Data from Etherscan shows that some crypto scammers are targeting users with a new trick that allows them to confirm a transaction from the victim’s wallet, but without having the victim’s private key. The attack can only be performed for transactions of 0 value. However, it may cause some users to accidentally send tokens to the attacker as a result of cutting and pasting from a hijacked transaction history. Blockchain security firm SlowMist discovered the new technique in December and revealed it in a blog post. Since then, both SafePal and Etherscan have adopted mitigation techniques to limit its effect …

Decentralized exchange (DEX) protocol CoW Swap recently suffered an attack, losing at least 550 BNB (BNB) in a contract exploit that approved fund transfers from the protocol. Blockchain surveyor MevRefund flagged the event and detected that the funds seemed to be moving away from CoW Swap. The MEV searcher warned the DEX and its users of the exploit in a Twitter thread. @CoWSwap your funds appear to be moooving away ...https://t.co/li1NkXNeUp — MevRefund (@MevRefund) February 7, 2023 According to the Smart contract auditing firm BlockSec, a wallet address was added as a “solver” of CoW Swap by a multisig. Then, …

A confidential United Nations report has revealed North Korean hackers stole more crypto assets in 2022 than in any other year so far. The UN report, seen by Reuters, was reportedly submitted to a 15-member North Korea sanctions committee last week. It found North Korean-linked hackers were responsible for between $630 million and more than $1 billion in stolen crypto assets last year and targeted networks of foreign aerospace and defense companies. The UN report also noted that cyber attacks were more sophisticated than in previous years, making tracing stolen funds more difficult than ever. "[North Korea] used increasingly sophisticated …

The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point. He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. The thieves were somehow able to gain access …

How to protect yourself in the metaverse To protect yourself in the metaverse, use strong passwords, be cautious of suspicious activity, and limit the amount of personal information shared online. Here are some ways to protect yourself in the metaverse: Use strong and unique passwords: Create secure passwords utilizing a variety of letters, numbers and symbols and steer clear of using the same one for many accounts. When disclosing personal information, exercise caution: Be cautious when sharing information online and be on the lookout for unauthorized requests for personal information. Utilize two-factor authentication: To further secure your accounts, use two-factor …

The Federal Bureau of Investigation (FBI) has seized two non-fungible tokens (NFTs) worth more than $100,000 and 86.5 Ether (ETH) from a reported phishing scammer. The alleged scammer in question, Chase Senecal — known as Horror (HZ) online — was initially exposed via a lengthy investigation by independent blockchain sleuth ZachXBT posted back in September. In the FBI’s official notification posted on Feb. 3, it outlined that Seneca’s property — which also included an Audemars Piguet (AP) Royal Oak Watch worth $41,000 — was “seized for federal forfeiture for violation of federal law.” The FBI’s notification did not detail much …

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. 2023 started on a bullish note for the entire crypto market, including the DeFi ecosystem, with most of the tokens posting double-digit gains in January and recording multi-month highs. Aside from the bull rally, January also saw a 93% year-on-year decline in losses from DeFi exploits and hacks. The slew of regulatory action against the Mango Markets exploiter is being hailed as a big win for the DeFi sector. The United States Securities and …

In February 2022, OpenSea fell prey to a major phishing attack that resulted in over $1.7 million in nonfungible tokens (NFTs) being stolen from users. It wasn’t the only incident: Blockchain users reportedly lost $3.9 billion to fraudulent activity in 2022 alone. As we entered 2023, there was a chorus of promises to increase security within the crypto space. But, so far, things haven’t significantly changed. Companies that utilize blockchain still aren’t doing enough to prevent scams. If blockchain technology is going to see mass adoption, companies will have to change their approach from the bottom up. By focusing on …

According to blockchain security firm CertiK, the damage caused to decentralized protocol BonqDAO on Feb. 1 may have been much less than initially thought. As told by CertiK, the attacker first borrowed 100 million BEUR, a euro stablecoin, with less than $1,000 in collateral due to a lack of controls on the collateralization ratio. If users set the parameter to zero, then the platform defaults to returning the "maximum value of uint256," allowing an astronomical sum of loans to be issued. However, CertiK said that despite the attacker borrowing 100 million BEUR (around $120 million at the time of attack), …

A big concern for users in decentralized finance (DeFi) involves the industry’s susceptibility to exploits. A report from Privacy Affairs revealed hackers stole $4.3 billion worth of cryptocurrency in the time period from January to November 2022 — a 37% increase from the previous year. Such exploits harm the integrity of companies and fuel skeptics from outside of the space in their case against cryptocurrencies. However, in a Feb. 2 announcement from Web3 Builders Inc., the company revealed a suite of tools to combat this issue. The initial browser extension TrustCheck was created to flag Web3-related scams before users continue …

A small-scale decentralized autonomous organization (DAO) has suffered a rather sizeable smart contract exploit leading to an estimated $120 million being stolen from its protocol. BonqDAO, which is behind the Bonq protocol, told its Twitter followers on Feb. 1 that its protocol was exposed to an oracle hack that allowed the exploiter to manipulate the price of the AllianceBlock (ALBT) token. Bonq protocol was exposed to an oracle hack, where exploiter increased the ALBT price and minted large amounts of BEUR. The BEUR was then swapped for other tokens on Uniswap. Then, the price was decreased to almost zero, which …

Aside from the bullish crypto market rally in January, there’s been more positive industry news as the month saw a decline in losses from exploits compared to the same time last year. According to data from blockchain security firm PeckShield on Jan. 31, there were $8.8 million in losses from crypto exploits in January. There were 24 exploits over the month, with $2.6 million worth of crypto being sent to mixers such as Tornado Cash. The breakdown of assets sent to mixers includes 1,200 Ether (ETH) and around 2,668 BNB (BNB). The January figures are 92.7% lower than the $121.4 …