CertiK has revealed transactions connecting the breaches at Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx that show Lazarus Group’s involvement in these exploits. This comes while the digital community is reeling from various cyber attacks that have affected several major Web3 entities. On-Chain Connections The infamous Lazarus Group, supported by North Korea, is still causing...Read More
North Korea’s notorious state-backed Lazarus Group is speculated to be behind the $55 million hack of crypto exchange CoinEx. According to prominent on-chain sleuth ZachXBT’s latest update, the attackers “accidentally” connected their address to the $41 million hack of the betting platform Stake.com. Just a day after the exploit, the investigator flagged an Ethereum wallet...Read More
Global cryptocurrency exchange CoinEx has been hacked for at least $29 million, with blockchain sleuths identifying a series of suspicious transactions leaving the firm’s hot wallets. Crypto security platform Cyvers reported the breach on Tuesday, calling on CoinEx to halt all deposits and withdrawals immediately. The hack occurred across three different blockchains, involving a wide...Read More
Vitalik Buterin, the co-founder of the second-largest blockchain, Ethereum, had his X account hacked to portray a phishing site that reportedly drained over $800,000. The fraudulent post has been deleted since, and the account has been restored. The blockchain security resource PeckShield was among the first to alert about the ongoing hack later last night,...Read More
The US Federal Bureau of Investigations (FBI) claimed that the notorious North Korea-sponsored hacking syndicate Lazarus Group is responsible for the recent attack on the cryptocurrency sports betting and casino platform Stake. The hack resulted in the loss of over $41 million worth of crypto assets from the gambling firm. Lazarus Group Behind Stake Hack...Read More
Millions of digital assets have been stolen by cyber adversaries via DNS hijacking attacks for phishing purposes, targeting users’ wallet seed phrases, or creating deceptive webpages that closely resemble legitimate sites. Attacks on Domain Name Systems (DNSs) play a crucial role in the internet’s infrastructure, providing insights into security incidents in Web 2 that have...Read More
On the 22nd of August, Balancer Labs – a non-custodial portfolio manager, liquidity provider, and price sensor – received reports of a massive vulnerability affecting several of its lending pools. At the time, no attacks had been carried out – but that changed recently. Community Alerted As soon as the exploit was discovered, Balancer devs...Read More
The security services platform that offers protection against Web3 bugs – Immunefi – estimated that hackers and fraudsters have drained approximately $23.4 million worth of digital assets from crypto projects in August. While the figure might sound significant, it is 92% less than the recorded losses in July when wrongdoers siphoned over $320 million. Last...Read More
A collective of 50 Russian customers of the non-custodial decentralized wallet – Atomic Wallet – have reportedly launched a class action lawsuit against it after becoming victims of a recent $100 million exploit. Some believe the North Korean hackers – the Lazarus Group – were responsible for the heist. However, Boris Feldman (who coordinates the...Read More
About two weeks ago, Cypher Protocol was attacked by an as-of-yet unknown bad actor, who stole over $1 million worth of crypto through a smart contract exploit. Since then, both the project’s devs and the community have attempted to reach out to the attacker via social media and impromptu NFTs. However, the perpetrator did not...Read More
Hacker groups affiliated with North Korea have become highly active in the digital asset space, relentlessly pilfering funds. Despite a decrease from the record-breaking numbers of 2022, the “hermit kingdom” has continued to concentrate on the cryptocurrency landscape this year. In fact, the stolen funds are being funneled in billions into the country’s nuclear program....Read More
A crypto wallet connected to the October 2022 BNB Chain $600 million exploit has lost roughly $63 million on the decentralized lending platform Venus Protocol due to liquidation that resulted from the massive bloodbath in the market yesterday. According to a series of tweets by blockchain security firm PeckShield, the exploiter’s wallet was first liquidated...Read More
Optimism network-based decentralized credit market Exactly Protocol became the target of exploitation on August 18th. The breach resulted in a significant drop in the platform’s total value locked (TVL). Meanwhile, Exactly’s recently-announced native token – EXA – slumped by more than 27% over the past day. The protocol was halted temporarily. Another DeFi Project Hacked Blockchain...Read More
The second-largest decentralized exchange on the newly released Base blockchain – RocketSwap – announced eliminating any existing high risks and vulnerabilities a day after sustaining a “brute force hack of the server” where the platform stored its private keys. The RocketSwap team confirmed relinquishing minting rights, which is part of its recovery plan. In a...Read More
On the 13th of August, DeFi project Zunami Protocol was attacked by bad actors, resulting in an estimated loss of $2.1 million. A decentralized revenue aggregator project allowing users to stake stablecoins for yield, the exploit of Zunami focused on its Curve pools, adding one more victim to the list of protocols affected by the...Read More
Crypto infrastructure giant Fireblocks has publicly revealed security vulnerabilities in the technology used by over a dozen major digital asset wallet providers. If unaddressed, the company warned that attackers could exploit the bugs to steal from millions of customers. The Bitforge Exploits The set of vulnerabilities – collectively referred to as “Bitforge” – apply to...Read More
Cypher Protocol, a Solana-based futures DEX, has been forced to pause its smart contract in the wake of an exploit that resulted in a loss of more than $1 million. The Why Late last night, Cypher’s devs announced that they had suffered a “security incident”, resulting in the need to pause their smart contract until...Read More
The hackers behind the recent exploit of several pools on the decentralized exchange Curve Finance have returned approximately 73% of the stolen crypto assets, accounting for about $52.3 million. Blockchain security firm PeckShield revealed Monday that Curve Finance lost $73.5 million in the hack. With the amount recovered so far, the exchange is looking to...Read More
Decentralized exchange Curve Finance has teamed up with Metronome and Alchemix to offer a 10% bug bounty to the attackers behind the recent exploit that saw more than $50 million siphoned off the platforms’ pools. According to an on-chain message on one hacker’s Ethereum address, the protocols are willing to cease the pursuit of the...Read More
On July 30, Curve Finance suffered exploits on a number of its stable pools that were using Vyper, which is a smart contract programming language for the Ethereum Virtual Machine (EVM). Curve alerted its users that alETH, msETH, and pETH stable pools using Vyper 0.2.15 have been exploited “as a result of a malfunctioning reentrancy...Read More
Cybercriminals are increasingly moving away from ransomware attacks and opting for a more covert strategy of utilizing stolen computing power to mine digital currency. To increase their likelihood of success, these malicious entities constantly vary their tools, tactics, and procedures, remaining adaptive and evasive in their approach. According to SonicWall, the publisher of cyberattack intelligence...Read More
North Korean state-sponsored Lazarus Group continues to wreak havoc in the crypto space. CoinsPaid has accused the threat actor of orchestrating the cyber attack on its internal systems. The platform lost $37.3 million in the process but did not shed light on the details of the theft. In response to the attack on July 22,...Read More
On the 25th of July, EraLend was hit by a reentrancy attack that allowed an unknown bad actor to make off with about $3.4 million worth of crypto. A reentrancy attack, a type of cyberattack affecting smart contracts, is one of the most common exploits against DeFi protocols. In it, a bad actor identifies a...Read More
The losses incurred by crypto payments processor Alphapo during its security breach are now estimated to be $60 million, roughly two days after hackers exploited the platform’s hot wallets. According to an update provided by on-chain sleuth ZachXBT, an additional $37 million compromised during the hack on Tron and Bitcoin has been located, increasing the...Read More
A security outfit led by ethical hackers who specialize in security audits claimed to be offered a $500 bounty by DxSale Network, a decentralized token launchpad, after informing the platform of a breach that could cost it over $5 million. The reward is one of the lowest ever offered to a white hat hacker. $500...Read More
The recently hacked cross-chain router protocol Multichain announced it is shutting down its operations, citing a lack of operational funds and information about its CEO Zhaojun, who is in the custody of Chinese police. The latest update provided by the team confirmed the rumors about the exec’s arrest. On July 14, Multichain took to Twitter...Read More
Non-custodial decentralized finance (DeFi) protocol, Arcadia Finance, is the latest victim of a $455,000 exploit that occurred on both the Ethereum and Optimism networks. Confirming the hack, Arcadia revealed that it is working with security partners to minimize the damage after pausing the contracts. The platform has also roped in law enforcement to deal with...Read More
Changpeng Zhao (CZ), the CEO and founder of leading crypto exchange Binance, announced that his company’s users, assets, and platform were unaffected by the recent hack on the cross-chain router protocol Multichain. The Binance boss tweeted that the exchange had finalized all asset swaps and closed deposits a while before the incident occurred. Binance Unaffected...Read More
The Federal Bureau of Investigation (FBI) reportedly searched the residence of Jesse Powell – founder and former CEO of crypto exchange Kraken – earlier this year. The investigation came a few months after a nonprofit organization accused him of hacking and cyberstalking activities. The FBI has targeted other crypto-related individuals in the recent past, with...Read More
Cryptocurrency exchange Bitfinex has recovered some of the funds it lost after being hacked in August 2016. The recovered assets will be used to compensate holders of the exchange’s Recovery Right Tokens (RRTs), which were issued to impacted creditors after the security breach. How Much Was Recovered? As announced by Bitfinex on Thursday, the United...Read More
