Search This Blog

Showing posts with label Blockchain. Show all posts

The Hunt for the FTX Thieves Has Started

 

Cryptocurrency has always provided an interesting mix of temptations and difficulties for those trying to steal it.  It is a lucrative target because it is digital cash held in multibillion-dollar sums on hackable, internet-connected networks. However, once stolen, the blockchains on which almost every cryptocurrency is built allow for tracking the money's every move and, in many cases, identifying the thieves.  

Recently, unknown transactions were reported to have drained FTX wallets. As per observers, FTX was hacked or insiders stole client funds during the abrupt FTX collapse. There have been "unauthorized transactions" from the group's wallets to addresses not controlled by FTX, according to FTX US general counsel Ryne Miller. FTX filed for Chapter 11 bankruptcy protection from its creditors yesterday. These creditors are concerned that some of their funds will be unavailable for payment.

On Twitter, a developer announced that "hundreds of millions of dollars" in cryptocurrency were being transferred from FTX wallets. Because of the late hour of the transactions, it appeared that liquidators were not assisting creditors.

Afterward, on-chain forensics expert ZachXBT tweeted that the receiving addresses were not FTX wallets, according to former FTX employees. Because FTX and FTX US are supposedly separate businesses and were operated as such, a hacker would be unlikely to gain simultaneous access to the private keys of both exchanges unless they had inside information or were insiders.

However, given FTX's demise, anything is possible. According to Bloomberg, junior employees took the initiative to sell off some of FTX's troubled assets. There are two major drainage areas that have been identified. It is possible that up to $383 million in cryptocurrency was stolen:
Main draining address: 
https://etherscan.io/address/0x59abf3837fa962d6853b4cc0a19513aa031fd32b

Shitcoin draining address:
https://etherscan.io/address/0xd8019a114e86ad41d71a3eeb6620b19dd166a969

According to Nansen, a crypto analytics research firm, the outflows totaled at least $266 million. As per the Australian Financial Review, the number of missing funds in Ethereum, Solana, BNB LINK, AVAX, and MATIC could be as high as $600 million.

Were the FTX app and website also compromised?

There are also unconfirmed reports that the FTX app has been infected with malware and should no longer be used, as well as the FTX website. However, Rey, an FTX Telegram administrator, uploaded it.

Nevertheless, the puzzling scenario for the 1,2 million FTX customers is still evolving. The FTX app has been updated, but for the time being, experts recommend all FTX clients avoid running the update or interacting with their FTX account.

Customers are advised not to make any changes to their accounts until further information, presumably in the form of an official announcement from FTX, becomes available. According to his most recent tweet, Binance founder and CEO Changpeng Zhao (CZ) is unimpressed with the latest turn of events. Elon Musk also contributed, despite the fact that he was expected to be preoccupied with the blue tick scandal.

Google Cloud Delivers Web3 Developers for Blockchain Node Engine

The Blockchain still has more than 38 million customers in 140 countries worldwide, according to the Google Cloud website. In a news release, the business stated that the launch represents a resolve to aid Web3 developers in creating and deploying new products on platforms based on blockchain technology. 

Blockchains serve as a sort of decentralized database because they are made up of transaction data that is encrypted and permanently stored. The governing infrastructure is a node, which is a computer or server that holds the whole copy of the blockchain's transaction history in addition to depending on a central authority to confirm data.

Amit Zavery, GM and VP of engineering and platform, and James Tromans, director of cloud web3, announced the new service in a blog post that explained how difficult it is for blockchain nodes to stay in sync since they must continually exchange the most relevant blockchain data. It requires a lot of resources and data.

By providing a service model to handle node creation and a safe development environment in a fully managed product, Google Cloud aims to make it simpler. From Google's standpoint, it is far simpler to let them handle the labor-intensive tasks while you focus on creating your web3 application.

Additionally, Web3 businesses that need dedicated nodes can create effective contracts, relay transactions, read or write blockchain data, and more using the dependable and fast network architecture of Google Cloud. Organizations using Web3 benefit from quicker system setup, secure development, and managed service operations.

The goal of Google's blockchain service is to deploy nodes with the security of a virtual private cloud firewall that restricts networking and communication to vetted users and computers. The ability to access the notes from processes like distributed denial of service assaults will be restricted by other services like Google Cloud Armor.

Gains from Node Engine

The majority will adopt this method after Ethereum, which will employ it first. The following are some advantages that businesses could gain from using this Google Cloud Node Engine.

It takes a significant amount of time to manually node, and it can prove difficult for a node to sync with the network. However, the developers can deploy nodes using Google Cloud's Node Engine in a single transaction, simplifying and speeding up the procedure.

In the realm of cryptocurrency, data security is of utmost importance. The developers will benefit from the Engine Node's assistance in protecting their data and preventing illegal access to the nodes. Additionally, Google Cloud shields the nodes from DDoS assaults, just like Cloud Armor.

This development seeks to "assist enterprises with a stable, easy-to-use blockchain node web host so they can focus their efforts on developing and scaling their Web3 apps," according to Google Cloud's official website.

An approved group fully manages the Google Cloud Engine Node. The staff will administer the system during an outage, therefore you will have no concerns about availability. Nodes need to be restarted and monitored during an outage; the group will take care of it for clients.

Hong Kong Will Legalize Retail Crypto Trading to Establish a Cryptocurrency Hub

 


A plan to legalize retail cryptocurrency trading has been announced by Hong Kong to create a more friendly regulatory regime for cryptocurrencies. There has been an opposite trend over the last few years in the city, with skeptical views, as well as China's ban on the practice. 

According to sources familiar with the matter, an upcoming mandatory licensing program for crypto platforms scheduled to take effect in March next year will allow retail traders access to crypto platforms. There has been a request not to name these people since they are not authorized to release this information publicly.

There have been reports that the regulators are planning to allow the listing of higher-value tokens in the coming months but will not endorse specific coins such as Bitcoin or Ether, according to the people. They noted that the details and timeframe are yet to be finalized since a public consultation is due first.

At a fintech conference that starts on Monday, the government is expected to provide more details regarding its recently announced goal of creating a top crypto hub in the region. To restore Hong Kong's reputation as a financial center after years of political turmoil and the aftermath of Covid curbs sparked a talent exodus, the marketing campaign comes amid a larger effort to put Hong Kong back on the map.

Gary Tiu, executive director at crypto firm BC Technology Group Ltd, said that, while mandatory licensing in Hong Kong is one of the most effective things regulators can do, they cannot forever satisfy the needs of retail investors who are investing in crypto assets. 

Criteria for listing 

According to people familiar with the matter, the upcoming regime for listing tokens on retail exchanges is likely to include criteria such as the token's market value, liquidity, and membership in third-party crypto indexes to determine eligibility for listing. Their approach resembles the one they used when it came to structured products such as warrants, they continued. 

Hong Kong's Securities and Futures Commission spokesperson did not respond to a request for comment regarding the details of the revised stance adopted by the agency. 

Several crypto-related Hong Kong companies that are listed on the stock exchange increased their share prices on Friday. In the same report, BC Technology climbed 4.8% to its highest in three weeks during the third quarter, whilst Huobi Technology Holdings Ltd. rose slightly. 

In a world where more and more regulators are grappling with how to manage the volatile area of digital assets. This area has gone through a $2 trillion rout, following a peak in early November 2021. The sector is finding it difficult to regain its previous strength. Firms that dealt in cryptocurrency were crushed by the crash because their leverage grew without limit and their risk management methods were exposed.

It is widely believed that Singapore has tightened up its digital-asset rules to curb retail trading in digital assets to deal with the implosion that has hit Hong Kong. 

There was a proposal earlier this week by Singapore to ban the purchase of leveraged retail tokens on the retail market. There was a ban on cryptos in China a year ago because it was largely illegal. 

Michel Lee, executive president of digital-asset specialist HashKey Group, said that Hong Kong is trying to frame a crypto regime that extends beyond the retail token trading market to incorporate all types of digital assets, including cryptocurrencies. 

Bringing the ecosystem to the next level 

Among other things, Lee believes that tokenized versions of stocks and bonds could become a much more significant segment in the future as time passes on. Lee said, "Just trading digital assets on its own is not the goal". According to Lee, digital assets are not intended to be traded on their own but the ecosystem must grow as quickly as possible.”

A big exchange such as Binance and FTX once had their base in Hong Kong. Their attraction was the reputation of a laissez-faire regime and their strong ties to China. A voluntary licensing regime, that was introduced by the city in 2018, limited crypto platforms' access to clients with portfolios exceeding HK$8 million ($1 million) to those with portfolios of less than that amount. 

It has been confirmed that only two firms have been approved to operate under the license, BC Group and HashKey. FTX successfully managed to turn away the more lucrative consumer-facing business to the Bahamas last year as a result of the signal of a tough approach. 

However, the plan to attract crypto entrepreneurs back to Hong Kong seems to be a bit short of what is needed to usher them back. Among other things, it remains to be seen if mainland Chinese investors would be able to trade in tokens through Hong Kong if that were to be permitted. 

Leonhard Weese, the co-founder of the Bitcoin Association of Hong Kong, expressed a fear that there might be a very strict licensing regime in the future. "The conversations I have had indicate that people still fear it will be very stressful," he said. The company claims that it is not competitive on the same level as overseas platforms. Therefore, it will not be as attractive to customers as it would be if it dealt directly with retail users. 

According to blockchain specialist Chainalysis Inc., the volume of digital-token transactions in Hong Kong through June declined less than 10% from a year earlier, the most modest increase in the region outside of a slump in China, in the 12 months through June. It has fallen two positions from its global ranking of 39 in 2021 to 46 in 2022 when it comes to crypto adoption throughout the city. 

The Securities and Futures Commission of Hong Kong's Fintech Department has also suggested that the city could take further steps in this area, including the establishment of a regime to authorize exchange-traded funds seeking exposure to mainstream virtual assets. 

It shows that the one country, two systems principle is being put into action in financial markets, Wong said at an event last week. He said that the fact that the city can introduce a cryptocurrency framework distinct from China's indicates how far it has come.

FBI Alerts of Rise in Attacks Targeting DeFi Platforms

 

The FBI is alerting of an increase in cryptocurrency theft attacks on decentralised finance (DeFi) platforms.

According to the agency, criminals are exploiting the increased interest in cryptocurrency, as well as the complex functionality and open-source nature of DeFi platforms, to carry out nefarious activities.

According to the FBI, cybercriminals are stealing virtual currency and causing investors to lose money by utilising security flaws in the smart contracts that govern DeFi platforms. Smart contracts, defined as self-executing contracts containing the terms of an agreement between a buyer and a seller within their lines of code, are present throughout the decentralised blockchain network.

DeFi platforms accounted for roughly 97% of the $1.3 billion in cryptocurrencies stolen by cybercriminals between January and March 2022, an increase from 72% in 2021 and 30% in 2020.

According to the FBI, cybercriminals have also initiated flash loans to trigger an exploit in the DeFi platform's smart contracts (resulting in $3 million in cryptocurrency losses), exploited a signature verification bug in a DeFi platform's token bridge (resulting in $3 million in cryptocurrency losses), and tampered cryptocurrency price pairs (to steal $35 million in cryptocurrency).

Before investing, investors should research DeFi platforms, protocols, and smart contracts to identify potential risks and ensure that the DeFi investment platform's code has been audited at least once.

Furthermore, they should be cautious of DeFi investment pools with short timeframes for joining and rapid deployment of smart contracts, as well as the dangers posed by crowdsourced solutions in terms of bug hunting and patching.

According to the FBI, DeFi platforms should implement real-time analytics, monitoring, and code testing to address vulnerabilities and possibly shady activity, as well as an incident response plan that includes informing investors of any suspicious activity, including smart contract exploitation.

Binance Executive: Scammers Created a 'Deep Fake Hologram' of him to Fool Victims

 

According to a Binance public relations executive, fraudsters created a deep-fake "AI hologram" of him to scam cryptocurrency projects via Zoom video calls.

Patrick Hillmann, chief communications officer at the crypto hypermart, stated he received messages from project teams thanking him for meeting with them virtually to discuss listing their digital assets on Binance over the past month. This raised some suspicions because Hillmann isn't involved in the exchange's listings and doesn't know the people messaging him.

"It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a 'deep fake' of me," Hillmann said. "Other than the 15 pounds that I gained during COVID being noticeably absent, this deep fake was refined enough to fool several highly intelligent crypto community members."

Hillmann included a screenshot of a project manager asking him to confirm that he was, in fact, on a Zoom call in his write-up this week. The hologram is the latest example of cybercriminals impersonating Binance employees and executives on Twitter, LinkedIn, and other social media platforms.

Scams abound in the cryptocurrency world.
Despite highlighting a wealth of security experts and systems at Binance, Hillman insisted that users must be the first line of defence against scammers. He wrote that they can do so by being vigilant, using the Binance Verify tool, and reporting anything suspicious to Binance support.

“I was not prepared for the onslaught of cyberattacks, phishing attacks, and scams that regularly target the crypto community. Now I understand why Binance goes to the lengths it does,” he added.

The only proof Hillman provided was a screenshot of a chat with someone asking him to confirm a Zoom call they previously had. Hillman responds: “That was not me,” before the unidentified person posts a link to somebody’s LinkedIn profile, telling Hillman “This person sent me a Zoom link then your hologram was in the zoom, please report the scam”.

The fight against deepfakes
Deepfakes are becoming more common in the age of misinformation and artificial intelligence, as technological advancements make convincing digital impersonations of people online more viable.

They are sometimes highly realistic fabrications that have sparked global outrage, particularly when used in a political context. A deepfake video of Ukrainian President Volodymyr Zelenskyy was posted online in March of this year, with the digital impersonation of the leader telling citizens to surrender to Russia.

On Twitter, one version of the deepfake was viewed over 120,000 times. In its fight against disinformation, the European Union has targeted deepfakes, recently requiring tech companies such as Google, Facebook, and Twitter to take countermeasures or face heavy fines.

Solana Funds Breached via Unknown Bug

After customers complained about their funds being stolen, Solana, a blockchain that is growing in popularity for its quick transactions, became the subject of the most recent breach in the cryptocurrency world.

The platform has launched an inquiry and is currently attempting to ascertain how the hackers were able to steal the money. 

What is SOL?

The value of Solana's stake, dropped by 7% to $38.4 in the past day, marking its lowest level in a week.

Solana is an open-source project that relies on the permissionlessness of blockchain technology to offer decentralized financial (DeFi) solutions. According to CoinGecko, end-user applications in the Solana ecosystem include non-fungible tokens (NFT), marketplaces, gaming, e-commerce, and decentralized finance (DeFi).

According to CoinGecko, Solana is one of the top 10 cryptocurrency assets in terms of market value, although its value has fallen significantly from its all-time high of $259.96 reached in November 2021.

The primary reason for the breach

The security problem appears to have affected more than 8,000 wallets, depleting them of their SOL tokens and USDC stablecoins, according to Changpeng  Zhao, CEO of cryptocurrency exchange Binance.

A blockchain consulting firm called Elliptic stated that the attack started on August 2 and has already resulted in the data theft of $5.8 million for its clients. The Solana cryptocurrency, and non-fungible tokens, as per the report, were among the stolen goods.

Elliptic noted that the issue didn't seem to be with the blockchain core, the digital ledger of transactions that serves as the foundation of cryptocurrency assets, but rather with software utilized by such wallets.

Phantom, Slope, and TrustWallet are among the other wallets that have been compromised by the hack.

Several blockchain security experts believe that a supply chain attack, a browser zero-day vulnerability, or a flawed random number generator used during the key generation process might have been leveraged to access such a huge number of private keys.


Hacker Steals $100 million Worth of Crypto from Harmony Horizon Bridge

 

Earlier this week, the Horizon bridge linking Harmony – a Layer-1 PoS blockchain designed for native token ONE – to the Ethereum and Binance Chain ecosystem was exploited, resulting in a loss of nearly $100 million in Ethereum. Fortunately, the BTC bridge remained unaffected and has been shut down to prevent further losses. 

The U.S. crypto startup has notified the FBI and requested to assist with an investigation in identifying the culprit and retrieving stolen assets. 

“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the company posted on Twitter. 

“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands-on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”

The attack appears to have taken place over the span of 17 hours, starting at about 7:08 am EST until 7:26 am EST. The value of the first transaction was 4,919 ETH, followed by multiple smaller transactions ranging from 911 to 0.0003 ETH. The last one took place after the bridge had been shut down. 

The hack is the latest in a series of exploits affecting the crypto space. So far, Frax (FRAX), Wrapped Ether (wETH). Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC), and USD Coin (USDC) have been stolen from the bridge via this exploit. 


Interestingly, a warning was issued by an independent researcher and blockchain developer Ape Dev back on the 2nd of April. In a series of tweets, the researcher warned that the security of the Horizon bridge hinged on a multisignature — or “multisig” — a wallet that required just two signatures to initiate transactions. The hackers could exploit this loophole to execute a very simple attack by getting 2 of the owners to sign off on transfers worth up to $330million. 

The hack adds to a series of negative news in the crypto space lately. Crypto lenders Celsius and Babel Finance put a freeze on withdrawals after a sharp drop in the value of their assets resulted in a liquidity crunch. Meanwhile, crypto hedge fund Three Arrows Capital could be declared as a defaulter for failing to repay a $660 million loan from brokerage firm Voyager Digital.

Alert! Scam Pixelmon NFT Website Hosts Password-stealing Malware

 

A bogus Pixelmon NFT site tempts visitors with free tokens and collectables while infecting them with spyware that steals their cryptocurrency wallets. Pixelmon is a popular NFT project with plans to create an online metaverse game where users can gather, train, and battle other players with pixelmon pets. 

The project has attracted a lot of attention, with nearly 200,000 Twitter followers and over 25,000 Discord members. Threat actors have replicated the original pixelmon.club website and built a fake version at pixelmon[.]pw to deliver malware to take advantage of this interest. Instead of providing a demo of the project's game, the malicious site provides executables that install password-stealing malware on a device. 

The website is selling a package named Installer.zip that contains a faulty executable that does not infect customers with malware. However, MalwareHunterTeam, which was the first to identify this malicious site, detected other dangerous files transmitted by it, allowing to see what malware it was spreading. Setup.zip, which contains the setup.lnk file, is one of the files sent by this fraudulent site. Setup.lnk is a Windows shortcut that runs a PowerShell command to download pixelmon[.]pw's system32.hta file. 

When BleepingComputer tested these malicious payloads, the System32.hta file downloaded Vidar, a password-stealing malware that is no longer widely used. Security researcher Fumik0_, who has previously examined this malware family, confirmed this. When launched, the Vidar sample from the threat actor connects to a Telegram channel and retrieves the IP address of a malware's command and control server. The malware will then obtain a configuration instruction from the C2 and download further modules to steal data from the afflicted device. 

Vidar malware may steal passwords from browsers and apps, as well as scan a computer for files with certain names, which it subsequently sends to the threat actor. The C2 commands the malware to seek for and steal numerous files, including text files, cryptocurrency wallets, backups, codes, password files, and authentication files, as seen in the malware setup below. Because this is an NFT site, visitors are expected to have bitcoin wallets installed on their PCs. 

As a result, threat actors focus on looking for and stealing cryptocurrency-related files. While the site is presently not distributing a functioning payload, BleepingComputer has observed evidence that the threat actors have been modifying the site in recent days, as payloads that were available two days ago are no longer available. 

One can expect this campaign to continue to be active, and working threats to be added soon, based on the site's activity. Due to the high number of fraudsters attempting to steal the bitcoin from NFT projects, one should always double-check that the URL they are viewing is indeed associated with  their interested project.

Users' Crypto Wallets are Stolen by Fake Binance NFT Mystery Box Bots

 

Researchers have discovered a new campaign to disperse the RedLine Stealer — a low-cost password seeker sold on underground forums — by mutating oneself with the data malware from GitHub repositories using a fake Binance NFT mystery box bots, an array of YouTube videos that take advantage of global interest in NFTs. 

The enticement is the promise of a bot that will automatically purchase Binance NFT Mystery Boxes as they become available. Binance mystery boxes are collections of non-fungible token (NFT) things for users to purchase in the hopes of receiving a one-of-a-kind or uncommon item at a discounted price. Some of the NFTs obtained in such boxes can be used in online blockchain games to add unusual cosmetics or identities. However, the bot is a hoax. According to Gustavo Palazolo, a malware analyst at Netskope Threat Labs, the video descriptions on the YouTube pages encourage victims to accidentally download RedLine Stealer from a GitHub link. 

In the NFT market, mystery boxes are popular because they provide individuals with the thrill of the unknown as well as the possibility of a large payout if they win a rare NFT. However, marketplaces such as Binance sell them in limited quantities, making some crates difficult to obtain before they sell out. 

"We found in this attempt that the attacker is also exploiting GitHub in the threat flow, to host the payloads," Palazolo said. "RedLine Stealer was already known for manipulating YouTube videos to proliferate through false themes," Palazolo said. The advertising was spotted by Netskope in April. "While RedLine Stealer is a low-cost malware, it has several capabilities that might do considerable harm to its victims, including the loss of sensitive data," Palazolo said. This is why prospective buyers frequently use "bots" to obtain them, and it is exactly this big trend that threat actors are attempting to exploit. 

The Ads were uploaded during March and April 2022, and each one includes a link to a GitHub repository that purports to host the bot but instead distributes RedLine. "BinanceNFT.bot v1.3.zip" is the name of the dropped file, which contains a program of a similar name, which is the cargo, a Visual C++ installation, and a README.txt file. Because RedLine is written in.NET, it demands the VC redistributable setup file to run, whereas the prose file contains the victim's installation instructions.

If the infected machine is found in any of the following countries, the virus does not run, according to Palazolo: Armenia, Azerbaijan,  Belarus,  Kazakhstan,  Kyrgyzstan,  Moldova,  Russia,  Tajikistan Ukraine, and Uzbekistan.

The repository's GitHub account, "NFTSupp," began work in March 2022, according to Palazolo. The same source also contains 15 zipped files including five different RedLine Stealer loaders. "While each of the five loaders we looked at is slightly different, they all unzip and inject RedLine Stealer in the same fashion, as we discussed earlier in this report. The oldest sample we identified was most likely created on March 11, 2022, and the newest sample was most likely compiled on April 7, 2022," he said. These promotions, on the other hand, use rebrand.ly URLs that lead to MediaFire downloads. This operation is also spreading password-stealing trojans, according to VirusTotal. 

RedLine is now available for $100 per month on a subscription basis to independent operators, and it allows for the theft of login passwords and cookies from browsers, content from chat apps, VPN keys, and cryptocurrency wallets. Keep in mind that the validity of platforms like YouTube and GitHub doesn't really inherently imply content reliability, as these sites' upload checks and moderation systems are inadequate.

 Ferrari Subdomain was Seized over to Promote a Bogus Ferrari NFT Collection

 

Cyberattackers hacked Ferrari's subdomains website to promote a fake NFT collection that pretended to be the much-anticipated official one and duped its consumers. 

Non-fungible tokens, or NFTs, are a new sort of digital asset that has been gaining popularity as big tech constructs the Metaverse. NFT is data recorded on a cryptocurrency blockchain that has been signed by a digital certificate to verify it is unique and cannot be copied. Having an NFT is similar to having a real asset, except the real deal is digital. The NFT trend is quickly spreading and is closely tied to cryptocurrency. It's also expanding rapidly. To mention a few, One Plus, Budweiser, Nike, Visa, Adidas, and Louis Vuitton have all entered the NFT realm. NFTs usually sell for a few dollars, however, in rare situations, the price of NFTs can surge. 

Sam Curry, an ethical hacker and bug bounty hunter, reported seeing one of Ferrari's subdomain forms on Thursday. A false NFT (Non-Fungible Token) fraud is hosted on ferrari.com.

Having a brand new Ferrari is exclusive for the wealthy, with prices ranging from $250,000.00 to 1.8 million dollars. Last year Ferrari announced it might soon sell digital Ferrari NFTs to appease its fan base, which made this scam all very convincing. 

Ferrari and Velas Network AG have established a new relationship. Velas stated that they would break into Formula 1 in 2022 alongside Ferrari. Internationally, the company is noted for its transparency and leadership in blockchain, digital products, and services. 

"Mint your Ferrari," a crypto scam, encouraged users to buy NFT tokens by falsely claiming Ferrari had launched "a collection of 4,458 horsepower [sic] NFTs on the Ethereum network." 

Further analysis by Curry and a security engineer is known as d0nut found how attackers hacked the subdomain and used an Adobe Experience Manager weakness to host its bitcoin fraud.

"After more investigation, it appears that this was an Adobe Experience Manager exploit. By poking around, you can still uncover remains of the unpatched site," Curry wrote.

Many people have criticized blockchains for conducting crypto trading and NFT services because of it's large energy consumption and environmental impact. Ferrari picked Velas for more than just the speed. The company operates in a carbon-neutral manner. Ferrari while announcing the big news claimed that "they have transformed the world of blockchain by inventing a pioneering, energy-efficient platform that functions at unprecedented speed."

Attackers Exploit WonderHero NFT Gaming Platform

 

WonderHero, a mainstream multi-platform GameFi for iOS and Android devices has deactivated its services after attackers stole nearly $320,000 worth of Binance Coin (BNB). The WND token’s value plummeted by 50% after the information surfaced online. 

WonderHero is one of the many popular games where players earn cryptocurrency and NFT revenue via gameplay. The platform currently has around 11,000 active users. Last week, PeckShield, a top-tier cybersecurity firm notified WonderHero that their platform was breached. To mitigate further damage, the play-to-earn cryptocurrency platform quickly disabled the game and its website before telling users it was aware of the price drop in WonderHero’s coin. 

In an official statement, WonderHero confirmed that “there was an attack on our blockchain bridging system and the attackers managed to get the signature and minted 80 million WND (the in-game cryptocurrency).” 

The company explained that attackers targeted their “cross-chain bridging withdrawal.” A cross-chain bridge permits users to transfer tokens, assets, smart contract instructions, and data between blockchains. In recent months, the cross-chain bridge has become a ripe target for hackers, and exploits in it have led to millions of dollars in losses.

In its announcement, the company promised it would work to address the breach on their cross-chain bridge before auditing the entire system and creating a new smart contract, and “fairly” compensating all of its followers with new tokens based on the amount of WND they owned before the hack. 

“Users can be assured that their HON, WND, NFT, and accounts on Polygon are safe. WonderHero website, marketplace, game, and other services will be temporarily disabled as the team works on the rectification,” the company said. A snapshot of users’ assets on the BNB Chain prior to the attack will be taken. WonderHero is committed to not just making the game fun but also keeping the assets of our players safe and we will spare no effort in doing so. The team will conduct checks and leave no stones unturned.” 

The incident took place just weeks after another play-to-earn cryptocurrency game, Axie Infinity, was hit by an attack that saw attackers steal more than $600 million worth of crypto. In this case, Sky Mavis, the company behind the game was able to raise 150 million dollars to pay the victims of the hack.

YouTube Scammers Steal $1.7M in Fake Crypto Giveaway

 

According to Group-IB, a group of online scammers made approximately $1.7 million by promising cryptocurrency giveaways on YouTube. 

The group allegedly aired 36 YouTube videos between February 16 and 18, gaining at least 165,000 views, according to the Singapore-based security company. To give validity to their efforts, they included footage of tech entrepreneurs and crypto enthusiasts like Elon Musk, Brad Garlinghouse, Michael Saylor, Changpeng Zhao, and Cathie Wood. 

According to Group-IB, the channels were either hacked or bought on the black market. They included links to at least 29 websites with instructions on how to double cryptocurrency investments in the streams they built. 

'Investors' were encouraged to send a tiny sum of virtual currency and promised that they would be paid back twice that amount. Some victims were prompted to enter seed phrases to 'link' their wallets, depending on the cryptocurrency and wallet type utilised. 

However, the fraudsters were able to take control of their wallet and withdraw all of their funds as a result of this. The scammers received 281 transactions totalling nearly $1.7 million into their crypto wallets in just three days. The precise number of victims and the overall amount stolen, however, are unknown. 

Group-IB stated, “The fake crypto giveaway scheme is not new, but apparently is still having a moment. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 interconnected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.” 

Crypto enthusiasts should be wary of freebies and avoid sharing personal information online, according to Group-IB. Users were also encouraged to double-check the authenticity of any promos and use a password manager to store any seed phrases.

Bored Ape & Other Major NFT Project Discords Hacked by Fraudsters

 

The Discords of several prominent NFT projects were hacked last week as part of a phishing scheme to mislead members into handing up their digital jpegs. 

In tweets, the Bored Ape Yacht Club, Nyoki, and Shamanz all confirmed Discord hacks. The Discords of NFT projects Doodles and Kaiju Kingz were also attacked, according to screenshots released by independent blockchain investigator Zachxbt. Doodles and Kaiju Kingz both confirmed that they had been hacked on their Discords. 

“Oh no, our dogs are mutating,” read one of the phishing posts posted in the BAYC Discord by a compromised bot viewed by Motherboard.

“MAKC can be staked for our $APE token. Holders of MAYC + BAYC will be able to claim exclusive rewards just by simply minting and holding our mutant dogs.” 

The hack's purpose was to get users to click a link to "mint" a phoney NFT by submitting ETH and, in some cases, an NFT to wrap into a token. 

“STAY SAFE. Do not mint anything from any Discord right now. A webhook in our Discord was briefly compromised,” the official BAYC Twitter account said early Friday morning. 

“We caught it immediately but please know: we are not doing any April Fools stealth mints / airdrops etc. Other Discords are also being attacked right now.” 

"Along with blue-chip projects like BAYC, and Doodles, our server was also compromised today due to a recent large-scale hack," the Nyoki’s tweet said. 

On blockchain explorer Etherscan, two wallet addresses have been linked to the hacks and are now dubbed Fake Phishing5519 and Fake Phishing5520. The 5519 wallet, which sent 19.85 ETH to the 5520 wallets, stole at least one Mutant Ape Yacht Club NFT (a BAYC offshoot by developer Yuga Labs) and soon sold it. Early Friday morning, this second wallet delivered 61 ETH ($211,000) to the mixing service Tornado Cash. The wallet's most recent transaction is a transfer of.6 ETH to an inactive wallet, which subsequently sent the same amount to an extremely active wallet with 1,447 ETH ($5 million), 6 million Tether coins ($6 million), and a variety of other tokens. 

This is not the first or last attack on crypto assets on Discord, which, while being a gaming-focused network, serves as a crucial centre for the great majority of projects. Crypto projects already have to deal with hacks that take advantage of smart contract flaws, but the fact that so many of them are also on Discord subjects them to frauds that exploit the power of the platform itself. 

Several high-profile accounts have already fallen prey to schemes that hacked bots responsible for channel-wide announcements and pushed websites in order to steal ETH, NFTs, or wallets.

Ola Finance: Attackers Stole $4.7M in 'Re-Entrancy' Exploit

 

According to a post-mortem report released by the developers, the decentralised lending platform Ola Finance was exploited for approximately $4.67 million in a "re-entrancy" assault on Thursday. 

Ola runs a decentralised finance (DeFi) platform that spans multiple blockchains, and the hack on Thursday targeted the Fuse network. For financial services such as lending and borrowing, DeFi refers to the use of smart contracts rather than third parties. 216,964.18 USDC, 507,216.68 BUSD, 200,000.00 fUSD, 550.45 wrapped ether, 26.25 wrapped bitcoin, and 1,240,000.00 FUSE were obtained using Ola's services on the Fuse network. 

At current pricing, all of that is worth more than $4.67 million. The attack took use of a re-entrancy flaw in the ERC677 token standard. Reentrancy is a frequent issue that allows attackers to deceive a smart contract into stealing assets by repeatedly calling a protocol. An authorization for a smart contract address to communicate with a user's wallet address is known as a call. 

The attacker used a 515 WETH flash loan from the WETH-WBTC pair on Voltage Finance to execute the initial heist transaction. The attacker avoided a flash loan in subsequent transactions by using funds that had already been stolen, according to the post-mortem study. Voltage is a decentralised trading protocol for the Fuse network that enables for automated trading of DeFi coins. 

Attackers were able to fool Voltage's smart contracts by transferring wrapped assets — which they generated using flash loans, a type of short-term uncollateralized borrowing, asking the smart contract send payments from Voltage to the hacker's addresses The attack, according to Ola Finance, could not be replicated on any of the lending networks it supports. The developers stated, “We will investigate each token’s 'transfer' logic to make sure no problematic token standards are in use.” 

 Meanwhile, Voltage stated it was in contact with third parties to track down the attacker and devise a method to compensate those who had been harmed.

Meter Claimed that a Hack on the Platform Resulted in the Theft of $4.4 Million

 

Meter, a blockchain infrastructure firm, says $4.4 million was stolen after an assault on the platform that began at 9 a.m. ET on Saturday. According to the company, it administers infrastructure that enables smart contracts to scale and transit across heterogeneous blockchain networks. The hack had an impact on both the Meter and Moonriver networks. PeckShield, a blockchain research company, verified that 1391 ETH and 2.74 BTC were stolen during the attack.

On Saturday about 2 p.m. ET, the firm announced that it had been hacked and advised users not to trade unbacked meterBNB circulating on Moonriver. "We have identified the issue: Passport has a feature to automatically wrap and unwrap gas tokens like ETH and BNB for user convenience. However, the contract did not block direct interaction of the wrapped ERC20 tokens for the native gas token and did not properly transfer and verify the correct number of WETH transferred from the callers' address. We are working on compensating funds to all affected users," the company explained.

Meter said that about 6 a.m. Pacific time, they discovered that someone had exploited a bridge vulnerability to mint a significant number of BNB and WETH tokens, depleting the bridge reserve for BNB on WETH. They promptly halted all bridge transactions and launched an investigation. Within 30 minutes, they determined that the problem was caused by a flaw in the Meter team's automatic wrap and wrap of native tokens such as BNB and ETH. 

All of the other tokens and reserves are SAFU. Meter discovered some early indications of the hacker and are cooperating with authorities. They urged the hacker to return the funds. 

"We are working on taking snapshots and designing a compensation plan to the WETH and BNB holders and LP providers. We urge all the liquidity providers that provide liquidity involving WETH and BNB to remove liquidity from the pool and wait for an additional announcement from the Meter team," they added. 

On February 2nd, $324 million was stolen via the widely used decentralised cross-chain message-passing protocol Wormhole. Researchers discovered proof of an 80,000 ETH transfer from Wormhole, as well as the hacker selling another 40,000 ETH on Solana. They have offered $10 million in restitution to the hacker and the same sum to anyone who can provide information "leading to the arrest and conviction of those responsible for the hack."

Hackers Steal Around $320M+ from Crypto Firm Wormhole

 

A threat actor abused a vulnerability in the Wormhole cryptocurrency platform to steal $322 million worth of Ether currency. 

Wormhole Portal, a web-based application—also known as a blockchain "bridge"—that enables users to change one type of bitcoin into another, was the target of the attack earlier. Bridge portals transform an input cryptocurrency into a temporary internal token, which they then turn into the user's preferred output cryptocurrency using "smart contracts" on the Ethereum blockchain. 

The attacker is suspected to have taken advantage of this method to deceive the Wormhole project into releasing significantly more Ether (ETH) and Solana (SOL) tokens than they originally provided. The attacker allegedly stole crypto-assets worth $322.8 million at the time of the attack, according to reports. As per reports, the attacker acquired crypto-assets worth $322.8 million at the time of the incident, which have since depreciated to $294 million due to price swings since the breach became public. 

While a Wormhole official is yet to respond to a request for comment on today's incident. The firm verified the incident on Twitter and put its site on maintenance while it investigates. The Wormhole attack is part of a recent pattern of abusing [blockchain] bridges, according to Tal Be'ery, CTO of bitcoin wallet app ZenGo who informed The Record about the Wormhole Attack. 

A hacker stole $80 million from Qubit Finance just a week ago, in a similar attack against another blockchain bridge. As per data compiled by the DeFiYield project, if Wormhole officially acknowledges the number of stolen funds, the incident will likely become the biggest hack of a cryptocurrency platform so far this year, and the second-largest hack of a decentralised finance (DeFi) platform of all time. 

Wormhole offered a $10 million "bug bounty" to a hacker. Be'ery pointed out that, similar to the Qubit hack, Wormhole is now appealing to the attacker to return the stolen funds in return for a $10 million reward and a "whitehat contract," which indicates that the platform will most likely not file any criminal complaints against the attacker. 

As per Wormhole's most recent Twitter update, posted on Thursday, February 3, the vulnerability has been fixed. However, as one former Uber executive discovered, such contracts exonerating hackers are illegal in some areas, and authorities may still investigate the hacker.


SEC: Stay Vigilant Against Cryptocurrency Related Frauds

 

The U.S. Securities and Exchange Commission has released a new alert that fresh illegal schemes are targeting digital assets. 

According to security experts, individuals and organisations must be cautious against crypto-related frauds or other "get rich fast" schemes since social engineering attempts are rising. 

The SEC's Office of Investor Education and Advocacy and Division of Enforcement's Retail Strategy Task Force states in its advisory, "Fraudsters continue to exploit the increasing popularity of digital assets to entice investors into schemes, frequently leading to severe losses." 

Users should be wary of phishing or impersonation schemes that pretend to provide something innovative or cutting edge, according to the regulator. 

The SEC added, "If you are considering a digital asset-related investment, take the time to understand how the investment works and to evaluate its risks. Look for warning signs that it may be a scam." 

The SEC's advisory comes after the authority fined BitConnect, a now-defunct cryptocurrency network, with $2 billion in the alleged fraud. 

The SEC termed the scheme "one of the largest Bitcoin-related Ponzi-like schemes," stating that defendants stole almost $2 billion of investor funds using a platform - a "technology bot" - that promised extravagant profits. The cryptocurrency platform reportedly advertised itself in several countries using testimonial-style YouTube videos and other social media.

As per the SEC, BitConnect ran a pyramid scheme-style referral programme, paid investor withdrawals from incoming investor funds, and "did not trade investors' Bitcoin consistent with its representation". 

Furthermore, according to the US Department of Justice, BitConnect's major U.S. promoter, Glenn Arcaro, pleaded guilty to similar criminal charges last week. Officials say he faces up to 20 years in jail and must refund $24 million to investors gained from the scam. 

Suspicious Signs

According to the Securities and Exchange Commission, suspicious digital asset activities frequently: 
• Are unregistered/unlicensed vendors;
• Demonstrate representations of account values rising; 
• Sounds too good to be true, and it usually is; 
• Promote phoney testimonials since fraudsters frequently pay people to promote a product or service on social media or through video. 

Many security and blockchain researchers attribute these malicious practices and highly complex social engineering tactics or outright misleading advertising, contributing to bad or disastrous crypto investments. 

According to James McQuiggan, the Florida Cyber Alliance's education director and a security awareness advocate for the business KnowBe4, "Cybercriminals will always find emotional lures to exploit users through social engineering. Asking yourself the question, 'Is this too good to be true?' is the first step to determine if the organisation is worthwhile." 

Likewise, Julio Barragan, head of cryptocurrency intelligence at CipherTrace, warned about ongoing schemes in which victims are enticed by a convincing fraudster who sends them direct messages on social media or through a friend's hacked account promising big rewards. 

As per Neil Jones, a cybersecurity evangelist with Egnyte, "Significant change [in the space] will only occur when cryptocurrency platforms become subject to the same standardized IT requirements as traditional investment platforms, and when cryptocurrency exchanges no longer represent a safe haven for payments to ransomware attackers." 

Notwithstanding, Robinson stated, "There is no need for new crypto-specific regulation to handle [these events] since regulators are currently prosecuting these fraudsters under existing laws." According to him, US authorities have penalized over $2.5 billion in fines, primarily for fraud and unregistered securities offerings. 

But authorities like Sen. Elizabeth Warren, D-Mass., continue to push for extensive cryptocurrency regulation. Warren compared many cryptocurrency activities to "shadow banks" that lack standard investor safeguards in an interview with The New York Times on Sunday. 

SEC Chair Gary Gensler highlighted earlier remarks on impending cryptocurrency regulation last week, stating The Financial Times that digital assets must be safe and long-lived within a public policy framework. He also asked the congressional authority to minimize investment risks associated with virtual currencies.

Hacker Rewarded With $500,000 and a CSA Job by Poly Network

 

Lately, it has been a turbulence-filled time for Poly Networks. The company creates software to handle the exchange between different blockchains for cryptocurrencies and other commodities. 

The company announced last week, by leveraging its security weaknesses, that a fraudster took hundreds of millions of dollars off its network in digital tokens, worth $600 million (roughly Rs 4,462 crores). But the same company has offered a Chief Security Advisor job role plus a sum of $500,000 to the crypto hacker involved in the heist that reaped over $600 million (roughly Rs 4,462 crores) last week. 

The criminal has started handing back digital money – and at least $260m of tokens were repaid after Poly Network encouraged netizens, crypto-exchanges, and miners to disallow the transactions containing the wallet credentials of the criminal. The business claimed that they have maintained communication with the suspect, known as Mr. White Hat. 

It is believed to be the biggest crypto theft ever, overtaking the US$534.8 million in digital coins seized from the Japanese exchange Coincheck during a cyberattack in 2018 and the approximated $450 million bitcoin crypto theft from Tokyo exchange Mt. Gox in 2014. 

"It is important to reiterate that Poly Network has no intention of holding Mr. White Hat legally responsible, as we are confident that Mr. White Hat will promptly return full control of the assets to Poly Network and its users," the organization said. "While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr. White Hat’s vision for Defi and the crypto world, which is in line with Poly Network’s ambitions from the very beginning — to provide interoperability for ledgers in Web 3.0." 

As a bug bounty prize on Ethereum Poly Network awarded him $500,000. However, he stated that he wouldn't accept the money, yet the awarded money was sent to his wallet. Additionally, the firm has advanced one step further and offered him the Chief Security Advisor position in their firm. 

Nevertheless, the business stated it completely acknowledges the intentions of Mr. White Hat to deny the cash and transfer it to people who strive to enhance the technology of Blockchain. “We will still transfer this $500,000 bounty to a wallet address approved by Mr. White Hat so that he can use it for the cause of cybersecurity,” Poly Network added. 

It is not known if the so-called Mr. White Hat will accept the employment offer or not. It doesn't appear probable right now, making judgments on the messages included in Ethereum transactions made between the two parties. He is still yet to give up $238 million to their knowledge, though he says he is not prepared to give the keys back to the wallet that stores the cash. He also stated earlier that Poly Network was targeted for fun and that its programming was fragile. 

“We are counting on more experts like Mr. White Hat to be involved in the future development of Poly Network since we believe that we share the vision to build a secure and robust distributed system,” it said in a statement. “Also, to extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network.”

The Hacker Behind the Biggest Crypto Heist is Refusing to Return the Remaining Funds

 

The Poly Network attack took place two weeks ago, but the narrative is far from finished. Mr. White Hat, an unknown hacker, was able to extract $614 million in cryptocurrencies, according to the Poly Network team. They are now declining to assist and delaying the Poly Network team after returning a portion of the cash. 

The hack is regarded as the largest crypto theft to date, and the Poly Network team appears to have fewer options other than to ask the hacker to restore the stolen funds peacefully. The attacker/ attackers are interacting with the Poly Network team via the Ethereum blockchain's transaction data field. The unknown hacker is known as "Poly Network Exploiter 1," as per blockchain-tracking service Etherscan. 

“Your essays are very convincing while your actions are showing your distrust, what a funny game. You don’t [sic] even think to unlock my USDT account,” Poly Network Exploiter 1 wrote on the Ethereum blockchain. 

The attacker is referencing a USDT account with $33 million in stablecoins. The funds have been frozen by Tether, which irritates the offender. The hacker's conversation suggests that he has no issues with keeping the stolen money for an undetermined period. 

The Poly Network team replied, "We still hope you can provide the key to us this week because thousands of people are eager to get their assets back." 

In the response, Poly Network Exploiter 1 replied, “I am not ready to publish the key in this week [sic]… Here is one thing that you can always trust me: [sic] Holding BTC and ETH is better than trading them.” 

On August 10, the Poly Network was hacked, and the intruder returned $256 million worth of coins the next day. As a gesture of cooperation, the hacker produced a token labeled 'The hacker is ready to surrender' and sent it to the assigned Polygon address. 

The Poly Network team has given a $500,000 bounty for identifying the exploit to make things easier for the attacker. It is willing to pay 160 ETH ($500,000) to the hacker's address, a gesture that the hacker has turned down. The attacker has also been given the opportunity to become a consultant for the DeFi initiative (decentralized finance). 

Mr. White Hat, as the hacker is called by Poly Network, is a reference to ethical hackers that look for flaws and assist organizations to patch them. It's unclear why the hacker is preventing the final part of assets from being accessed. Poly Network is in charge of roughly $330 million in stolen funds, while Tether, a stablecoin operator, has frozen $33 million pending legal action. Because the blockchain is transparent, putting every transaction data out in the open, hackers find it difficult to get away from their crime or encash it, according to Chainalysis. 

The company mentioned in its report, "With the inherent transparency of blockchains and the eyes of an entire industry on you, how could any cryptocurrency hacker expect to escape with a large cache of stolen funds?" 

"In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet." 

It's hard to determine whether the hacker was attempting an ethical assault or committing a heist. The underlying reason, however, does not appear to be a concern for the Poly Network team at this time. 

As the pressure from thousands of victims grows, recovering the stolen funds is a prime concern. The attack serves as a reminder to governments and authorities that cryptocurrency legislation must be taken seriously. There is currently near to zero accountability, posing a significant danger to the future of DeFi. 

“Regardless of their intentions, we’re of the belief that this sort of publicity stunt hurts the perception of the virtual asset economy in the eyes of the public,” said AnChain.AI founder and CEO Victor Fang. 

DeFi-related thefts are on the upsurge, the first seven months of the year represented 54% of overall crypto fraud volume, compared to 3% for the entire year last year, according to CipherTrace.

The youngest crypto millionaire Mr. Buterin destroyed almost $7 billion worth of Shiba tokens donated to him

 Creator of Ethereum, crypto millionaire Vitalik Buterin destroyed more than 410 trillion Shiba tokens, the total value of which CoinDesk estimates at $6.7 billion. According to Etherscan, Buterin sent the coins to a non-existent address and thus removed them from circulation

In a note attached to the transaction, Buterin explained that he had decided to destroy 90% of the Shiba tokens he owned. The billionaire plans to send the rest of the funds to charity.

He has previously donated more than 50 trillion Shiba tokens (almost a billion dollars) to the fight against coronavirus in India.

Earlier, the creators of Shiba transferred half of all issued coins to the wallet of the founder of Ethereum to attract attention to their cryptocurrency. In his note, Buterin asked all the creators of cryptocurrencies to no longer send him tokens without his consent.

The mass destruction of tokens has not yet affected the Shiba token exchange rate. According to Coingecko, since the morning of May 17, the value of the cryptocurrency is kept at about 0.000016 dollars per token.

However, the commission has decreased. According to Bitinfocharts, the average transaction fee on the Ethereum network has decreased by 74% over the past five days.

Yuri Pripachkin, president of the Russian Association of Cryptocurrencies and Blockchain, added that any destruction of the mass of tokens leads to an increase in the price.

"This is a PR campaign to attract attention to Ethereum. This is a marketing move, Vitalik Buterin has the right to do so," Pripachkin said.

According to him, meme-cryptocurrencies will not have a serious future, and people who take everything that happens with meme tokens seriously "do not cause anything but a surprise."

It is worth noting that in early May, 27-year-old programmer Vitalik Buterin became the youngest cryptocurrency billionaire in the world. Buterin's wallet contains more than 333 thousand Ethereum tokens, the price of which has increased 25 times since the beginning of last year.

Buterin was born in Russia but moved to Canada with his parents at an early age.