A fresh new crypto conspiracy theory is afoot — this time in relation to last week's $160 million hack on algorithmic market maker Wintermute — which one crypto sleuth alleges was an "inside job." Cointelegraph reported on Sept. 20 that a hacker had exploited a bug in a Wintermute smart contract which enabled them to swipe over 70 different tokens including $61.4 million in USD Coin (USDC), $29.5 million in Tether (USDT) and 671 Wrapped Bitcoin (wBTC), worth roughly $13 million at the time. In an analysis of the hack posted via Medium on Sept. 26, the author known as …

MEV gain, an Ethereum (ETH) arbitrage trading bot built by MEVbots, which claims to provide stress-free passive income, has been actively draining its users’ funds via a fund-stealing backdoor. Arbitrage bots are programs that automate trading for profits based on historical market information. An investigation of MEVbots’ contract revealed a backdoor that allows the creators to drain Ether from its users' wallets. Our analysis confirms what the @mevbots promotes for the so-called "MEV gain" has a fund-stealing backdoor. Do *NOT* fall prey to it https://t.co/z2eDqMF36b. And thanks @monkwithchaos for the heads-up https://t.co/dhSNGljoH0 pic.twitter.com/HWfCAwbae4 — PeckShield Inc. (@peckshield) September 23, 2022 …

After months of uncertainty, the Tribe DAO has passed a vote to repay affected users of the $80 million exploit on decentralized finance (DeFi) platform Rari Capital's liquidity pools. Following several rounds of voting and governance proposals, Tribe DAO, which consists of Midas Capital, Rari Capital, Fei Protocol and Volt Protocol, took the decision to a vote on Sept. 18 with the intent to fully reimburse hack victims. Data from on-chain voting platform Tally shows that 99% of those who voted were in favor and the proposal was executed on Sept. 20. According to the description underneath the voting data, …

Most crypto investors have probably never heard of Wintermute Trading before the Sept. 20 $160 million hack, but that does not reduce their significance within the cryptocurrency ecosystem. The London-based algorithmic trading and crypto lending firm also provides liquidity to some of the largest exchanges and blockchain projects. As a crypto-native trading firm, meaning digital assets have been the core since its inception in July 2017, Wintermute’s expertise in the sector is attested by $25 million in funding from global venture capital investors like Fidelity Investments, Pantera Capital and Blockchain.com Ventures. Lending and venture capital firms have limited impact on …

A self-described white hat hacker has uncovered a “multi-million dollar vulnerability” in the bridge linking Ethereum and Arbitrum Nitro and received a 400 Ether (ETH) bounty for their find. Known as riptide on Twitter, the hacker described the exploit as the use of an initializing function to set their own bridge address, which would hijack all incoming ETH deposits from those trying to bridge funds from Ethereum to Arbitrum Nitro. Riptide explained the exploit in a Medium post on Sept. 20: “We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up …

Wintermute, a cryptocurrency market maker based in the United Kingdom, became the latest victim of decentralized finance (DeFi) hacks for approximately $160 million, according to Evgeny Gaevoy, the company’s founder and CEO. Short communication on the ongoing Wintermute hack — wishful cynic (@EvgenyGaevoy) September 20, 2022 According to Etherscan, over 70 different tokens have been transferred to “Wintermute exploiter,” including $61,350,986 in USD Coin (USDC), 671 Wrapped Bitcoin (wBTC), which is roughly $13,030,061, and $29,461,533 Tether (USDT). The largest token sum appears to be USDC. The company’s over-the-counter and centralized finance operations were not affected, as the hacker(s) drained funds …

The official Twitter account of India-based crypto exchange CoinDCX has been hacked and used by the exploiters to post fake XRP promos partnered with phishing links in an attempt to scam the exchange’s followers. Responding to the attack, the official customer support handle of CoinDCX flagged the exploit and warned its users not to click any links or messages coming from the compromised account. According to the exchange, they are working to recover the account and will be sharing updates with their followers very soon. At the time of writing, the hackers have been retweeting the official posts of Ripple …

Post-Ethereum Merge proof-of-work (PoW) chain ETHW has moved to quell claims that it had suffered an on-chain replay attack over the weekend. Smart contract auditing firm BlockSec flagged what it described as a replay attack that took place on Sept. 16, in which attackers harvested ETHW tokens by replaying the call data of Ethereum’s proof-of-stake (PoS) chain on the forked Ethereum PoW chain. According to BlockSec, the root cause of the exploit was due to the fact that the Omni cross-chain bridge on the ETHW chain used old chainID and was not correctly verifying the correct chainId of the cross-chain …

Decentralized exchange aggregator 1inch Network issued a warning to crypto investors after identifying a vulnerability in Profanity, an Ethereum (ETH) vanity address generating tool. Despite the proactive warning, apparently, hackers were able to make away with $3.3 million worth of cryptocurrencies. On Sept. 15, 1Inch revealed the lack of safety in using Profanity as it used a random 32-bit vector to seed 256-bit private keys. Further investigations pointed out the ambiguity in the creation of vanity addresses, suggesting that Profanity wallets were secretly hacked. The warning came in the form of a tweet, as shown below. RUN, YOU FOOLS ⚠️ …

New Free DAO, a decentralized finance (DeFi) protocol, faced a series of flash loan attacks on Sept. 8, resulting in a reported loss of $1.25 million. The price of the native token has dropped by 99% in the wake of the attack. Unlike normal loans, several DeFi protocols offer flash loans that allow users to borrow large amounts of assets without upfront collateral deposits. The only condition is that the loan must be returned in a single transaction within a set time period. However, this feature is often exploited by malicious adversaries to gather large amounts of assets to launch …

Avalanche-based lending protocol Nereus Finance has been the victim of a crafty hack that saw a user net $371,000 worth of USD Coin (USDC) using a smart contract exploit. Blockchain cybersecurity firm CertiK was one of the first to detect the exploit on Sept. 6, indicating that the attack impacted liquidity pools on Nereus relating to decentralized exchange Trader Joe and automated market maker Curve Finance. CertiK also suggested that underlying protocols themselves were impacted, however, Curve Finance responded via Twitter on Sept. 7, stating “maybe you meant ‘assets impacted,’ not ‘protocols impacted’. Only @nereusfinance and its assets seem impacted.” …

Three federal agencies in the United States — the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center — jointly issued an advisory seeking information to curb ransomware attacks. As part of the #StopRansomware campaign, the joint cybersecurity advisory alerted citizens of Vice Society, a ransomware-type program that encrypts data and demands ransom for decryption. The trio anticipates a spike in ransomware attacks, primarily aimed at educational institutions, adding that “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable.” While proactive measures remain vital to …