Hacks
STEPN impersonators stealing users’ seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user’s dashboard where they may connect their stolen wallets to their own or “claim” a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic....
Binance recovers $5.8M in funds connected to Ronin bridge exploit
Via a Twitter post on Friday, Changpeng Zhao, CEO of Binance, said that the cryptocurrency exchange recovered $5.8 million spread over 86 accounts in digital assets moved to the exchange by Lazarus Group. Last month, the North Korean cyber-criminal group allegedly stole 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), worth over $600 million at the time, belonging to Axie Infinity’s Ronin bridge. As of Friday, the wallet address associated with the Ronin has around $280 million in digital assets remaining. Blockchain forensics company Elliptic recently uncovered that the hackers have been sending the money to centralized exchanges and cryptocurrency trail-mixer decentralized application, or DApp, Tornado Cash. In addition, it appears the hackers also swapped the stolen USD...
Finance Redefined: Hacker bungles DeFi exploit, dYdx’s decentralization goals, and more
The decentralized finance (DeFi) ecosystem was filled with ups and downs —mostly the latter— this week, with two very distinct hack attempts and a heartbreaking departure of a DeFi veteran. In this week’s newsletter, we will also look at derivative exchange dYdX’s plans to go fully decentralized by the end of the year. The price momentum of the DeFi tokens remained neutral, with several tokens registering a bullish surge. However, the market volatility meant many of them couldn’t hold onto those gains. Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto. Blockchain security and analytics firm BlockSec shared o...
Tornado Cash says it’s using Chainalysis oracles to block access from OPAC sanctioned addresses
On Friday, Tornado Cash announced that it was using oracle contracts from Chainalysis to block wallet addresses sanctioned by the U.S. Office of Foreign Assets Control, or OFAC. The move comes after the U.S. Department of the Treasury linked North Korean cybercriminal Lazarus Group as an alleged perpetrator for the recent $600 million+ Ronin Bridge exploit. As told by blockchain analytics firm Elliptic, the hackers have sent approximately $80.3 million worth of Ether (ETH) through Tornado Cash. “Maintaining financial privacy is essential to preserving our freedom; however, it should not come at the cost of non-compliance,” said the Tornado Cash team. Tornado Cash is a popular cryptocurrency mixture used to obfuscate the trail of transactions for privacy. The Chainalysis S...
HBO Max Sets Release Date for Hacks Season 2, Shares Teaser: Watch
Hacks is back. HBO Max has unveiled the official teaser and release date for Season 2 of the Emmy Award-winning dramedy, which is slated to return on May 12th. Set to Cass Elliot’s 1969 classic “Make Your Own Kind of Music,” the clip might not divulge much about plot specifics, but there’s sure to be plenty of fun along the way. Hacks Season 2 sees the dark mentorship between legendary Las Vegas comedian Deborah Vance (Jean Smart) and her young, entitled writer Ava (Hannah Einbinder) continue to evolve as the pair travel across the country workshopping Deborah’s new stand-up act, getting into a lot of mischief in the meantime. Returning alongside Smart and Einbinder are cast regulars Carl Clemons-Hopkins, Jane Adams, Christopher McDonald, Kaitlin Olson, Paul W. Downs, Poppy Liu, Rose Abdoo...
Finance Redefined: Axie Infinity’s Ronin bridge faces worst hack, Binance launches Bridge 2.0 and more
The last week of March saw the decentralized finance (DeFi) market surge to new highs as institutional investors returned to the market. Amid the rising popularity of DeFi products, Axie Inifity’s Ronin bridge faced the worst hack in crypto history, raising security concerns for the market. MetaMask integrated Apple Pay support, allowing users to purchase crypto using their Apple Pay account directly, and Binance launched Bridge 2.0 to integrate CeFi and DeFi into one platform. Looking at the price side, the majority of DeFi tokens in the top 100 not only registered double-digit gains but also rose to new multi-month highs, with several tokens seeing three-digit gains over the past week. Axie Infinity’s Ronin bridge hacked for over $600M According to Axie Infinity’s official Discord and Ro...
Netflix‘s crypto swindler documentary draws wild community reaction
Netflix’s new crypto documentary titled Trust No One: The Hunt for the Crypto King was released on Wednesday amid much fanfare. The documentary is based on the mysterious death of the now-defunct crypto exchange QuadrigaCX founder. [embedded content] The founder of the crypto exchange allegedly died on a trip to India. Along with him, he took away the whereabouts of the keys to crypto wallets containing around $250 million worth of cryptocurrencies. Unofficial investigations and numerous conspiracy theories followed the mysterious disappearance/death of the QuadrigaCX founder. The Netflix investigative documentary aims to clear some mystery around the high-profile crypto case that puzzles many even today. The crypto swindler documentary takes inspiration from “DON’T F*CK WITH CATS”-style i...
Laurie Metcalf, Martha Kelly, and Ming-na Wen Join Cast of Hacks Season 2
Hacks is gearing up for Season 2, and this time, it’s bringing a fleet of new guest stars on the road: Variety reports that Laurie Metcalf, Martha Kelly, Ming-Na Wen, and Margaret Cho will all be featured in the forthcoming season of the HBO Max dramedy. Hacks centers around the cross-country adventures of acclaimed Las Vegas comedian Deborah Vance (Jean Smart) and her 20-something writing counterpart Ava (Hannah Einbinder). HBO Max has yet to unveil Season 2’s release date or the roles of its new stars. Metcalf is known for her portrayal as an overbearing mother in Greta Gerwig’s coming-of-age hit Lady Bird, as well as her long-running role as Jackie Harris on Roseanne and its spin-off, The Connors. Advertisement Related Video Kelly was recently seen as the terrifyingly monotono...
Journalist alleges Mimo Capital co-founder was behind 2016 exploit of The Dao: Report
Laura Shin, a cryptocurrency journalist and host of the Unchained Podcast, claimed to have discovered the identity of the individual behind an exploit which drained more than 3.6 million Ether from Germany-based startup Slock.it’s The DAO in 2016. According to a Tuesday Bloomberg report, Shin claimed that she had “extremely strong evidence” that Mimo Capital co-founder Toby Hoenisch was responsible for removing more than 3.6 million Ether (ETH) from The DAO in June 2016 — roughly $50 million at the time. An unknown hacker used an exploit to drain roughly a third of The DAO’s ETH supply, forcing developers to hard fork the network and leaving the illicit funds in what became the Ethereum Classic (ETC) blockchain. EXCLUSIVE: With the publication of my book today, I can finally announce: in t...
OpenSea planned upgrade stalls as phishing attack targets NFT migration
Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don’t migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within hours after OpenSea’s upgrade announcement, reports across multiple sources emerged about an ongoing attack that targets the soon-to-be-delis...
Multichain recovers $2.6M stolen funds, to reimburse losses on condition
After a month-long fight against an ongoing exploit, cross-chain router protocol Multichain announced the recovery of nearly 50% of the total stolen funds, worth nearly $2.6 million of cryptocurrencies. The team has also released a compensation plan to reimburse the users’ losses. On Jan. 10, blockchain security expert Dedaub alerted Multichain about two vulnerabilities in its liquidity pool and router contracts — affecting eight cryptocurrencies including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX). 1/3 We recently identified the “phantom functions” code pattern, which would have led to likely the largest crypto hack ever. Your code may be vulnerable! You need to check for the pattern in your Solidity/EVM code! https://t.co/pxRqCQFbnS — Dedaub ...
Report: 74% of stolen funds from ransomware attacks went to Russian-affiliated wallet addresses in 2021
According to a new report published by blockchain analytics firm Chainalysis on Monday, approximately 74%, or over $400 million USD, of ransomware revenue last year were funneled into high-risk wallet addresses that are likely to have been based in Russia. The report analyzed ransomware hacks throughout 2021 and determined their affiliation to Russia through three key characteristics: Traces of Russia-based cybercriminal organization Evil Corp being behind a given breach; the group has alleged ties to the Russian government. Ransomeware programmed only against victims of non-former-Soviet countries. Ransomware strains that share documents and announcements in the Russian language. In addition to the selection criteria, it appears that web traffic data confirms the vast majority of ext...
