A wallet security team released a real-time dashboard that lets community members detect, track and monitor potential nonfungible token (NFT) hacks using offline signatures in the OpenSea marketplace. According to the team behind crypto wallet ZenGo, they created an NFT hack detector using a simple method. This includes tracking realized NFT trades in the NFT marketplace and comparing the trade amount of the NFT collection’s floor price. If the ratio between the two trade values is suspiciously low, it will get flagged as a potential hack. At the time of writing, the dashboard flagged almost $25 million worth of NFTs …
Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit. Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying users that they had been scammed. #CommunityAlert @hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023. $1.86m was transferred to @TornadoCash. Hope_fin have posted steps for user's to withdraw their staked LPhttps://t.co/hJbFXiKujt — CertiK Alert (@CertiKAlert) February 21, 2023 Details of the project are difficult to come by. The platform’s …
A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether (ETH). The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. According to Blockfence, which identified the fraudulent website, the smart contract has accessed more than 2800 wallets and has stolen over $300,000 over the past six months. Another day, another scam. This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam …
Decentralized finance (DeFi) firm Platypus is working on a compensation plan for user's losses after a flash loan attack drained nearly $8.5 million from the protocol, affecting its stablecoin dollar-peg. In a Tweet on Feb. 18, Platypus disclosed to be working on a plan to compensate the damages and asked users not to realize their losses in the protocol, saying this would make it harder for the company to manage the issue. Assets liquidation are also paused, said the protocol: 2/ We are working on a plan to compensate the losses, please DO NOT repay your USP and realize the …
The $8m Platypus flash loan attack was made possible because of code that was in the wrong order, according to a post mortem report from Platypus auditor Omniscia. The auditing company claims the problematic code didn’t exist in the version they saw. In light of the recent @Platypusdefi incident the https://t.co/30PzcoIJnt team has prepared a technical post-mortem analysis describing how the exploit unravelled in great details. Be sure to follow @Omniscia_sec to receive more security updates!https://t.co/cf784QtKPK pic.twitter.com/egHyoYaBhn — Omniscia (@Omniscia_sec) February 17, 2023 According to the report, the Platypus MasterPlatypusV4 contract “contained a fatal misconception in its emergencyWithdraw mechanism” which …
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The United States Securities and Exchange Commission’s (SEC) crackdown on crypto-staking services could lead to uncertain consequences for the DeFi ecosystem. Cybercriminals used various methods to siphon funds through hacks and exploits in 2022, amounting to over $2.8 billion in losses. The second week of February saw the Platypus protocol exploited, leading to losses of $8.5 million. In another exploit-related update, the hacker behind Mango Markets wants to keep disputed funds paid as a …
The alleged exploiter of the decentralized finance (DeFi) protocol Mango Markets, Avraham Eisenberg, is seeking to keep his share of crypto gained from his so-called “highly profitable trading strategy.” On Feb. 15 attorneys for Eisenberg filed an opposition in a New York District Court to a lawsuit from Mango that asked for $47 million in damages plus interest starting from the time of Eisenberg’s October 2022 attack that drained around $117 million from the protocol. The lawyers argued that Eisenberg shouldn’t need to pay back any more funds to the DeFi platform due to a settlement agreement he reached with …
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Cyber criminals used a variety of novel ways to carry out hacks and exploits in 2022, with over $2.8 billion of cryptocurrency stolen last year. According to a report from CoinGecko using data sourced from DeFiYield’s REKT Database, nearly half of the total crypto stolen in 2022 was fleeced using diverse methods. This includes bypassing verification processes, market manipulation, ‘crowd looting’ as well as smart contract and bridge exploits. The biggest hack of 2022 was carried out through an access control hack. Sky Mavis, the developer behind popular game Axie Infinity, saw its Ronin bridge hacked in March 2022, leading …
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue." ⚠️MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from MetaMask or Namecheap or anyone …
The ill-gotten crypto from one of the industry’s largest exploits is on the move again, with on-chain data showing another $46 million of stolen funds has just shifted from the hacker’s wallet. The Wormhole attack was the third largest crypto hack in 2022 resulting from an exploit of Wormhole’s token bridge in February 2022. Around $321 million of Wrapped ETH (wETH) was stolen. According to blockchain security firm PeckShield, the hacker’s associated wallet has become active once again, moving d $46 million worth of crypto assets. This was made up of around 24,400 of Lido Finance-wrapped Ethereum staking token (wstETH), …
Crypto hardware wallet provider OneKey says it has already addressed a vulnerability in its firmware that allowed one of its hardware wallets to be hacked in one second flat. On Feb. 10, a video on YouTube posted by cybersecurity startup Unciphered showed they had figured out a way to exploit a "Massive critical vulnerability" in order o "crack open" a OneKey Mini. According to Eric Michaud, a partner at Unciphered, by disassembling the device and inserting coding, it was possible to return the OneKey Mini to “factory mode” and bypass the security pin, allowing a potential attacker to remove the …