Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attacker supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation …

Crypto exchange Binance began investigating suspicious behavior on its platform after noticing abnormal price movements for certain trading pairs involving Sun Token (SUN), Ardor (ARDR), Osmosis (OSMO), FUNToken (FUN) and Golem (GLM) tokens. Nearly 40 minutes into the investigation, Binance CEO Changpeng ‘CZ’ Zhao revealed that the price movements “appears to be just market behavior.” On Dec. 11 at 3:10 am ET, Binance issued a notice about abnormal price movements for some trading pairs. The exchange began an investigation to narrow down suspicious accounts responsible for the issue. To investors’ relief, Binance’s investigation did not point to the possibility of …

The Nomad token bridge announced its relaunch guide after fixing the contract vulnerability that led to a $190 million exploit in August. According to a blog post from Dec. 7, the Nomad protocol will allow users to bridge back madAssets and access a pro-rata share of recovered funds. A redesign for the token bridge was also implemented by the Nomad team, said the company, explaining that without this redesign, the "first people to bridge back their madAssets would receive canonical tokens on a one-to-one basis until there were no canonical tokens left." To avoid this first-come, first-serve approach, the team …

Microsoft reports that a threat actor has been identified targeting cryptocurrency investment startups. A party Microsoft has dubbed DEV-0139 posed as a cryptocurrency investment company on Telegram and used an Excel file weaponized with “well-crafted” malware to infect systems that it then remotely accessed. The threat is part of a trend in attacks showing a high level of sophistication. In this case, the threat actor, falsely identifying itself with fake profiles of OKX employees, joined Telegram groups “used to facilitate communication between VIP clients and cryptocurrency exchange platforms,” Microsoft wrote in a Dec. 6 blog post. Microsoft explained: “We are …

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The FTX contagion that started in the second week of November is still haunting various crypto protocols in the DeFi ecosystem. The latest to fall prey to the contagion includes the Solana-based decentralized exchange (DEX) Serum, of which Alameda and FTX were backers. Another DeFi crypto trading firm Auros Global missed its principal repayment on a 2,400 Wrapped Ether (wETH) DeFi loan. Looking at some other key news in the DeFi ecosystem, popular DEX …

In a blog post on November 30, Coinbase sought to clarify its bug bounty program policies in response to the recent Uber data breach verdict. The company stated that it still welcomes “responsible” disclosure of security issues, but users who abuse this process will not be awarded bug bounties: “The key word in all of this is ‘responsible’. In the wake of the recent Uber verdict, there is a lot of concern in the industry about bug bounty submissions becoming extortion attempts. At Coinbase, [...] we’ve put a lot of thought into how we operate our bug bounty program to …

FTX’s former CEO Sam Bankman-Fried has divulged what really went on in the days before it filed for bankruptcy when the exchange selectively reopened withdrawals — only for Bahamian users. In a telephone interview with crypto blogger Tiffany Fong, dated Nov. 16, Bankman-Fried claims to have made the decision to reopen withdrawals to Bahamian citizens as he did not want himself, nor the exchange, to be in a country “with a lot of angry people in it.” “The reason I did it was it was critical to the exchange being able to have a future because that’s where I am …

Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money. A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far. 1/ Myself and @bax1337 spent this past weekend …

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The prolonged crypto winter aided by the collapse of FTX has kept investors from backing a new protocol that merges DeFi and the foreign exchange market. A new Cosmos blockchain-based DeFi protocol has caught the eyes of investors who have put $10 million behind the project. Cardano-based leading stablecoin ecosystem Ardana abruptly stopped its development after several launch delays. However, the project remains open-source for others to add to it until they restart the …

The hacker behind the theft of more than $447 million of crypto from the crypto exchange FTX has been again spotted moving their ill-gotten funds. According to Etherscan data, between 4:11 to 4:17 pm UTC on November 21, the attacker moved a total of 180,000 Ether (ETH) across 12 newly created wallets — each receiving 15,000 ETH. The total amount moved totaled $199.3 million at current prices. At the time of publication, the ETH has not moved from any of the 12 wallets. Some in the crypto community suggest the attacker may be planning to subdivide it into smaller and …

The hacker behind the bankrupt cryptocurrency exchange FTX started transferring their Ether (ETH) holding to a new wallet address on Nov. 20. The FTX wallet drainer was the 27th largest ETH holder after the hack but dropped by 10 positions after the weekend ETH dump. The FTX hacker drained nearly $447 million out of multiple FTX global and FTX.US exchange wallets just hours after the crypto exchange filed for Chapter 11 bankruptcy on Nov. 11. Majority of the stolen funds were in ETH, making the exploiter the 27th largest ETH whale. On Nov.20, the FTX wallet drainer 1 transferred 50,000 …

On-chain sleuth ZachXBT has shared his findings on what he sees as the three most common misconceptions about the FTX hack — taking to Twitter to correct a "ton of misinformation" about the event and the possible culprits. In a lengthy Nov. 20 post on Twitter, the self-proclaimed “on-chain sleuth” debunked speculation that Bahamian officials were behind the FTX hack, that exchanges knew the hacker's true identity, and that the culprit is trading memecoins. 1/ I have seen a ton of misinformation being spread on Twitter and in the news about the FTX event so let me debunk the three …