Decentralized finance (DeFi) protocol Platypus disclosed details of a recent $9.1 million exploit, alongside efforts to recover the funds, and a compensation plan for victims. In a Medium post on Feb. 23, the company revealed that a logic error in the USP solvency check mechanism within the collateral-holding contract was responsible for the three separate attacks carried out by the same exploiter. Stableswap's operations have not been affected, said Platypus. Since the attack, we've been working with security experts & stakeholders to recover lost funds, trace the hacker, and explore potential solutions to retrieve trapped funds. Here's an update on …
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
A wallet security team released a real-time dashboard that lets community members detect, track and monitor potential nonfungible token (NFT) hacks using offline signatures in the OpenSea marketplace. According to the team behind crypto wallet ZenGo, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades in the NFT marketplace and comparing the trade amount of the NFT collection’s floor price. If the ratio between the two trade values is suspiciously low, it will get flagged as a potential hack. At the time of writing, the dashboard flagged almost $25 million worth of NFTs …
Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit. Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying users that they had been scammed. #CommunityAlert @hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023. $1.86m was transferred to @TornadoCash. Hope_fin have posted steps for user's to withdraw their staked LPhttps://t.co/hJbFXiKujt — CertiK Alert (@CertiKAlert) February 21, 2023 Details of the project are difficult to come by. The platform’s …
Blockchain security firm Peckshield has raised the alarm after finding dozens of tokens purporting to be related to artificial intelligence (AI) powered chatbot ChatGPT. In a Feb. 20 post, the firm revealed at least three "BingChatGPT" tokens appear to be part of honeypot schemes — a smart contract that tricks a user into sending Ethereum (ETH), which the attacker then traps and retrieves. According to Peckshield, at least two of the tokens identified have already lost nearly 100% of their value, while a third is at a 65% loss — in what is often referred to as a “pump and …
The public blockchain sector grew from less than a few million dollars in the last decade to a $1 trillion industry. However, one thing that the space has yet to solve is a decentralized and secure interoperable solution. Let's take Ethereum (ETH) to Bitcoin (BTC), the largest blockchain network, for example. Till today, centralized exchanges are the only viable solution for shifting from one chain to another. A centralized solution provider, BitGo, provides the largest pool of liquidity for Ethereum users to gain BTC exposure via Wrapped Bitcoin (WBTC). The BitGo IOU accounts for over 93.6% of the Bitcoin bridged …
A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether (ETH). The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. According to Blockfence, which identified the fraudulent website, the smart contract has accessed more than 2800 wallets and has stolen over $300,000 over the past six months. Another day, another scam. This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam …
Decentralized finance (DeFi) firm Platypus is working on a compensation plan for user's losses after a flash loan attack drained nearly $8.5 million from the protocol, affecting its stablecoin dollar-peg. In a Tweet on Feb. 18, Platypus disclosed to be working on a plan to compensate the damages and asked users not to realize their losses in the protocol, saying this would make it harder for the company to manage the issue. Assets liquidation are also paused, said the protocol: 2/ We are working on a plan to compensate the losses, please DO NOT repay your USP and realize the …
The $8m Platypus flash loan attack was made possible because of code that was in the wrong order, according to a post mortem report from Platypus auditor Omniscia. The auditing company claims the problematic code didn’t exist in the version they saw. In light of the recent @Platypusdefi incident the https://t.co/30PzcoIJnt team has prepared a technical post-mortem analysis describing how the exploit unravelled in great details. Be sure to follow @Omniscia_sec to receive more security updates!https://t.co/cf784QtKPK pic.twitter.com/egHyoYaBhn — Omniscia (@Omniscia_sec) February 17, 2023 According to the report, the Platypus MasterPlatypusV4 contract “contained a fatal misconception in its emergencyWithdraw mechanism” which …
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The United States Securities and Exchange Commission’s (SEC) crackdown on crypto-staking services could lead to uncertain consequences for the DeFi ecosystem. Cybercriminals used various methods to siphon funds through hacks and exploits in 2022, amounting to over $2.8 billion in losses. The second week of February saw the Platypus protocol exploited, leading to losses of $8.5 million. In another exploit-related update, the hacker behind Mango Markets wants to keep disputed funds paid as a …
The Californian Department of Financial Protection and Innovation (DFPI) has launched a new crypto scam tracker to help traders and investors spot possible industry threats. On Feb. 16, the DFPI launched the tracker based on user complaints. It has compiled a list of crypto-related grievances by victims that claim to have been scammed or have identified attempted scams. The complaints listed represent descriptions of losses incurred in transactions that victims have identified as part of a fraudulent or deceptive operation. However, the DFPI stated that it had not verified any of the scams listed, but noted that it receives thousands …
According to a press release published on Feb. 16 by Norway's National Authority for Investigation and Prosecution of Economic and Environmental Crime (Økokrim), authorities have seized 60 million Norwegian Kroner ($5.85 million) in stolen cryptocurrencies linked to the Axie Infinity Ronin Bridge hack last March. According to senior public prosecutor Bender, "Økokrim is good at following the trail of money. This case shows that we also have a great capacity to follow the money on the blockchain, even if the criminals use advanced methods." According to Bender, Økokrim worked with FBI agents and the U.S. Department of Justice to track …