Hacks
Abnormal token price movements on Binance not hack-related, confirms CZ
Crypto exchange Binance began investigating suspicious behavior on its platform after noticing abnormal price movements for certain trading pairs involving Sun Token (SUN), Ardor (ARDR), Osmosis (OSMO), FUNToken (FUN) and Golem (GLM) tokens. Nearly 40 minutes into the investigation, Binance CEO Changpeng ‘CZ’ Zhao revealed that the price movements “appears to be just market behavior.” On Dec. 11 at 3:10 am ET, Binance issued a notice about abnormal price movements for some trading pairs. The exchange began an investigation to narrow down suspicious accounts responsible for the issue. To investors’ relief, Binance’s investigation did not point to the possibility of compromised accounts or stolen API keys. Based on our investigations so far, this appears to be just market behavior. One guy d...
Lodestar Finance exploited in flash loan attack
Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, “an exploit that by itself would be unprofitable”, said the company. Then, the attacker supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds “until the collateralization ratio mechanism prevented a full liquidation of the plvGLP.” Following the hack, “several plvGLP holders also took advantage of the opportunity and als...
North Korean Lazarus Group is targeting crypto funds with a new spin on an old trick
Microsoft reports that a threat actor has been identified targeting cryptocurrency investment startups. A party Microsoft has dubbed DEV-0139 posed as a cryptocurrency investment company on Telegram and used an Excel file weaponized with “well-crafted” malware to infect systems that it then remotely accessed. The threat is part of a trend in attacks showing a high level of sophistication. In this case, the threat actor, falsely identifying itself with fake profiles of OKX employees, joined Telegram groups “used to facilitate communication between VIP clients and cryptocurrency exchange platforms,” Microsoft wrote in a Dec. 6 blog post. Microsoft explained: “We are […] seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their targ...
Ankr says no one should trade aBNBc, only LPs ‘caught off guard’ will be compensated
Following yesterday’s confirmed multi-million dollar exploit, BNB Chain based protocol Ankr took to its company blog on Dec. 2 to relay its next steps to users. The team said it was identifying liquidity providers to decentralized exchanges as well as protocols supporting aBNBc or aBNBb LP. The group also said it is assessing aBNBc collateral pools, such as Midas and Helio. According to the post, Ankr intends to purchase $5 million worth of BNB, which it will use to compensate liquidity providers affected by the exploit. Some users speculatively traded diluted aBNBc after the exploit had occurred as well, but the company indicated that these traders won’t be included in the protocol’s recompense measures stating, “we are only able to compensate LP’s caught off...
DeFi ecosystem still haunted by FTX contagion: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The FTX contagion that started in the second week of November is still haunting various crypto protocols in the DeFi ecosystem. The latest to fall prey to the contagion includes the Solana-based decentralized exchange (DEX) Serum, of which Alameda and FTX were backers. Another DeFi crypto trading firm Auros Global missed its principal repayment on a 2,400 Wrapped Ether (wETH) DeFi loan. Looking at some other key news in the DeFi ecosystem, popular DEX protocol Uniswap launched its nonfungible token (NFT) marketplace aggregator, allowing users on the platform to trade NFTs. Ankr became the latest victim of an explo...
DeFi sparks new investments despite turbulent market: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The prolonged crypto winter aided by the collapse of FTX has kept investors from backing a new protocol that merges DeFi and the foreign exchange market. A new Cosmos blockchain-based DeFi protocol has caught the eyes of investors who have put $10 million behind the project. Cardano-based leading stablecoin ecosystem Ardana abruptly stopped its development after several launch delays. However, the project remains open-source for others to add to it until they restart the development process. Aave community has now proposed a governance change after a failed $60 million short attack. The short attack was later trac...
FTX hacker dumps 50,000 ETH, still among top 40 Ether holders
The hacker behind the bankrupt cryptocurrency exchange FTX started transferring their Ether (ETH) holding to a new wallet address on Nov. 20. The FTX wallet drainer was the 27th largest ETH holder after the hack but dropped by 10 positions after the weekend ETH dump. The FTX hacker drained nearly $447 million out of multiple FTX global and FTX US exchange wallets just hours after the crypto exchange filed for Chapter 11 bankruptcy on Nov. 11. Majority of the stolen funds were in ETH, making the exploiter the 27th largest ETH whale. On Nov. 20, the FTX wallet drainer 1 transferred 50,000 ETH to a new address, 0x866E. The new wallet address then swapped the ETH for renBTC (ERC-20 version of BTC) and bridged to two wallets on the Bitcoin blockchain. One of the wallets bc1qvd…gpedg held 1,070 ...
Future of Web3 security with Immunefi and Brave CEOs: The Bug House 2022
Celebrating the myriads of accomplishments earned by the crypto ecosystem, Immunefi, Electric Capital, Bitscale Capital and MA Family together hosted The Bug House — a party for bringing together the global Web3 community. In a panel hosted by Cointelegraph, editor-in-chief Kristina Lucrezia Cornèr sat with Mitchell Amador, founder and CEO at Immunefi, and Brendan Eich, founder and CEO of Brave browser, to discuss the evolution of Web3 and its future trajectory. (From left to right) Kristina Cornèr, Mitchell Amador and Brendan Eich during The Bug House. Source: Cointelegraph “There’s a lot of Web2 in Web3. That’s a problem right now,” began Eich when asked about the ongoing Web2 to Web3 transition. From using trusted servers to sub-custody wallets, Amador believed that such Web2 site...
JPMorgan executes first DeFi trade on a public blockchain: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The first week of November saw the institutionalization of DeFi markets as major international banks and financial institutions executed and completed their first DeFi transactions. The global financial giant JP Morgan completed its first-ever cross-border transaction using DeFi on a public blockchain with the help of the Monetary Authority of Singapore’s (MAS) Project Guardian. DBS Bank started a trading test of foreign exchange (FX) and government securities using permissioned DeFi liquidity pools. Apart from JPMorgan and DBS Bank, the Bank for International Settlements also said that automated market-making tec...
Developers need to stop crypto hackers — or face regulation in 2023
Third-party data breaches have exploded. The problem? Companies, including cryptocurrency exchanges, don’t know how to protect against them. When exchanges sign new vendors, most just innately expect that their vendors employ the same level of scrutiny as they do. Others don’t consider it at all. In today’s age, it isn’t just a good practice to test for vulnerabilities down the supply chain — it is absolutely necessary. Many exchanges are backed by international financiers and those new to financial technologies. Many are even new to technology altogether, instead backed by venture capitalists looking to get their feet wet in a burgeoning industry. In and of itself, that isn’t necessarily a problem. However, firms that haven’t grown up in the fintech arena often don’t fully grasp the exten...
Web Summit Lisbon, Nov. 3: Latest updates from Cointelegraph ground team
Welcome back to the day two coverage of Web Summit, one of the leading tech conferences in the world, with over 71,000 attendees on day two. The summit is live in person in Lisbon, Portugal after two years. The summit is known to bring together some of the most prolific personalities from the tech world together and in 2022 it’s no different. Web3 has increasingly become the most talked about topic in the tech world and Web Summit is no different as leading tech giants such as Apple or Microsoft continue to explore ways to integrate and transition to the Web3 ecosystem. After an eventful first day that saw some major Web3 announcements, including the Web3 alliance to prevent malicious phishing attacks, bad actors and Web3 domain collisions. Binance CEO Changpeng Zhao ...
Skyward finance exploit allegedly results in $3 million loss
Skyward finance, an IDO platform enabling fair token distribution for projects on the NEAR Protocol, has reportedly been exploited for 1.1M NEAR tokens, worth an estimated $3 million USD at time of publication. The news was shared on Twitter by Aurora Lab’s community moderator Sanket Naikwadi, who stated that the exploit was first noticed by a member of the NEAR protocol community, who goes by the handle @Nearscout. The @skywardfinance was just exploited for ~1.1M $NEAR Tokens (Worth ~3M) . Thnx to @NearScout for noticing the treasury drain, he pinged me asking if something is wrong with skyward… then we looked into contract txns and found out about the exploit and sus txns. smol — SankΞt Ⓝ⚡️| sanketn81.near ,sanketn81.lens (@sanket_naikwadi) November 2, 202...
