Home » Hacks » Page 6

Hacks

Fei Protocol founder proposes ghosting Tribe DAO following hack repayment

An attack in April 2022, which drained off nearly $80 million from various Rari Fuse pools, required the decentralized finance (DeFi) platform Fei Protocol to come up with a solution that minimizes damage to the ecosystem. Fei Labs’ latest proposal, which partly recommends revoking participation from Tribe DAO, received mixed sentiments from the community. Fei Protocol founder Joey Santoro announced the latest proposal, TIP-121: Proposal for the future of the Tribe DAO, revealing the company’s intent to reimburse Fuze victims. It also details plans for asset redemption and the distribution of protocol-controlled value (PCV) assets that manage the liquidity and yield. I hope this proposal resonates with the community and thank you for your support.https://t.co/RjpS9j4x2H — Joey ’s ERC-4626 ...

Pandas, cyborgs, dogs, koalas dominate BNB Chain Red Alarm flag list

BNB Chain, a blockchain network created by crypto exchange Binance, identified over 50 on-chain projects that pose a significant risk to the users. A mix of crypto spin-offs resembling Dogecoin (DOGE) and Binance and others dedicated to pandas, cyborgs and koalas made the list as untrustworthy and high-risk projects. BNB Chain’s Red Alarm feature, which was implemented to protect investors from potential rug pulls and scams, flagged projects based on two main criteria — if the contract performs differently from what the project owners advertised or if the contract shows risks that might influence users’ funds. Speaking to Cointelegraph, Gwendolyn Regina, Investment Director at BNB Chain, said that the Red Alarm system analyzed 3,300 contracts just in July, adding that the company con...

Velodrome recovers $350K stolen funds from team member Gabagool

Velodrome Finance, a trading and liquidity marketplace, announced the recovery of $350,000 stolen on Aug. 4. However, the occasion turned bittersweet when internal investigations pointed out the involvement of a prominent team member, who goes by the pseudo name Gabagool. On Aug. 4, one of Velodrome’s high-worth wallets — dedicated for operating funds such as salaries — was drained off $350,000 before it could be transferred to the company’s treasury multisig wallet. A subsequent internal investigation revealed the attacker’s identification, which allowed the company to recover the entire loot. Velodrome’s official statement revealed: “Much to our disappointment, we learned the attacker was a fellow team member Gabagool.” While many community members came in support of the prominent coder,...

Curve Finance resolves site exploits, directs users to revoke recent contracts: Finance Redefined

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. This past week, cross-bridge protocols became the center of DeFi discussions as a new report showed RenBridge was used to launder $540 million in stolen funds. Curve Finance, on the other hand, resolved its site exploit and directed users to revoke any recent contracts. Interlay, a London-based blockchain firm, launched a Bitcoin (BTC)-based cross-chain bridge on Polkadot named interBTC (iBTC), DeFi platform Oasis.app says that sanctioned addresses will no longer be able to access the application. The majority of the top-100 DeFi tokens saw a new surge in bullish momentum along with the rest of the market, with se...

88% of Nomad Bridge exploiters were ‘copycats’ — Report

Close to 90% of addresses taking part in the $186 million Nomad Bridge hack last week have been identified as “copycats,” making off with a total of $88 million worth of tokens on Aug. 1, a new report has revealed. In an Aug. 10 Coinbase blog, authored by Peter Kacherginsky, Coinbase’s principal blockchain threat intelligence researcher, and Heidi Wilder, a senior associate of the special investigations team, the pair confirmed what many had suspected during the bridge hack on Aug. 1 — that once the initial hackers figured out how to extract funds, hundreds of “copycats” joined the party. Source: Coinbase According to the security researchers, the “copycat” method was a variation of the original exploit, which used a loophole in Nomad’s smart contract, allowing users to extract...

Nomad announces $19-million bounty for lost funds from recent hack

Nomad announced a bounty of up to 10% for the return of the stolen funds from the Nomad bridge. In a website announcement and tweet, the company publicly provided a wallet address for sending the funds. The bounty is applicable to anyone who comes forward from now on or already returned funds. At the time of writing, Nomad has recovered more than $20 million.  The Nomad token bridge suffered a massive hack on Tuesday. This incident was among the largest in the history of crypto hacks, with nearly $200 million in crypto assets stolen. However, the platform wasted no time addressing its community and the hackers.  Update: Nomad Bridge Hack Bounty (see below for details) Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c...

Finance Redefined: Solana and Nomad bridge fall prey to exploits losing millions

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. This past week, the DeFi ecosystem saw two exploits, one after another, resulting in the loss of millions of dollars. First, cross-bridge token platform Nomad became a victim of what many deemed a decentralized robbery, which saw almost $190 million drained out of their wallets. Solana ecosystem became the victim of a widespread unknown attack that saw thousands of wallets getting drained out of all the funds. Apart from a series of exploits, Nansen admitted their negligence toward the DeFi market during the NFT boom. The top-100 DeFi tokens had a mixed price action over the past week, with many seeing a downturn ...

Nomad reportedly ignored security vulnerability that led to $190M exploit

The Nomad token bridge hack on Aug. 3 was the fourth largest crypto hack in history that saw nearly $200 million worth of crypto assets drained from the platform. However, more than the hack, the methodology behind it garnered widespread attention. The exploit took place due to a smart contract vulnerability that saw hundreds of users other than the hacker also get involved, taking away as much as they can by simply copy-pasting the transaction data used by the initial hacker and changing the wallet address to theirs. The event was later deemed as a decentralized robbery by many due to the involvement of normal community members. Later, the Nomad team revealed to Cointelegraph that some of the people who took funds were acting benevolently to protect the crypto from getting into the w...

Hacker drains $1.08M from Audius following passing of malicious proposal

Proposals in crypto help communities make consensus-based decisions. However, for decentralized music platform Auduis, the passing of a malicious governance proposal resulted in the transfer of tokens worth $5.9 million, with the hacker making away with $1 million.  On July 24, a malicious proposal (Proposal #85) requesting the transfer of 18 million Audius’ in-house AUDIO tokens was approved by community voting. First pointed out on Crypto Twitter by @spreekaway, the attacker created the malicious proposal wherein they were “able to call initialize() and set himself as the sole guardian of the governance contract.” Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report ...

US Justice Department seized $500K in fiat and crypto from hackers connected to DPRK government

The United States Department of Justice has seized and returned roughly $500,000 in fiat and crypto from a hacking group tied to the North Korean government, which included two crypto payments made by U.S. health care providers. In a Tuesday announcement, the Justice Department said in conjunction with the FBI it had investigated a $100,000 ransomware payment in Bitcoin (BTC) from a Kansas hospital to a North Korean hacking group in order to regain access to its systems, as well as a $120,000 BTC payment from a medical provider in Colorado to one of the wallets connected to the aforementioned attack. In May, the FBI filed a seizure warrant for funds from the two ransom attacks and others laundered through China, which the Justice Department reported as worth roughly $500,000 total. “These ...

Crema Finance shuts liquidity protocol on Solana amid hack investigation

Crema Finance, a concentrated liquidity protocol over the Solana blockchain, announced the temporary suspension of its services owing to a successful exploit that has drained a substantial but undisclosed amount of funds. Soon after realizing the hack on its protocol, Crema Finance suspended the liquidity services to refrain the hacker from draining out its liquidity reserves — which include the funds of the service provider and investors. Attention! Our protocol seems to have just experienced a hacking. We temporarily suspended the program and are investigating it. Updates will be shared here ASAP. — CremaFinance (@Crema_Finance) July 3, 2022 Speaking to Cointelegraph about the matter, Henry Du, the co-founder of Crema Finance confirmed the commencement of the investigation. He state...

Infamous North Korean hacker group identified as suspect for $100M Harmony attack

The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol.  According to a new report published Thursday by blockchain analysis firm Elliptic, the manner in which Harmony’s Horizon bridge was hacked and the way in which the stolen digital assets were consequently laundered bears a striking resemblance to other Lazarus Group attacks. “There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds.” Additionally, Elliptic outlined exactly how the heist was executed, noting that The Lazarus Group targeted the login credentials of Harmony employees in ...