors’ assets. Here are a few tips on how investors can protect their portfolios.

Cryptocurrency users frequently fall prey to online hacks with Mark Cuban being just the latest high-profile example how nearly a million dollars can leave your digital wallet.

It is possible to substantially bolster the security of your funds by heeding three simple guidelines that will be outlined in this article. But before delving into these, it's crucial to understand the type of threat that exists today. 

FBI has clear evidence on the Lazarus Group

The Lazarus Group is a North Korean state-sponsored hacking group, known for their sophisticated attacks linked to various cyberattacks and cybercriminal activities, including the WannaCry ransomware attack.

WannaCry disrupted critical services in numerous organizations, including healthcare institutions and government agencies by encrypting files on infected computers and demanding a ransom payment in Bitcoin (BTC).

One of its earliest crypto-related hacks was the breach of South Korean crypto exchange Yapizon (later rebranded to Youbit) in April 2017, resulting in the theft of 3,831 Bitcoin, worth over $4.5 million at the time.

The Lazarus Group's activities in the cryptocurrency space have raised concerns about its ability to generate funds for the North Korean regime and evade international sanctions. For instance, in 2022 the group was tied to a number of high-profile cryptocurrency hacks, including the theft of $620 million from Axie Infinity bridge Ronin.

The Federal Bureau of Investigation (FBI) blamed Lazarus Group for the Alphapo, CoinsPaid and Atomic Wallet hacks, stating that losses from all of these hacks add up to over $200 million the group has stolen in 2023.

This month, the FBI have attributed Lazarus Group to a $41 million hack of the crypto gambling site Stake, which was carried out through a spear-phishing campaign that targeted some of its employees.

Lastly, according to blockchain security firm SlowMist, the $55 million hack of the crypto exchange CoinEx was carried out by the North Korean state sponsored hackers.

Most hacks involve social engineering and exploit human error

Contrary to what movies usually display, meaning hackers either gaining physical access to devices or brute forcing passwords, most hacks occur through phishing and social engineering. The attacker relies on human curiosity or greed to entice the victim.

Those hackers may pose as customer support representatives or other trusted figures in order to trick victims into giving up their personal information.

For instance, a hacker might impersonate a company's IT support and call an employee, claiming they need to verify their login credentials for a system update. To build trust, the attacker might use public information about the company and the target's role.

Related: North Korean crypto hacks down 80%, but that could change overnight: Chainalysis

Phishing attacks involve sending deceptive emails or messages to trick recipients into taking malicious actions. An attacker might impersonate a reputable organization, such as a bank, and send an email to a user, asking them to click on a link to verify their account. The link takes them to a fraudulent website where their login credentials are stolen.

Baiting attacks offer something enticing to the victim, such as free software or a job opportunity. An attacker poses as a recruiter and creates a convincing job posting on a reputable job search website. To further establish trust, they may even conduct a fake video interview, and later inform the candidate that they have been selected. The hackers proceed by sending a seemingly innocuous file, like a PDF or a Word document, which contains malware.

How crypto investors can avoid hacks and exploits

Luckily, despite the increasing sophistication and capabilities of hackers today, there are three simple steps you can take to keep your funds safe. Namely: 

  • Use hardware wallets for long-term storage of your crypto assets, not directly connected to the internet, making them highly secure against online threats like phishing attacks or malware. They provide an extra layer of protection by keeping your private keys offline and away from potential hackers.
Common crypto hardware wallets. Source: Enjin
  • Enable Two-Factor Authentication, or 2FA, on all your crypto exchange and wallet accounts. This adds an extra security step by requiring you to provide a one-time code generated by an app like Google Authenticator or Authy. Even if an attacker manages to steal your password, they won't be able to access your accounts.
  • Be extremely cautious when clicking on links on emails and social media. Scammers often use enticing offers or giveaways to lure victims. Use separate "burner" accounts or wallets for experimenting with new decentralized applications and for airdrops to reduce the risk of losing your funds. 

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Hackers behind $41M Stake heist shifts BNB, MATIC in latest move: CertiK

A total of $4.8 million in funds have now been moved by the hacker to Bitcoin and now Avalanche.

The hackers behind cryptocurrency casino Stake’s $41 million hack have shifted another $328,000 million worth of Polygon (MATIC) and Binance Coin (BNB) tokens — its latest moves following the Sept. 4 exploit, according to blockchain security firm CertiK.

The most recent transfer involved 300 BNB tokens worth about $61,500 to an externally owned address “0x695…” which were then bridged to the Avalanche blockchain on Sept. 11 at 4:09 pm UTC.

Another 520,000 MATIC tokens worth over $266,000 were also moved to Avalanche seven hours earlier at 7:18 am UTC.

The 520,000 MATIC and 300 BNB — totaling $328,000 — add to the $4.5 million in stolen funds that were bridged to the Bitcoin blockchain (in the form of BTC) on Sept. 7, according to blockchain security firm Arkham.

The total $4.8 million transferred however only represents 1.2% of the total $41 million stolen from the hackers.

It is understood the hacker gained access to the private key of Stake’s Binance Smart Chain and Ethereum hot wallets to perpetrate the hack on Sept. 4.

The United States Federal Bureau of Investigation believes North Korea’s Lazarus Group was behind the exploit.

Estimated funds lost from hacks, scams passes $1 billion

With $41 million stripped from Stake, the industry’s malicious actors have now taken the cryptocurrency hacks and scams toll to well over $1 billion in 2023.

CertiK previously reported the figure to be $997 million at the end of August, though several attacks in the last two weeks will push the figure over the $1 billion mark. 

Related: CertiK drops findings on alleged scammer who stole $1M in crypto

In September, a cryptocurrency whale lost $24 million in staked Ether (ETH) in a phishing attack on Sept. 6, and Vitalik Buterin’s X (formerly Twitter) account was then compromised on Sept. 9, where the hacker then lured several victims into a nonfungible token scam which totaled $691,000.

The three incidents would take CertiK’s August figure to at least $1.04 billion.

Other recent incidents include Pepe (PEPE) coin’s withdrawal incident which set back investors $13.2 million, Exactly Protocol’s $7.3 million exploit and an exposed security vulnerability on Balancer which did $2.1 million in damage.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto

Stake hack of $41M was performed by North Korean group: FBI

After investigating, the FBI concluded that the hack of crypto gambling site Stake was carried out by North Korean hackers Lazarus Group.

The $41 million hack of crypto gambling site Stake was carried out by the North Korean Lazarus Group, the Federal Bureau of Investigation (FBI) stated in an announcement on Sept. 7. This group has stolen more than $200 million of crypto in 2023, the announcement stated.

Stake is a crypto gambling platform that offers casino games and sports betting. It was the victim of a cyberattack on Sept. 4 that drained over $41 million worth of cryptocurrency from its hot wallets. The Stake team stated that the hacker only obtained a small percentage of funds and that users would not be affected.

According to the FBI statement on Sept. 7, the agency has carried out an investigation and has concluded that the attack was performed by the Lazarus Group, a notorious cybercrime organization believed to be associated with the Democratic People’s Republic of Korea (DPRK). DPRK is also known as “North Korea.”

The FBI listed the addresses where the stolen funds are now held, which exist on the Bitcoin, Ethereum, BNB Smart Chain and Polygon networks. It recommended that all crypto protocols and businesses review the addresses used in the hack and avoid transacting with them, stating:

“Private sector entities are encouraged to review the previously released Cyber Security Advisory on TraderTraitor and examine the blockchain data associated with the above-referenced virtual currency addresses and be vigilant in guarding against transactions directly with, or derived from, those addresses.”

Related: FBI flags 6 Bitcoin wallets linked to North Korea, urges vigilance in crypto firms

The agency also blamed Lazarus for the Alphapo, CoinsPaid and Atomic Wallet hacks, stating that losses from all of these hacks add up to over $200 million the group has stolen in 2023. Alphapo is a payment processor that suffered over $65 million in suspicious withdrawals on July 23. CoinsPaid, another payments firm, lost over $37 million through social engineering sometime in late July. And Atomic Wallet users lost a whopping $100 million in June through an unknown exploit.

‘$600M Would Buy a Lot of Bitcoin’: Microstrategy Boss Steers Bezos Wedding Drama Toward Crypto