Home » Exploit

Exploit

Maybe it WAS illegal: Mango Markets exploiter arrested on fraud charges

The crypto trader behind the $110 million exploit of decentralized exchange Mango Markets has been arrested in Puerto Rico — and charged with market manipulation and fraud. According to a previously sealed complaint filed with the Southern District of New York and made public on Dec. 27, the Federal Bureau of Investigation (FBI) pinned Avraham Eisenberg with one count commodities fraud and one count of commodities manipulation in relation to his exploit of Mango Markets. Eisenberg’s Oct. 11 exploit of Mango Markets worked by manipulating the value of the platform’s native token, MNGO, artificially inflating its price relative to USD Coin (USDC). Eisenberg and his team then took out “massive loans” against its inflated collateral, which drained Mango’s treasury of around $110 million worth ...

FTX hacker is now the 35th largest holder of ETH

The hacker that exploited the now-bankrupt FTX exchange last week made a tidy fortune that has propelled them to Ether (ETH) whale status. Just a day after the embattled FTX exchange filed for Chapter 11 bankruptcy, its wallets were drained for more than $663 million in various crypto assets, according to blockchain intelligence company Elliptic. Elliptic suspected $477 million of this was stolen, with a large chunk of those tokens being then converted into ETH, while $186 million worth of more than a hundred different tokens was believed to be moved into secure storage by FTX itself. As reported by Cointelegraph on Nov. 15, the attacker was still draining wallets four days later in what analysts called “on-chain spoofing.” According to blockchain security firm Beosin, the attacker has con...

Mango Markets exploiter said actions were ‘legal,’ but was it?

The $117 million Mango Markets exploiter has defended that their actions were ‘legal,’ but a lawyer suggests that they could still face consequences. Self-described digital art dealer Avraham Eisenberg, outed himself as the exploiter in a series of tweets on Oct. 15 claiming he and a team undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.” I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are. — Avraham Eisenberg (@avi_eisen) October 15, 2022 The Oct. 11 exploit worked through Eisenberg and his team manipulating the value of their posted collateral — the platforms’ n...

White hat finds huge vulnerability in ETH to Arbitrum bridge: Wen max bounty?

A self-described white hat hacker has uncovered a “multi-million dollar vulnerability” in the bridge linking Ethereum and Arbitrum Nitro and received a 400 Ether (ETH) bounty for their find. Known as riptide on Twitter, the hacker described the exploit as the use of an initializing function to set their own bridge address, which would hijack all incoming ETH deposits from those trying to bridge funds from Ethereum to Arbitrum Nitro. Riptide explained the exploit in a Medium post on Sept. 20: “We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.” The hack could have potentially netted tens or even hundreds of millions worth...

Curve Finance exploit: Experts dissect what went wrong

Decentralized finance protocols continue to be targeted by hackers, with Curve Finance becoming the latest platform to be compromised after a domain name system (DNS) hijacking incident. The automated market maker warned users not to use the front end of its website on Tuesday after the incident was flagged online by a number of members of the wider cryptocurrency community. While the exact attack mechanism is still under investigation, the consensus is that attackers managed to clone the Curve Finance website and rerouted the DNS server to the fake page. Users who attempted to make use of the platform then had their funds drained to a pool operated by the attackers. Curve Finance managed to remedy the situation in a timely fashion, but attackers still managed to siphon what was origi...

Solana and Ethereum smart contract audits, explained

As you might expect, this depends on how complex a smart contract is. According to Hacken, this can extend to $500,000 for larger projects where there are more lines of code — not least because of the additional engineering hours it’ll take. The company argues these costs pale into comparison with the economic damage that a smart contract vulnerability can bring. Hacken cites data showing that, in 2021, 80% of the incidents affecting decentralized applications related to smart contracts — with losses hitting $6.9 billion. Breaking this down even further, and we can see that the average cost per project stands at $47 million. Somehow, $500,000 looks a lot less expensive now.  Overall, 60% of its clients have been based on Ethereum so far in 2022. And here&...

Blockchain isn’t as decentralized as you think: Defense agency report

Distributed ledger technology (DLT) and blockchains including Bitcoin and Ethereum may be more vulnerable to centralization risks than initially thought, according to Trail of Bits.  The security firm on Tuesday released its report titled “Are Blockchains Decentralized?”, which was commissioned by the U.S. Government’s Defense Advanced Research Projects Agency (DARPA). The report aims to investigate whether blockchains including Bitcoin and Ethereum are truly decentralized, though the report appeared to focus largely on Bitcoin. Among its key findings, the security firm found that outdated Bitcoin nodes, unencrypted blockchain mining pools and a majority of unencrypted Bitcoin network traffic traversing over only a limited number of ISPs could leave room for various actors to garner e...

Beanstalk Farms offers plea deal to perpetrators of $76M exploit

Beanstalk Farms, a credit-based stablecoin protocol exploited for around $76 million in crypto on April 18, has offered a bounty of 10% if the attackers return the funds.  The offer was posted on the company’s Twitter and sent to the attackers via an on-chain message the following day. It proposed that the exploiters return 90% of the stolen funds to the Beanstalk Farms’ multisignature wallet. In return, the exploiters will be allowed to keep the remaining 10% as a whitehat bounty — a deal offered by platforms to reward individuals for reporting security exploits and vulnerabilities. As previously reported by Cointelegraph, the $76 million exploit, which was initially thought to be around $182 million, was not considered to be a hack, as the smart contracts and governance procedures u...

Beanstalk Farms loses $182M in DeFi governance exploit

Credit-based stablecoin protocol Beanstalk Farms lost all of its $182 million collateral from a security breach caused by two sinister governance proposals and a flash loan attack. The problem for the protocol was seeded by suspicious governance proposals BIP-18 and BIP-19 issued on April 16 by the exploiter that asked for the protocol to donate funds to Ukraine. However, those proposals had a malicious rider attached to them which ultimately created the sinkhole of funds from the protocol according to smart contract auditor BlockSec. This latest security breach of a decentralized finance (DeFi) protocol took place at 12:24 pm UTC. At that time, the exploiter took out $1 billion in flash loans from the AAVE (AAVE) protocol denominated in DAI (DAI), USD Coin (USDC), and Tether (USDT) stable...

Sam Allardyce: Premier League is becoming boring

Press Association Sam Allardyce has warned that the Premier League is in danger of becoming boring because teams have been “brainwashed” into using the same playing style. The English top-flight has opened up to different tactical approaches over the last decade, with an influx of coaches coming from elsewhere in Europe. However the West Brom manager fears coaches are being prevented from sticking to their preferred style and that the league is suffering as a result. He said to Sky Sports: “What’s the point of playing out from the back against Man City and Liverpool, the best high-pressing team in this country. If they drop off, you play out from the back. Where’s the space? Exploit the space. I tried to get the players to think about that. It’s a simple game that’s been complicated far to...