Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DeFi. Show all posts

Hyperscaling and On-Chain Confidentiality: The Cornerstones of Web3’s Future

 

The future of Web3 is being significantly shaped by two critical advancements: hyperscaling and on-chain confidentiality. As blockchain technology continues to evolve, these innovations are poised to address some of the fundamental challenges faced by decentralized systems, paving the way for broader adoption and more robust applications. 

Hyperscaling refers to the capability of blockchain systems to handle a massive number of transactions efficiently and seamlessly. This is crucial for the practicality and usability of decentralized applications (dApps). Without effective hyperscaling, blockchains can become congested, leading to slow transaction speeds and high fees, which are major deterrents for users and developers alike. By improving the scalability of blockchain networks, hyperscaling ensures that dApps can support extensive user bases and complex functionalities, making them more viable for mainstream use. 

On-chain confidentiality, on the other hand, addresses the critical issue of privacy within blockchain transactions. While blockchain technology is inherently transparent, this transparency can be a double-edged sword when it comes to sensitive data. On-chain confidentiality allows transactions to occur in a manner that ensures privacy, protecting sensitive information while maintaining the integrity and security of the blockchain. This is particularly important for sectors such as finance, healthcare, and personal identity management, where the protection of confidential data is paramount. 

The integration of hyperscaling and on-chain confidentiality is not just about overcoming technical hurdles; it’s about transforming the user experience and broadening the scope of what can be achieved with blockchain technology. For instance, in decentralized finance (DeFi), hyperscaling can enable platforms to handle more users and transactions without compromising performance. At the same time, on-chain confidentiality can ensure that users’ financial data remains private and secure, fostering greater trust and adoption. Moreover, these advancements open the door to new and innovative use cases. 

In the gaming industry, for example, hyperscaling can support complex in-game economies and interactions among millions of players. On-chain confidentiality can protect players’ personal data and transaction histories, enhancing the overall gaming experience. Similarly, in supply chain management, these technologies can ensure that data is both scalable and secure, allowing for efficient and transparent tracking of goods without compromising sensitive information. The ongoing development and implementation of hyperscaling and on-chain confidentiality reflect a broader trend towards making blockchain technology more user-friendly and adaptable. These innovations are set to play a crucial role in the next phase of Web3’s evolution, driving greater adoption and enabling more sophisticated applications. 

The future of Web3 looks incredibly promising with the advent of hyperscaling and on-chain confidentiality. These advancements are essential for addressing current limitations and expanding the potential of blockchain technology. By enhancing scalability and ensuring privacy, hyperscaling and on-chain confidentiality will be the cornerstones of Web3’s next evolutionary step, driving innovation, trust, and widespread adoption in the decentralized landscape.

Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023


For another year, crypto-stealing cases made headlines. However, as per crypto security firms, this was the first time since 2020, that the trend has been declining. 

Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database. 

The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.

DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”

In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.

Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.

Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.

In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.

It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.  

Hackers Steal Assets Worth $484,000 in Ledger Security Breach


Threat actors responsible for attacking Ledger’s connector library have stolen assets valued at approximately $484,000. This information was given by the blockchain analysis platform Lookonchain. Ledger has said that the security breach might have a large effect, possibly totalling hundreds of thousands of dollars, even if they are yet to confirm the actual valuation. 

Direct Impact of the Hack

According to a report by Cryptopolitan, the breach happened when malicious code was added to Ledger's Github repository for Connect Kit, an essential component that is required by several DeFi protocols in order to communicate with hardware wallets for cryptocurrencies. Every application that used the Connect Kit had issues with its front end due to the malicious code. Notable protocols affected by this security flaw were Sushi, Lido, Metamask, and Coinbase.

In regards to the incident, Ledger informed that one of its employees had fallen victim to a phishing attack, resulting in the unauthorized leak of a compromised version of the Ledger Connect Kit. The leaked code revealed the name and email address of the former employees. It is important to note that the developer was first believed to be behind the exploit by the cryptocurrency community. Ledger subsequently stated, nevertheless, that the incident was the consequence of a former employee falling for a phishing scheme.

Ledger, after acknowledging the incident, identified and removed the exploited version of the software. However, despite the swift response, the damage was already done, since the software was left vulnerable for at least two hours, in the course of which the threat actors had already drained the funds. 

The company acted promptly, identifying and removing the harmful version of the software. However, despite Ledger’s quick response, the damage had already been done in approximately two hours, during which the hackers drained funds.

Broader Implications for the DeFi Community

This incident has raised major concerns regarding the security infrastructure of decentralized applications. DeFi protocols frequently rely on code from multiple software providers, including Ledger, which leaves them vulnerable to multiple potential points of failure.

This incident has further highlighted the significance of boosting security protocols across the DeFi ecosystem.

The victims who were directly affected by the attack included users of services such as revoke.cash. Also, the service normally used in withdrawing permissions from DeFi protocols following security breaches was compromised. Users who were trying to protect their assets were unintentionally sent to a fraudulent token drainer, which increased the extent of the theft.  

DeFi Concerns Rise as Balancer's Web Front End Battles Ongoing Attack

 


The Peckshield team said that a frontend compromise of the DeFi protocol by Balancer led to the theft of roughly $240,000 in digital assets. This could indicate that the balancer was involved in the hacking of digital assets.

A Balancer spokesperson announced earlier today that the company's front end is currently being attacked and advised users not to interact with the interface until further notice as a precaution. There have been tweets from Balancer that suggest the Balancer URL – or the web address for the Balancer service -- has been victimized by a redirect attack, and users are being sent to a malicious website rather than the Balancer site that they are expected to find. 

By exploiting the trust users place in a website, cybercriminals can launch redirect attacks by inserting malicious code in a website's code or in an email sent by a phishing website to redirect users to a malicious web page. 

According to blockchain security firm Certik, hacks, exploits, and scams have cost over $1 billion in losses across the crypto sector as of early September this year, due to hacks, exploits, and scams across the market. Traders trading cryptocurrencies lost a total of $303 million in June alone, the worst month of the year for losses related to cryptocurrency hacks. 

A crypto sleuth on the chain called ZachXBT verified the amount that was stolen, sharing an image with the address of the unknown attacker. There have been several transactions associated with this address in the past ten hours, which have been classified as scams by ZachXBT. 

Additionally, the wallet's balance currently contains $152,000 in assets, which has been deemed a scam by ZachXBT. Balancer, however, maintains that it is unaffected by the compromise of its smart contract, as it is independent of it. 

During these times, it should be noted that the attack comes less than a month after the DeFi project lost almost $1 million worth of assets after a breach of their V2 pools compromised their assets. To prevent further attacks on the project, it advised the users to withdraw their funds from the affected pools as soon as possible. 

An internet sleuth identified by ZachXBT recently discovered an address associated with an account that may have been compromised may have exposed over $200,000 in digital assets. The wallet currently possesses a balance of just over $100,000, according to Nansen.ai data, with most of the assets being STEETH and DAI, according to the data. 

By data shown on the blockchain, it appears that the person who holds the wallet has transferred some of the proceeds to the Aave network. The balancer is currently the fourth-largest decentralized exchange in terms of total value locked, according to DefiLlama data, with a total value locked worth about $700 million, making it the fourth-largest.  

MistTrack, based on the "relevant intelligence" it has collected, said that the attacker may have links with Russia and that it is investigating the possibility. However, it did not elaborate. In a security advisory released by Balancer about a separate vulnerability in the protocol's pools, which could potentially be exploited by attackers, the company urged the public to withdraw their assets from the protocol. This makes it the fourth-largest decentralized exchange by market cap, according to DefiLlama data, with a total value locked of roughly $700 million.

DeFi Clients Lost $228 Million to Hackers in Past 3 Months


In the recent past, there has been a dramatic rise in the number of cyber incidents, where cyber threat actors have tried to exploit many cryptocurrency projects. It is interesting to note that hackers have significantly targeted DeFi, according to the latest report by the leading bug bounty program – Immunefi.

According to this report, the total hacks across blockchains have increased up to 63%, during the second quarter of 2023 when compared to the activities recorded from the same period last year. While the overall losses went as low as 60%, ImmuneFi notes that the number of hacks has only grown by 65%, with the losses shooting up by 225%.  

According to Immunefi's analysis of the attacks that were launched against DeFi platforms, they lost an overall sum of around $228 million in the second quarter across 79 separate cyber incidents. In comparison, over the course of two instances, centralized platforms lost $37 million. 

The firm’s analysis further concluded that most of the losses in cryptocurrency were a result of two specific incidents – the Atomic Wallet Hack of June 3 and the exit scam by the Fintoch platform, which is no longer in use. 

Atomic Wallet Hack 

The self-custodial wallet – Atomic Wallet – lost a whopping $100 million in crypto allegedly to the North Korea-linked hackers, Lazarus Group. According to the Atomic Wallet team, the threat organization affected “less than 0.1” of its customers, however, they did not make it clear if Lazarus was actually behind the attacks.

Fontoch 

After promising users a 1% daily interest on their investments, FinToch disappeared, losing almost $32 million in user funds in May. The scam, better known by the name ‘rugpull,’ was first discovered by Twitter blockchain sleuth ZackXBT. 

In addition, Immunefi also found that some chains were targeted more than others. The firm found that assaults on Ethereum and BNB Chain accounted for 77% of all losses in the most recent quarter, with Arbitrum coming in second at 12%. Given that Arbitrum had absolutely no issues during the same time period last year, they claimed that attacks on it were noteworthy. However, both Arbitrum and Binance spokespeople denied to comment on the matter.  

FinTech Sector Emerges as a Prominent Target for Cybercriminals


Like every other sector that has evolved, thanks to the innovative digital transformation it has adopted, cybercrime has become a significant challenge in the finances of organizations. As per research by VMware’s Modern Bank Heist, there has been an increase of a whopping 238% in cyberattacks on companies’ financial sectors since the wake of the COVID-19 pandemic. 

A series of cyberattacks witnessed recently on the DeFi platform illustrates how fintech companies have emerged as a prominent target and a big prize to cyber criminals. Particularly when it comes to fintech apps, there is often a huge possibility for profit. Attackers can also do greater damage by going after tech users, who may have adopted comparatively less stringent cybersecurity measures. One malicious software can deprive fintech consumers of their assets and ruin the reputation of the financial organization. 

Considering the seriousness of the constantly evolving threat, fintech companies are now required to reconsider their approach including their identity and access control strategies, in order to ensure sure that their platforms are equally trusted by consumers and businesses. It is crucial to implement the right controls to maintain an organization's security posture as this industry continues to transition to the cloud, but doing so presents a unique set of problems. 

Why Are FinTech Applications Hard to Secure? 

While cloud development has emerged as a breakthrough, garnering the opportunity for new apps to be made possible and existing apps to operate more smoothly than before, it has also rapidly increased the number of potential attack surfaces and created additional opportunities for configuration errors, human mistake, and identity management problems. 

Any form of change makes a company vulnerable at the cloud scale, whether it is upgrading an outdated program to a new and better cloud-based architecture or enhancing current capabilities. Due to the fact that an infrastructure's attack surface now expands and is dynamic in the cloud, this can further increase the explosion radius of a single attack. 

Fintech applications must also adhere to strict regularity standards that differ from country to country and frequently incur heavy fines for noncompliance. 

Since operating in the financial sector requires a greater standard of accountability towards clients and the entire sector, which can be a challenging task, organizations must assure visibility, dependability, and proper configuration as a result of fintech. 

Fintech companies need to maintain a tight grasp on security and privacy from the very beginning of growth, especially as third-party services continue to expand, in order to remain competitive in this extremely crowded market. 

How can FinTech Sector be Secured? 

Since fintech organizations are more dependent on vendors and other partners like manufacturers, suppliers, and subcontractors and an increasingly complex supply chain. This further could be a reason for the system being exposed to potential attackers. 

Companies frequently lack visibility into their third- and fourth-party partners, and consequently, the large amount of data that is available to them. Interoperability is crucial in today's software-centric world, but it frequently makes firms even more vulnerable to attackers. 

Fintech developers are thus advised to continuously be vigilant for potential problems with the software supply chain and the security risks that third-party services may pose to their companies. 

We are listing more measures that could be adopted by fintech organizations to safeguard themselves from potential cyber-attacks that could hinder their security: 

  • Companies must be aware of the entities that have access to their data and applications, along with their location and what they do with it. It will be crucial to integrate identity and access management (IAM) systems as dangers inside fintech continue to develop significantly.
  • An organization must have the appropriate technology and tactics in place to safeguard and comply with industry regulations as well as to consistently protect its sensitive data, especially in the cloud. IAM systems, for instance, offer businesses protection without impeding progress or burdening their teams with the extra workload. 
Unfortunately, the security risks offered by financially motivated cybercriminals will only get more advanced over time. The fintech sector must adopt a proactive security posture and a strong identity and access management strategy that can handle the complexity and scope of today's cloud security concerns in order to meet the pressure to protect sensitive client data.   

$3.7B Stolen in Crypto Hacks Targeting DeFi in 2022

 


It has been revealed by TRM Labs that a record $3.7 billion worth of crypto funds have been stolen the past year. Of this, 80% have been traced back to attacks against DeFi, as per the research report published by the company. The ten mega hacks identified in the analysis represent 75% of the total amount of funds stolen over the past few years.

A Hacker Stole $3 Billion in Crypto Funds from DeFi

In the findings of a recent study by TRM Labs, it was found that 3.7 billion dollars worth of crypto funds were fraudulently obtained by cybercriminals in 2022. According to the analysis, 80% of the stolen amount, or $3 billion, was obtained through decentralized finance (DeFi) attacks, which constitute a large amount of the stolen amount.

The ten "mega hacks" in the last year refer to exploits of more than $100 million. A total of $3.7 billion was stolen throughout 2022 — nearly 75% of that amount being attributed to these mega hacks. 

More than $540 million was stolen from Ronin Bridge, an Ethereum sidechain developed for the play-to-earn game Axie Infinity, during the Lazarus Group's attack on Ronin Bridge, the largest hack of the year. In the world of cybercrime, the Lazarus Group is a known organization believed to be controlled by North Korea's government. 

Response of Regulators

With profound concern, regulators have been forced to act fiercely in the last couple of months to protect crypto consumers. This is due to the unprecedented rise in attacks on Defi. To illustrate, after the Ronin exploit was uncovered, the U.S. Treasury Department's Foreign Asset Control took action, identifying and tracking the stolen funds using blockchain intelligence. In addition to sanctions on the wallet addresses to which the funds were transferred, OFAC also sanctioned crypto mixers, such as blender.io and Tornado Cash. Hackers used these mixers to launder money and transfer it to these wallet addresses. 

The crypto ecosystem is also targeted by a large army of cyber criminals, with other global regulators adopting specific measures to fight this threat. There have been several proposals by the central bank of Singapore concerning the ban on debt-financed and leveraged crypto trading, including trades made with credit cards by retail users. There has also been a troubling trend in stablecoins, particularly after the colossal collapse of the algorithmic stablecoins TerraUSD and LUNA. These coins have been the focus of global regulators in recent months. Many crypto projects, such as Celsius Network and Voyager Digital, suffered a knock-on effect following the collapse of the market in recent months.   

In November, when the crypto exchange FTX fell to its knees, it was possibly the most significant collapse of the year. Over $8 billion of its users' money got missing from this exchange, a sum that is unlikely to ever be recouped. FTX's contagion spread rapidly over the past month, with many experts predicting the devastation will be even more severe shortly.    

DeFiChain: DeFi Boosts with Decentralized Assets

 

Decentralized Finance (DeFi), based on Blockchain and Cryptocurrency, has emerged as a prominent technology. It has grown to become an alternative to the traditional centralized system that relies on financial intermediaries like banks for exchanges or financial transactions. It uses ‘Smart Contracts’ on Blockchain-based technology, allowing users a new way to invest, trade, sell, loan or exchange. 

Limitation of Decentralized Finance (DiFi)

Operating as a small financial system in an emerging global movement, DeFi has become visibly popular in the past few months. Decentralized Finance, via Blockchain, has led to an increase in financial security and transparency for users. From lending and borrowing platforms to stablecoins and tokenized BTC, the DeFi ecosystem has been able to launch a network of integrated protocols and financial instruments, that are now worth over $13 billion of value locked in Ethereum Smart Contracts. 

However, along with its advantages, there are some limitations of Decentralized Finance. DeFi being a decentralized system does not allow centralized assets to interact, such as stock options, commodities, and indices. 

What is DefiChain?

DeFiChain comes as a rescue for Decentralized Finance. DeFiChain is a Blockchain system specifically dedicated to Decentralized financial applications by introducing decentralized assets, it bridges the gap with the centralized assets without compromising their DeFi platform with centralism. 

A decentralized asset, also termed as dAsset or dToken, is a token on the DeFiChain blockchain that provides you a price exposure to real-world stocks. For instance, for the stocks, TSLA, APPL, FB, there exist dTSLA, dAPPL, dFB, each of which attempts to mirror the price of the real stock. 

These creations can thus allow the DeFiChain user to buy decentralized assets, so now the user is provided with a method of trading stocks on a decentralized system. DeFiChain has now become a groundbreaking system for investors. While a traditional investor, after buying stocks, will only be able to make money once he has earned profit from the stocks. Once a user buys one of their dToken assets, they will be able to put that into a liquidity mining pool. This will not only enable the investor to make a profit from their dToken when it goes up in value, but also make passive income from their dAssets. 
 
DeFiChain, with the introduction of decentralized assets (dAssets), has changed the game for Decentralized finance. With incredible user benefits, be it the decentralization of assets or making incredible passive income, DeFiChain is emerging as a prominent blockchain ecosystem.

FBI: Hackers use DeFi Bugs to Steal Cryptocurrency

 


Investors are being warned by the FBI that hackers are increasingly using Decentralized Finance (DeFi) platform security flaws to steal cryptocurrency.

According to the PSA, which was posted on the FBI's Internet Crime Complaint Center (IC3) today, nearly 97% of the $1.3 billion in bitcoin that was stolen between January and March 2022 came via DeFi sites. This represents a big increase from 72% in 2021 and roughly 30% in 2020, according to projections by the FBI.

The FBI urges people to be aware of the hazards, seek professional assistance if they are unsure, and research the security and general business practices of DeFi providers. Additionally, we all refer to DeFi providers as exchanges, markets, and other websites where you may buy, sell, trade, and borrow bitcoins and other digital assets.

The FBI's warning is due to a Chainalysis analysis from April that revealed how, per Q1 2022 statistics, DeFi cryptocurrency platforms are currently more targeted than ever.

In the majority of occurrences, the hackers rely on using security flaws in their platform's code or unauthorized access to drain cryptocurrency to addresses under their command.

According to Chainalysis, the threat actors responsible for these attacks used dangerous laundering services, like unlawful exchanges and coin tumblers on the dark web, to re-launder the majority of the stolen funds in 2022.

The FBI's alert provides investors with guidance that begins with basic cautions about performing due diligence before investing and then suggests the following:

Before investing, research DeFi platforms, protocols, and smart contracts and be aware of the dangers associated with DeFi investments.

Verify whether the DeFi investment platform has undergone one or more code audits done by impartial auditors. A code audit normally entails carefully examining and studying the platform's underlying code to find any flaws or vulnerabilities that might impair the platform's functionality.

Be wary of DeFi investment pools with short join windows and quick smart contract rollouts, especially if they don't perform the advised code audit.

Be mindful of the potential risks crowdsourced solutions pose for finding and patching vulnerabilities. Open source code repositories give anyone, even those with malicious intent, unauthorized access.

This year, no DeFi-taken monies have been reimbursed, indicating that attackers are less interested in protecting their stolen assets than they were in 2021 when almost 25% of all cryptocurrency stolen via DeFi platforms was eventually recovered and given to the victims.

The FBI established a link between the Lazarus and BlueNorOff (also known as APT38) North Korean threat organizations and the April attack of Axie Infinity's Ronin network bridge, now the largest crypto hack ever.

The $611 million breach of the decentralized merge protocols and network Poly System in August 2021 was the most significant cryptocurrency theft to date.




MM.Finance, a DeFi platform, Had More Than $2 Million Stolen

 

In a Domain Name System (DNS) attack, hackers decided to retrieve $2 million worth of digital assets, as per MM.Finance. It is a DeFi ecosystem with the largest decentralized exchange on the Cronos blockchain. 

Hackers target the reliability or integrity of a network's DNS service in these attacks. The attacker could "inject a malicious contract address into the frontend code," as per the team behind MM.Finance, which bills itself as the world's largest decentralized finance ecosystem on the Cronos blockchain. "Attacker changed the network contract address in our hosted files via a DNS vulnerability." In a Medium post-mortem, the business claimed, "We understand that some of you have suffered considerable sums and are filled with anxieties and despair." 

After completing swaps or adding and deleting liquidity on the MM.Finance site starting on May 4, users lost money. "The malicious router kicked in and the LPs were withdrawn to the attacker's address when victims navigated to mm. finance to remove liquidity," the company revealed. MM.Finance has offered the attacker 48 hours to refund 90% of the stolen funds, warning that if the deadline is not met, it will notify the FBI. 

The attacker made off with more than $2 million in cryptocurrencies before laundering it all through Tornado Cash, a service that allows users to hide the source of their payments. The company is forming a compensation fund for anyone affected, and the platform's creators have stated that they will forego its part of trading revenue to pay the losses. The reward pool will be open for 45 days, with a procedure in place to reimburse individuals that participate. 

The company said it linked the seized assets to the OKX exchange in follow-up postings on Twitter, threatening to contact the FBI if the funds were not restored. OKX's CEO stated that the company is looking into the matter. According to DeFi Llama data, liquidity is still strong, with $804 million in total worth locked up (TVL).

Hackers in Dprk use Trojanized DeFi Wallet App to Steal Bitcoin

 

North Korean government-linked hackers have now been circulating a trojanized version of a DeFi Wallet for holding bitcoin assets to obtain access to cryptocurrency users' and investors' systems.

Securing economic benefits is one of the primary motives for the Lazarus threat actor, with a focus on the cryptocurrency industry. The Lazarus group's targeting of the financial industry is increasing as the price of cryptocurrencies rises and the appeal of the non-fungible asset (NFT) and decentralized finance (DeFi) enterprises grows.

In this attack, the threat actor used web servers in South Korea to distribute malware and communicate with the implants that had been placed. Kaspersky Lab researchers recently identified a malicious version of the DeFi Wallet software that installed both the legal app and a backdoor disguised as a Google Chrome web browser executable. When the trojanized DeFi application was launched on the machine, it introduced a full-featured backdoor with a compilation date of November 2021. It's unknown how the hackers spread the word, but phishing emails or contacting victims through social media are both possibilities. 

Although it's not clear how the threat actor persuaded the victim to run the Trojanized program (0b9f4612cdfe763b3d8c8a956157474a), it is believed they used a spear-phishing email or social media to contact the victim. The Trojanized application initiates the previously unknown infection technique. This installation package masquerades as DeFi Wallet software, but it actually contains a legal binary that has been packed with the installer. 

The virus installed in this manner, as per the researchers, has "sufficient capabilities to manage" the target host by issuing Windows commands, uninstalling, starting or killing processes, enumerating files and related information, or connecting the computer to a particular IP address. 

The malware operator can also collect relevant data (IP, name, OS, CPU architecture) and the discs (kind, free space available), files from the command and control server (C2), and retrieve a list of files stored in a specified area using additional functionalities. According to Japan CERT, the CookieTime malware group known as LCPDot has been linked to the DPRK operation Dream Job, which enticed victims with phony job offers from well-known firms. 

Google's Threat Analysis Group (TAG) revealed recent activity related to Dream Job earlier this month, finding North Korean threat actors used a loophole for a zero-day, remote code execution bug in Chrome to aim at people working for media, IT companies, cryptocurrency, and fintech companies. "The CookieTime cluster has linkages with the Manuscrypt and ThreatNeedle clusters, which are also attributed to the Lazarus organization," Kaspersky adds. 

The links between the current trojanized DeFiWallet software and other malware attributed to North Korean hackers go beyond the virus code to the C2 scripts, which overlap many functions and variable names. It's worth mentioning that Lazarus is the umbrella name for all state-sponsored North Korean threat operations. Within the DPRK, however, several threat groups are operating under different institutions/departments of the country's intelligence establishment. 

Mandiant analysts prepared an evaluation of the DPRK's cyber program structure using data collected over 16 months from its digital activity tracking for the entire country, OSINT monitoring, defector reporting, and imaging analysis. Targeting bitcoin heists is certainly within the scope of financially motivated units inside the country's Reconnaissance General Bureau's 3rd Bureau (Foreign Intelligence), according to their map (RGB).   

According to Chainalysis, Around $2.2 Billion was Stolen from DeFi Protocols in 2021

 

Chainalysis, a blockchain data platform, has issued a new report on cryptocurrency crime patterns, revealing that $14 billion in cryptocurrency was sent to unlawful addresses in 2021, nearly doubling the level observed in 2020. However, those figures do not tell the entire story. 

The use of cryptocurrencies is increasing quicker than ever before. Total transaction volume across all cryptocurrencies tracked by Chainalysis increased to $15.8 trillion in 2021, up 567% from totals in 2020. It's no surprise that more fraudsters are utilising cryptocurrency, given its rapid adoption. 

According to Chainalysis data, around $2.2 billion was directly stolen from DeFi protocols in 2021. Chainalysis projected that illegitimate addresses presently possess at least $10 billion in cryptocurrency as of 2022, with the majority owned by wallets involved in cryptocurrency theft, darknet markets, and frauds.  

Researchers at Chainalysis discovered that cybercriminals made 82% more money via scamming last year, raking in $7.8 billion in cryptocurrencies from victims. Chainalysis uncovered $2.8 billion from a scam known as "rug pulls" among the $7.8 billion. Developers in these scams construct seemingly genuine cryptocurrency ventures before stealing investor funds and disappearing. 

"We believe rug pulls are common in DeFi for two related reasons. One is the hype around the space. DeFi transaction volume grew 912% in 2021, and the incredible returns on decentralized tokens like Shiba Inu have many excited to speculate on DeFi tokens," Chainalysis said. "At the same time, it's very easy for those with the right technical skills to create new DeFi tokens and get them listed on exchanges, even without a code audit. Many investors could likely have avoided losing funds to rug pulls if they'd stuck to DeFi projects that have undergone a code audit – or if DEXes required code audits before listing tokens." 

Many of the high-profile attacks on DeFi exchanges in the previous year, according to Chainalysis, "may be linked back to errors in the smart contract code governing those protocols, which hackers exploit to steal funds." 

The end-of-year attack on DeFi protocol Grim Finance rounded off a tumultuous year for DeFi hacks. More than $77 million was stolen from AscendEX a week before the attack on Grim Finance. A few days before, the blockchain gaming startup Vulcan Forged said that over $140 million had been stolen from their users. 

Cybercriminals stole over $120 million from the DeFi platform Badger in November. Other 2021 incidents include the theft of about $600 million from Poly in August and $34 million from Cream Finance in September. Around $200 million was taken from the PancakeBunny platform in May.

The Hacker who Stole $16 Million of Indexed Finance, Gets Identified

 

Indexed Finance, decentralized finance (DeFi) technology that enables token holders to monitor market indices, has identified the attacker who stole their $16 million. 

On Thursday, October 14th, the DeFi protocol stated that it had been the victim of a flash loan attack in which the attacker stole $16 million. The attacker reportedly created new tokens valued for millions after overloading the system with fresh assets and causing price fluctuations. 

The Indexed team stated in a post-attack statement that the breach "was a pretty devastating one" and damaged the DEFI5 and CC10 indexes. The address utilized to take the cash, according to the investigation report, was 0xba5ed1488be60ba2facc6b66c6d6f0befba22ebe. 

Indexed Finance urged the attacker to retain 10% of the cash and refund the remainder within hours after the attack. However, once this deadline passed and an ultimatum to refund 100 percent of the stolen monies passed, the team stated that it had established connections that identified the hacker.

The team went on to explain that, while the attack was initially overlooked, investigations revealed that the attacker funded their wallet with accounts at crypto exchanges FTX and Kraken. Both exchanges required users to perform know your customer checks, which Indexed Finance was able to examine to identify the person behind the $16 million crime. 

"In the minutes before the deadline elapsed, @ZetaZeroes made changes to his accounts that have made us realize at the last minute that the attacker is significantly younger than we thought," the protocol wrote. 

Until the hacker's identity has been determined, Indexed Finance has placed a "hold" on disclosing any more information whereas an internal discussion on how best to proceed considering the hacker's age takes place. 

Nevertheless, the NDX coin is still under pressure in the marketplace, having dropped by 7% in the last week due to the attack. Currently, the token was trading at roughly $2.65 per US dollar with a -2.11% drop.