Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …

The highly anticipated nonfungible token (NFT) project Akutars was marred by both an exploit and a bug on the weekend, causing over 11,500 Ether (ETH), worth nearly $33 million, to be locked forever within a smart contract, inaccessible even to the development team. The exploit, however, was conducted by someone trying to show a vulnerability in the project and not steal funds via a hack. The project went live on Friday with a Dutch Auction, a type of auction where the price lowers until it receives a bid, with the first bid winning the sale as long as the price …

The decentralized finance (DeFi) ecosystem was filled with ups and downs —mostly the latter— this week, with two very distinct hack attempts and a heartbreaking departure of a DeFi veteran. In this week’s newsletter, we will also look at derivative exchange dYdX’s plans to go fully decentralized by the end of the year. The price momentum of the DeFi tokens remained neutral, with several tokens registering a bullish surge. However, the market volatility meant many of them couldn’t hold onto those gains. Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct In a rare comedic bungle …

Via a Twitter post on Friday, Changpeng Zhao, CEO of Binance, said that the cryptocurrency exchange recovered $5.8 million spread over 86 accounts in digital assets moved to the exchange by Lazarus Group. Last month, the North Korean cyber-criminal group allegedly stole 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), worth over $600 million at the time, belonging to Axie Infinity's Ronin bridge. As of Friday, the wallet address associated with the Ronin has around $280 million in digital assets remaining. Blockchain forensics company Elliptic recently uncovered that the hackers have been sending the money to centralized exchanges and …

In a rare comedic bungle among decentralized finance (DeFi) exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto. Just after 8:00 am UTC on Thursday, blockchain security and analytics firm BlockSec shared it had detected an attack on a little-known DeFi lending protocol called Zeed, which styles itself a “decentralized financial integrated ecosystem.” The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens, which were then sold, crashing the price to zero, but netting just over $1 million for the exploiter. Blockchain …

In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …

Axie Infinity (AXS) price has fallen by nearly 30% two weeks after losing $625 million to a hacking incident involving its play-to-earn gaming platform's underlying blockchain, the Ronin Network. AXS/USD dropped to $46.69 on Monday, its lowest level since March 16, signaling a dampening buying sentiment among traders and investors following the hacking incident. Independent market analyst TJ asserted that there is "no sign of buyers" even with the price entering areas with a history of attracting accumulators. For instance, AXS broke below the demand zone that TJ highlighted as a potential inflection point during the weekend, a move that …

Founder of major crypto investment firm DeFiance Capital, “Arthur_0x”, has suffered a hack on one of his hot wallets resulting in the loss of more than $1.6 million in nonfungible tokens (NFTs) and crypto. In a tremendous show of support, the crypto community has come to his aid to help retrieve the stolen items as he asked people to blacklist the hacker’s wallet. Several individuals on Twitter have attempted to determine exactly how the hack occurred and where the hacker gained access to his wallets. NFT community member “Cirrus” went as far as buying two of the stolen Azuki NFTs …

New Jersey-based crypto financial institution BlockFi confirmed a data breach incident via one of its third-party vendors, Hubspot. BlockFi’s proactive warning about the breach aims to deter the intentions of bad actors in repurposing the user data for fraudulent activities. According to the announcement, the hackers gained access to BlockFi’s client data on Friday, Mar. 18, that were stored on Hubspot, a client relationship management platform: “Hubspot has confirmed that an unauthorized third-party gained access to certain BlockFi client data housed on their platform.” As a third-party vendor for BlockFi, Hubspot stored user data such as names, email addresses and …

Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project's Discord channel, stealing nearly $800,000 in NFTs. Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse. According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer …

A former blackhat hacker who goes by the name Gummo online claims to have amassed around $7 billion worth of Bitcoin (BTC). Despite a flood of positive comments and posts relating to his interviews with the Soft White Underbelly YouTube channel — which has 3.18 million subscribers — information about Gummo is scarce elsewhere, which could either be by design or suggest that a large pinch of salt may be required when listening to his extravagant claims. He said that he has been working in the field for more than 30 years, and while he started hacking for illicit reasons …

A hacker has made off with approximately $11 million in Wrapped ETH, Wrapped BTC, Chainlink, USDC, Gnosis, and Wrapped XDAI after using a “re-entrancy” attack on DeFi lending protocol applications Agave and Hundred Finance. The attack comes within 24 hours of news breaking of the Deus Finance exploit, where hackers stole over $3 million in Dai and Ethereum from the lending contract platform. Agave’s token, AGVE, dropped by 20 per cent following the attack, according to data from CoinGecko. Hundred Finances’ token HND fell 3.5 per cent after it announced the exploit, however it’s since recovered to hit a 24-hour-high. …