1. Home
  2. Threat

Threat

Euler Finance’s offer to hacker: Keep $20M or face the law

The hacker committed a $196 million flash loan attack on the Ethereum-based lending protocol on March 13.

Ethereum-based noncustodial lending protocol Euler Finance is trying to cut a deal with the exploiter that stole millions from its protocol, demanding the hacker returns 90% of the funds they stole within 24 hours or face legal consequences.

Euler Labs sent its ultimatum to the flash loan attacker who exploited the platform for $196 million by transferring the hacker 0 Ether (ETH) with an attached message on March 14:

“Following up on our message from yesterday. If 90% of the funds are not returned within 24 hours, tomorrow we will launch a $1M reward for information that leads to your arrest and the return of all funds.”

The threat of law enforcement comes as Euler sent the hacker a much more civil message the day before.

“We understand you are responsible for this morning’s attack on the Euler platform,” it read. “We are writing to see whether you would be open to speaking with us about any potential next steps.”

The request for a 90% fund return would see the hacker send back $176.4 million while holding onto the remaining $19.6 million.

However, many observers have noted that the hacker has very little to no incentive to follow through with the deal.

“If I was the hacker I’d simply say ‘to anyone who manages to track me down, I will give you $2 million not to tell Euler,’” one observer said.

“Yeh he has 200 Million they have 2 Million. He wins in a bidding war,” another Twitter user wrote in response.

Euler Labs said it was already working with law enforcement in the United States and the United Kingdom, along with engaging blockchain intelligence platforms Chainalysis, TRM Labs and the broader Ethereum community, to help track down the hacker.

Related: DeFi protocol Platypus suffers $8.5M flash loan attack, suspect identified

The lending platform added it was able to promptly stop the flash loan attack by blocking deposits and the “vulnerable” donation function.

As for the exploited code, the team explained that the vulnerability “was not discovered” in the audit of its smart contract, which had existed on-chain for eight months until bei exploited on March 13.

Chainlink Collaborates With Microsoft on CBDC Commissioned By Brazil’s Central Bank

PennyWise crypto-stealing malware spreads through YouTube

The malware targets Zcash and Ethereum wallets alongside Electrum, Atomic Wallet and Coinomi, it takes your browser extension and login data and reads your chat logs.

A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions.

Cyber intelligence company Cyble in a June 30 blog post said it had been tracking the malware known as “PennyWise” — likely named after the monster in Stephen King's horror novel “It” — since it was first identified in May.

“Our investigation indicates that the stealer is an emerging threat,” wrote Cyble in a blog post on June 30.

“In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications such as cold crypto wallets, crypto-browser extensions, etc.”

Data stolen from the victim's system comes in the form of Chromium and Mozilla browser information, including cryptocurrency extension data and login data. It can also take screenshots and steal sessions of chat applications such as Discord and Telegram.

The malware also targets cold crypto-wallets such as Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda, and Coinomi, as well as wallets supporting Zcash and Ethereum by looking for wallet files in the directory and sending a copy of the files to attackers, according to Cyble.

The cybersecurity company noted that the malware is being spread on YouTube mining education videos purporting to be free Bitcoin mining software.

The cybercriminals, or “Threat Actors” upload videos instructing viewers to visit the link in the description and download the free software, whilst also encouraging them also to disable their antivirus software which enables the malware to run successfully.

Cyble said the attacker had as many as 80 videos on their YouTube channel as of June 30 however, the channel identified has since been removed.

A search by Cointelegraph found similar links to the malware remain on other smaller YouTube channels, with videos promising free NFT-mining, cracks for paid software, free Spotify premium, game cheats and mods.

Many of these accounts have only been created within the last 24 hours.

Related: Bitcoin stealing malware: Bitter reminder for crypto users to stay vigilant

Interestingly, the malware is designed to stop itself if it finds out the victim is based in Russia, Ukraine, Belarus, and Kazakhstan. Cyble also found that the malware converts the victim’s stolen timezone data to Russian Standard Time (RST) when the data is sent back to the attackers.

In February, malware named Mars Stealer was identified as targeting crypto wallets that work as Chromium browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet.

Chainalysis warned in January that even “low-skilled cybercriminals” are now using malware to take funds from crypto hodlers, with cryptojacking accounting for 73% of the total value received by malware-related addresses between 2017 and 2021.

Chainlink Collaborates With Microsoft on CBDC Commissioned By Brazil’s Central Bank

Anonymous Allegedly Hacks Sberbank, Russia’s Largest Bank

Anonymous Allegedly Hacks Sberbank, Russia’s Largest BankHacktivist collective Anonymous has allegedly breached the systems of one of the largest financial institutions in Russia, Sberbank. The attackers announced on social media they have published thousands of emails, phone numbers, and addresses. Anonymous Hackers Reportedly Gain Access to Sberbank Database Decentralized hacking group Anonymous claims to have hacked Sberbank. A Twitter account associated […]

Chainlink Collaborates With Microsoft on CBDC Commissioned By Brazil’s Central Bank