More than $150 million has been lost this week in separate security breaches at DeFi projects MonoX and BadgerDAO. Multi-chain decentralized exchange (DEX) MonoX (MONO) suffered a cyber attack on Nov. 30 leading to about $31 million in losses. BadgerDAO (BADGER) suffered a front-end attack that was discovered on Dec. 2 with estimates of Badger’s losses hitting more than $120 million. The MonoX DEX platform suffered a single attack on Nov. 30. In this attack, a bug in the smart contract allowed for a discrepancy to exist between prices of assets, when manually changed. Rekt News explained that hackers were …

The BadgerDAO decentralized finance protocol appears to have suffered from a cyber attack leading to the loss of a reported $10 million at the time of writing. The attack, which was made public at about 2 a.m. UTC on Dec. 2, targeted the protocol on the Ethereum network at contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107. FYI, nasty frontend attack on Badger, looks like ~10m taken out of people's wallets using rug approval. If you've interacted with anything badger related in last few weeks, check and revoke asap https://t.co/vJPMmBZ3af — Spreek (@spreekaway) December 2, 2021 Users that have interacted with this contract are urged …

Joseph O’Connor, known in some corners of the internet as PlugWalkJoe, was indicted on an array of charges relating to a May 2019 cryptocurrency exchange hack. During the attack, he is alleged to have absconded with digital assets valued at approximately $784,000. In the criminal scheme, authorities believe O'Connor utilized SIM swap attacks (an artifice of fraud where 2FA phone calls and text messages are rerouted to a device controlled by the scammer) on three separate executives at an undisclosed cryptocurrency company to take control of their employers systems. O’Connor may have then diverted over 7 BTC, 407 ETH, 6363 …

A cryptocurrency inspired by Netflix's internationally hit TV show "Squid Game" scammed investors in what appears to be a $3.38 million "rug pull" scheme. Dubbed "SQUID," the cryptocurrency plunged to almost a fraction of a cent minutes after crossing over $2,850 at 09:35 UTC, Nov. 1. The deadly drop surfaced following a 75,000% bull run, showcasing a greater demand for SQUID among traders after its debut on Oct. 26. At the core of the retail craze lay the popularity of Squid Game. The scammers promoted SQUID as a play-to-earn cryptocurrency inspired by the South Korean TV fictional show in which …

Welcome to the latest edition of Cointelegraph’s decentralized finance (DeFi) newsletter. The DeFi space was full of fundraising this week. Read on to discover where the venture capital firm led by Reddit’s co-founder is making notable investments. What you’re about to read is the smaller version of this newsletter. For the full breakdown of DeFi’s developments over the last week, subscribe to our newsletter below. Near Protocol offers $800M fund to advance ecosystem Smart contracts platform Near Protocol has announced the allocation of an $800-million global funding initiative aimed at fostering the development of its DeFi ecosystem, as well as …

Cross-chain liquidity protocol THORChain has fully recovered from two summer exploits that compromised millions of dollars in user funds after the company announced Thursday that it had received passing grades in a new security audit. The simultaneous audits, which were carried out by cybersecurity companies Trail and Bits and Halborn, allowed THORChain to implement a five-step recovery plan. THORChain’s contributors now say the protocol is fully operational after a restart brought all the major cryptocurrency integrations and cross-chain trading features back online. In addition to the audit, THORChain announced that it has commissioned Immunefi, a leading bug bounty platform for …

Decentralized lending platform Cream Finance appears to have suffered a severe exploit on Wednesday, with an attacker stealing over $100 million worth of funds through a large flash loan attack. Blockchain data analytics company PeckShield first identified the flash loan on Wednesday. The compromised funds were mainly Cream LP tokens, as well as other Ethereum-based tokens. #FlashLoanAlert https://t.co/XzAvHqoINN — PeckShield Inc. (@peckshield) October 27, 2021 During a flash loan attack, an attacker exploits vulnerable smart contracts in order to create their own arbitrage opportunity. Typically, this is done by modifying the relative value of a trading pair by flooding the …

DeFi security platform Immunefi has announced a $5.5 million funding from a panoply of eleven institutional investors including Blueprint Forest, Electric Capital, Framework Ventures and Bitscale Capital, in addition to a series of private individuals. Immunefi will utilize the funds to advance its services in DeFi security, providing asset protection to smart contract protocols, as well as implementing financial incentives to benevolent hackers. The service is reportedly responsible for protecting more than $50 billion in protocol assets from projects such as Synthetix, Chainlink, SushiSwap and PancakeSwap. It has paid out $7.5 million in bug bounties throughout its history. According to …

A new report shared by Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube creators, typically resulting in the compromise and sale of channels for broadcasting cryptocurrency scams. The TAG attributes the attacks to a group of hackers recruited in a Russian-speaking forum that hacks the creator’s channel by offering fake collaboration opportunities. Once hijacked, the YouTube channels are either sold to the highest bidder or used to broadcast cryptocurrency scams: “A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on …

CoinMarketCap, a price-tracking website for cryptocurrencies, has reportedly fallen victim to a hack that leaked 3.1 million (3,117,548) user email addresses. The information came into light after the hacked email addresses were found to be traded and sold online on various hacking forums, and revealed by Have I Been Pwned, a website dedicated to tracking hacks and compromised online accounts. CoinMarketCap, a subsidiary of Binance cryptocurrency exchange, confirmed that the list of leaked user accounts matched its userbase: “CoinMarketCap has become aware that batches of data have shown up online purporting to be a list of user accounts. While the …

White hat hacker Gerhard Wagner has earned $2 million after reporting a solution to a potentially costly “double-spend” bug on the Polygon network. In an Oct. 21 blog post from Immunefi, a security service that helps facilitate bug reports in decentralized finance projects, Polygon network’s Plasma Bridge was at risk of having $850 million removed by a knowledgeable hacker. According to the project, the vulnerability would have allowed attackers to exit their burn transaction from the bridge up to 223 times, quickly turning an amount like $4,500 into $1 million profi. Immunefi reported the double-spend exploit worked by first depositing …

Lossless, a decentralized finance (DeFi) security outfit, has assisted in the recovery of 5,152.6 Ether (ETH) siphoned during the Cream Finance exploit that occurred in August. Tweeting on Monday, Lossless identified white hat security expert Pascal Caversaccio as being pivotal to the successful recovery of the siphoned funds. As previously reported by Cointelegraph, DeFi lending protocol, Cream Finance suffered a flash loan attack to the tune of $19 million in ETH and Amp tokens back in August. Following the exploit, Cream stated that it would repay the siphoned funds via fees collected on the protocol to compensate affected users. Detailing …