Web3 wallet provider, MetaMask took Twitter to deny claims that a “massive wallet-draining operation” originated from an exploit of its wallet. The update comes after Taylor Mohanan alleged that an attacker was “sending” transactions via MetaMask, draining crypto from long-time users and employees. Mohanan, who also happens to be a MetaMask developer, later confirmed that...Read More
Tornado Cash has, once again, found itself as the nexus of pilfered funds from a DeFi protocol. An Ethereum wallet address associated with the exploiter of the DAO Maker breach from 2021 sent $600,000 worth of DAI stablecoin through the controversial coin mixer. According to the blockchain security firm, PeckShield, the wallet had been dormant...Read More
Cryptocurrency exchange Bitrue was exploited today, with the perpetrator being able to withdraw approximately $23 million worth of cryptocurrency. The exploit was officially confirmed. In a Twitter thread posted today, Bitrue revealed that the exchange suffered a “brief exploit” in one of their hot wallets earlier. 1/4: We have identified a brief exploit in one...Read More
Ethereum-based decentralized exchange (DEX) SushiSwap released an update about its plans to return stolen funds to users affected by the $3.3 million exploit over the weekend. According to an announcement from the exchange’s official Twitter handle, users whose assets were taken by white hat security teams would be refunded quicker than those who lost theirs...Read More
As DeFi hacks continue, the latest protocols to be targeted by exploiters are Aave and Yearn Finance, according to blockchain security firm PeckShield. Aave’s version 1 was impacted, while versions 2 and 3 remained unaffected. The oldest version has been frozen since December 2022, and the team behind the lending protocol said it is monitoring...Read More
Hackers drained almost $13 million worth of digital assets from the South Korean cryptocurrency platform GDAC. This is the latest in a string of setbacks the industry went through. The Latest Victim The exchange’s team notified its users on April 9 that hackers exploited the Gdac Hot Wallet and transferred a significant amount of cryptocurrencies...Read More
Terraport Finance, a decentralized finance (DeFi) platform on the Terra Classic network, has lost over $2 million worth of digital assets through an exploit on its liquidity wallet. According to an announcement from the project’s official Twitter handle on April 10, the Terraport team is still investigating the hack and trying to secure the protocol....Read More
The blockchain security resource PeckShield was the first to inform about the exploit against SushiSwap’s approval contract. According to the firm, all 1,800 ETH (worth about $3.3 million) were drained from a single user – @0xsifu. The “RouterProcessor2” contract in question is used to execute trade routing on the popular decentralized exchange. It seems the...Read More
The multichain token bridge Allbridge, which was recently hacked, said that 1,500 BNB (worth around $465,000) was returned to its team. The rest of the funds will be considered a white hat bounty to the exploiter, according to the statement. The cross-chain bridge enables digital asset transfer from one blockchain network to another via liquidity...Read More
The exploiter behind the multi-million dollar Euler Finance attack has returned all recoverable funds, the decentralized finance (DeFi) lending protocol announced Tuesday. In a Twitter post, the project’s development team disclosed that the hacker returned all the funds after successful negotiations. Euler Finance Receives Stolen Funds Recall that Euler lost roughly $200 million on March...Read More
The blockchain security company – PeckShield – outlined that wrongdoers siphoned $211.5 million worth of cryptocurrencies last month via 26 attacks. The Euler Finance exploit accounted for the bigger part of the amount after hackers stole $197 million in staked ETH, USDC, wrapped BTC, and DAI. March Was Not All Sunshine and Roses The revival...Read More
A large Ethereum MEV bot was targeted in a sandwich attack on Sunday, netting an attacking validator roughly $25 million in funds. A sandwich attack is when an attacker places a large trade on either side of a target’s transaction, manipulating the price and profiting from the price change. In this case, the money was...Read More
Decentralized finance (DeFi) project SafeMoon saw its liquidity pool (LP) compromised on Tuesday through a public token bug, with the attacker draining wrapped BNB (WBNB) from the protocol. SafeMoon announced the attack on Twitter, disclosing it was working to resolve the issue as soon as possible. However, the platform did not share details of the...Read More
The hacker behind DeFi protocol Euler Finance’s $200 million exploit earlier this month has publicly communicated through the blockchain to apologize for his crime. The exploiter, going by the name “Jacob,” has gradually been returning funds related to the hack, now totalling $177 million. In an encoded blockchain message on Monday, the hacker promised to...Read More
The hacker behind the largest DeFi exploit of 2023 continues to demonstrate controversial behavior, as this time, they returned the majority of the funds stolen from Euler Finance. In two separate transactions, the perpetrator sent back over $100 million worth of ETH to the protocol. CryptoPotato reported the flash loan attack, which took place earlier...Read More
Omniscia, the auditing partner of Euler Finance, has released a post-mortem report on the same which stated that the vulnerability that was exploited by the malicious hackers originated from the decentralized finance lending protocol’s incorrect donation mechanism that failed to account for the donator’s debt health. The vulnerable code introduced in eIP-14 brought about several...Read More
As if the traditional banking system isn’t causing enough troubles, a DeFi lending protocol called Euler Finance was also hit by a flash-loan attack. The damage equates to almost $200 million worth of staked ether, USDC, wrapped BTC, and DAI. Euler Finance is a decentralized lending protocol that was most recently exploited for a whopping...Read More
Decentralized proof-of-stake (PoS) blockchain Hedera finally confirmed a security breach. In an update, the team behind the platform revealed that attackers managed to exploit the Smart Contract Service code of the protocol’s mainnet to transfer Hedera Token Service tokens held by victims’ accounts to their own. It said the root cause of the issue has...Read More
The hacker who stole $1.59 million worth of crypto assets from Arbitrum-based decentralized finance (DeFi) lending platform Tender.fi has returned nearly all the funds, keeping roughly $97,000 as a bounty reward. Tender.fi was exploited on the morning of March 7, with the project’s official Twitter handle confirming the incident in a tweet a few minutes...Read More
The hacker of the DeFi project – Uranium Finance – started moving 2,250 ETH, worth approximately $3.35 million, in stolen funds into the popular coin mixer, TornadoCash. The movement of funds from the wallet was detected by the blockchain security firm, PeckShield, on March 7th. Data from Etherscan reveals that the hacker transferred the funds...Read More
Algorand-based wallet provider MyAlgo has cautioned users to withdraw assets from all wallets created with a mnemonic phrase as the company continues investigating an exploit that led to a $10 million loss. The wallet provider tweeted on February 26, warning users that “a targeted attack was carried out against a group of high-profile MyAlgo accounts.”...Read More
Lendhub, a relatively small cross-chain crypto lending platform operating on HECO, was exploited to the tune of $6 million dollars earlier this January. Attack Possible Solely Due to Poor Coding The attack was carried out due to a poorly-executed removal of a deprecated IBSV cToken. Its replacement, which was already active, had an identical price...Read More
The Solana-based Wormhole Bridge was hacked for $325 million after the attacker managed to exploit a security flaw, making it one of the largest exploits in crypto history. A year later, a group of white hats, along with two crypto firms, launched a “counter-exploit” against the malicious entities and clawed back a portion of stolen...Read More
Avraham Eisenberg, the 27-year-old Puerto Rico man who made over $100 million by exploiting the decentralized finance (DeFi) protocol Mango Markets in October 2022, is seeking to keep part of the funds as a bug bounty. In a court document filed at the US District Court for the Southern District of New York on Wednesday,...Read More
It’s been over half a year since the Harmony bridge was breached, allowing hackers believed to be a part of the Lazarus Group to make off with about $100 million in cryptocurrencies at the time they were stolen. Multiple Cashout Attempts Nearly $91 million of those funds have seen attempted cashouts so far. The most...Read More
The hacker who exploited Solana’s cross-chain bridge Wormhole a year ago has moved another $61 million in ether (ETH) of the stolen funds. Blockchain security firm PeckShield disclosed Sunday that the exploiter moved some of the assets to the Ethereum-based decentralized protocol MakerDAO. Wormhole Attacker Moves Stolen Funds Again Recall that Wormhole Bridge was exploited...Read More
Decentralized finance (DeFi) protocol dForce has suffered a reentrancy vulnerability attack leading to the loss of $3.6 million worth of crypto assets. The attacker targeted the protocol’s vault on the automated market maker (AMM) platform Curve Finance, which operates on the Arbitrum and Optimism blockchains. dForce Exploited for $3.65M The hack was first flagged by...Read More
Trust Wallet – a multi-chain crypto wallet provider – provided a statement on Wednesday explaining recent events allowing for $4 million to be stolen from one of its users. The company chalked the theft’s cause up to a social engineering attack by an organized crime unit in Rome, rather than a flaw in its software. ...Read More
Decentralized finance (DeFi) protocol CoW Swap has suffered a smart contract exploit, leading to the loss of approximately 551 BNB ($181,600). According to reports, the attacker added a wallet address as a “solver” of CoW Swap and invoked a transaction to approve DAI transfers to SwapGuard before moving the assets to other addresses. A Settlement...Read More
Orion Protocol – a liquidity aggregator for both CeFi and DeFi exchanges – saw its core contract hacked on Thursday across both its Ethereum and Binance Smart Chains (BSC) deployments. The hacker netted over 1700 ETH, cumulatively worth over $3 million at writing time. Another Reentrancy Hack As explained by the blockchain security company PeckShield...Read More