Cryptocurrency exchange platform Hotbit has shut down all of its services after an attempted cyberattack on Thursday. “Hotbit just suffered a serious cyber-attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services,” a notice on the platform’s website reads. The hackers were reportedly unsuccessful in gaining access to Hotbit’s wallets but did manage to compromise the platform’s user database. Thus, the Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange. With all normal operations currently paused during the ongoing maintenance, …

Decentralized finan’s rising popularity since 2019 has seen the emerging market segment become a target for hackers and opportunistic profiteers. According to a report by crypto research company Messari, DeFi protocols have lost about $284.9 million to hacks and other exploit attacks since 2019. This figure is about 0.65% of the adjusted total value locked of the Ethereum-based DeFi market, according to data from DappRadar. In February Messari calculated that over $284 million in DeFi was lost to hacks since 2019 At this point in time, the decentralized insurance industry only covers a fraction of TVL in DeFi. The need …

The $50 million exploit of Uranium Finance, a decentralized finance protocol on Binance Smart Chain, may have been an inside job, according to a member of the project’s development team. The theory was put forward in Uranium Finance’s Telegram channel by a user named “Baymax,” who appears to be listed as an administrator. In a pinned post, Baymax explained that the security flaw leading to the exploit happened just two hours before version 2 of the protocol was launched. The suspicious timing of the exploit narrows down the list of potential perpetrators significantly. Baymax explained: “There are a total of …

Uranium Finance, an automated market maker platform on the Binance Smart Chain, has reported a security incident that resulted in a loss of about $50 million. Tweeting on Wednesday, Uranium revealed that the exploit targeted its v2.1 token migration event and that the team was in contact with the Binance security team to mitigate the situation. (1/2)‼️ Uranium migration has been exploited, the following address has 50m in it The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers. — Uranium Finance (@UraniumFinance) April 28, …

There has been a lot of talk about the recent “hacks” in the decentralized finance realm, particularly in the cases of Harvest FInance and Pickle Finance. That talk is more than necessary, considering hackers stole more than $100 million from DeFi projects in 2020, accounting for 50% of all hacks this year, according to a CipherTrace report. Related: Roundup of crypto hacks, exploits and heists in 2020 Some point out that the occurrences were merely exploits that shined a light on the vulnerabilities of the respective smart contracts. The thieves didn’t really break into anything, they just happened to casually …

Hackers made off with 183 Ether (ETH), worth roughly $386,000 at the time of writing, following a coordinated attack on DeFi platform ForceDAO Sunday. Following an initial sell-off, ForceDAO’s native Force token was in recovery mode on Monday, capping off a highly volatile 24 hours for the newly launched project. ForceDAO detailed the Sunday exploit in a series of tweets, taking ownership of the “engineering oversight” that resulted in the attack, which centered around the platform’s xFORCE contract. POST-MORTEM To the Force and DeFi community, we'd like to share a post-mortem on the recent xFORCE exploit. Thanks to everyone technical …

Fledgling decentralized finance, or DeFi, protocol ForceDAO has had a rough start, with several incursions from hackers taking place just hours after it launched. The Ethereum-based yield aggregator had only just launched its airdrop campaign on April 3 when four malicious “black hat” hackers managed to drain a total of 183 Ether (ETH), worth approximately $367,000 at the time. One friendly "white hat" hacker assisted the team by alerting them to prevent further losses. The team has released a post-mortem report of the attacks and taken responsibility for what it termed an “engineering oversight.” POST-MORTEM To the Force and DeFi …

Social token platform Roll suffered a hot wallet breach, resulting in hackers draining at least 3,000 ETH worth $5.7 million on March 15. At roughly 8am UTC, digital asset management platform MyCrypto reported that a hacker may have compromised the private keys for Roll’s hot wallet, allowing them to transfer funds from users’ accounts at will. After approximately 12 hours, Roll responded to the attack, announcing the hacker had stolen and liquidated a large number of tokens, and that withdrawals had been suspended across the platform: “The attacker has sold all the tokens. There is no further user action suggested.” …

Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …

Hackers have threatened to release sensitive company documents supposedly belonging to USDT stablecoin issuer Tether unless the firm sends a 500 Bitcoin (BTC) ransom to a specified address. As revealed by the official Twitter account for Tether on Sunday, hackers purportedly threatened to leak documents that would “harm the Bitcoin ecosystem” if their ransom demands were not met. Tether has already stated that it will not pay the ransom, which amounts to a dollar value of $23.8 million at the time of publication. The firm tweeted: “Today we also received a ransom demand for 500 BTC to be sent to …

The latest “evil contract” exploit has netted an attacker over $14 million in stolen funds. Furucombo, a tool designed to help users “batch” transactions and interactions with multiple decentralized finance (DeFi) protocols at once, fell victim to the attack at roughly 4:45 pm UTC, which centered on token approvals from users. The attacker’s address currently has $14 million worth of various cryptocurrencies, but the attack appears to be larger as they have been transferring ETH to privacy mixer Tornado Cash in batches over the last hour. This attack is conceptually similar to the $20 million “evil jar” attack that struck …

Finance Redefined is Cointelegraph's DeFi-centric newsletter, delivered to subscribers every Wednesday. The Alpha Homora and Cream Finance hack has made a gigantic mark in the DeFi space this week. It is the largest single hack in DeFi history at $37 million in funds stolen. It is also one of the most complex, apparently leveraging several honest-to-God vulnerabilities in Alpha Homora. A few missing input checks in very specialized conditions allowed the hacker to abuse Alpha Homora’s privilege of borrowing an unlimited amount of funds from Cream Finance’s Iron Bank. Flash loans were of course involved, but unlike some previous hacks …