Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DeFi Hack. Show all posts

OFAC Takes Action Against Accused Providing Material Support To North Korean Hackers

 

The U.S. Treasury Department has recently identified three over-the-counter (OTC) cryptocurrency traders in China and Hong Kong, as well as a China-based banker, who is believed to have assisted North Korea’s Lazarus Group in converting stolen crypto into fiat currency. The Department of Foreign Assets Control (OFAC) took action against the accused for providing material support to the North Korea-based Lazarus hacking group.

North Korea’s Lazarus Group is a notorious hacker group responsible for some of the largest crypto heists in recent years. According to OFAC’s report, the group is linked to illicit financial and cyber activity that supports North Korea’s development of weapons of mass destruction (WMD) and ballistic missile programs.

Under-Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson stated that North Korea’s operations to raise funds for WMD and ballistic missile programs directly threaten world security and cited three intercontinental ballistic missiles launched by North Korea this year as evidence of the same.

Chainalysis, a blockchain analysis firm, estimates that North Korean hackers such as the Lazarus Group have stolen an estimated $1.7 billion in cryptocurrencies in 2022 alone through numerous breaches traced to them. Moreover, they were one of the major forces behind the DeFi hacking trend, stealing $1.1 billion in DeFi protocol attacks. 

The accused individuals were allegedly involved in obtaining cryptocurrencies from North Korean citizens who were fraudulently undertaking IT services in other countries and then directing OTC traders to transfer funds to front firms for purchasing items such as tobacco and communication equipment. 

The actions taken by OFAC against those who provided material support to the North Korean hackers serve as a warning that cyber security vulnerabilities must be addressed at all times and malicious actors will be held accountable for their actions. 

Hackers Target Inverse Finance in a Flash Loan Oracle Attack

 

Inverse Finance, a decentralized autonomous organization (DAO) has suffered a flash loan assault, where hackers stole $1.26 million in Tether (USDT) and Wrapped Bitcoin (WBTC). This comes just two months after the Defi exchange witnessed an exploit where the hackers siphoned $15.6 million in a price oracle manipulation exploit. 

"Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said. 

Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol that facilitates the borrowing and lending of cryptos. The latest exploit worked by employing a flash loan attack where hackers take a flash loan from a Defi platform. Subsequently, they pay it back in the same transaction, causing the price of the crypto asset to surge and then quickly withdraw their investments. 

Upon discovering the attack, the defi protocol temporarily paused borrowing and took down DOLA stablecoin from the money market saying that it is investigating the incident, while no user funds were at risk. 

It later confirmed that only the hacker’s deposited collateral was impacted in the incident. In a tweet, the company requested the attackers to return the funds in return for a “generous bounty”. 

The hacker in total secured 99,976 USDT and 53.2 WBTC from the attacks. As soon as the hack was successful, the attackers routed the funds via Tornado Cash, a cryptocurrency mixing or tumbling protocol designed to obscure where funds came from. Coincidentally, the service is popular for money laundering.

It should be noted that the significant rise in Defi which facilitates crypto-denominated lending outside traditional banking, has been a major factor in the increase in stolen funds and frauds. Threat actors have targeted DeFis the most, in yet another warning for those dabbling in this emerging segment of the crypto industry.

“DeFi is one of the most exciting areas of the wider cryptocurrency ecosystem, presenting huge opportunities to entrepreneurs and cryptocurrency users alike,” as per a report by Chainalysis. 

Last year, more stolen funds flowed to DeFi platforms (51 percent) and centralized exchanges received less than 15 percent of the total stolen funds, Chainalysis wrote in its annual Crypto Crime report. “This is likely due to exchanges’ embrace of AML and KYC processes, which threaten the anonymity of cybercriminals,” the report added.

Cybercriminal Steals $13 Million In DEUS Finance Exploit

 

The decentralized derivatives protocol based on Fantom, DEUS Finance suffered a flash loan attack on Thursday, with the attacker making off with about $13.4 million. 

According to on-chain data, the anonymous hacker carried out the assault using a flash loan at around 2:40 AM UTC. Flash loan assaults involve attackers borrowing funds with a requirement that the borrowed sum be returned in the same transaction. These are made possible with smart contracts. While flash loans are meant for arbitrage trading and enhancing capital efficiency, attackers have abused them to manipulate DeFi price data feeds — known as oracles — and carry out attacks. 

The Deus hacker took a flash loan to manipulate the price oracle within one of its liquidity pools on Fantom, involving a token called DEI paired against the USDC stablecoin, security analysts at PeckShield explained in a post. The flash-loan assisted manipulation surged DEI's price and the inflated value was then used as collateral to borrow additional capital, within the same flash loan transaction.

This additional borrowed capital was sold for USDC stablecoin, after which the hacker repaid the flash loan — netting about $13.4 million. The perpetrator then transferred the exploited funds from Fantom to Ethereum, where they routed them via Tornado Cash, a mixing protocol used to obfuscate Ethereum transactions. This wasn't the first security incident for Deus Finance. 

Last month, the protocol lost $3 million to a flash loan exploit. The community was disappointed that the protocol had been hacked again in the same way. While the community waits for an official reaction, calls have been made to Circle to freeze the $USDC implicated in the incident. Flash loan attacks have become one of the most popular ways hackers target DeFi platforms. 

Earlier this month, hackers stole $11.2 million worth of Binance Coin from the DeFi platform Elephant Money. Cream Finance was hit with three different flash loan attacks in 2021, costing the DeFi platform $130 million in October, $37 million in February, and another $29 million in August. 

Last year, hackers stole at least $2.2 billion from DeFi protocols, Blockchain analysis firm Chainalysis said. Earlier this year in March, the Ronin Network announced that hackers stole more than $500 million worth of cryptocurrency, making it one of the largest attacks ever.

pNetwork Suffered Loss In Bitcoins Worth $12 Million

 

While Hackers allegedly violated the protocol and seized $12.7 million in Bitcoin, pNetwork thus became the newest victim of the DeFi hack. Whilst suffering a loss of $12 million in bitcoins, the company claims it will reward the hacker with a bug bounty of $1.5 million if the funds are recovered. 

On the 19th of September 2021, at 5:20 pm UTC, a hacker conducted a multi pTokens attack on the pNetwork system. The pBTC-on-BSC cross-chain bridge, used by the bridge and 277BTC taken from the pBTC-on-BSC collateral, was the one successful. However, the suspicious activity was detected and the technical team intervened.

In the most recent security incident involving a decentralized funding system, the cross-chain project pNetwork stated on Sunday that the organization has indeed been hacked and has suffered losses worth 277 pBTC, a kind of packaged bitcoin, with a loss of more than $12 million. 

In a series of tweets announcing the incident, pNetwork said, "We're sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral). The other bridges were not affected. All other funds in the pNetwork are safe." 

"The bridges will run with extra security measures in place for the first few days," pNetwork said in a follow-up post. "This means slower transactions processing in exchange for higher security." 

For transactions that function on smart contracts on the Platform, the pBTK tokens are an equivalent value of bitcoin. pNetwork allows many blockchains, which include Binance Smart Chain, Ethereum, Eos, Polygones, Telos, xDAI, and Ultra. 

The company then corrected the error, suggested a remedy, and expected "everybody to review it. pNetwork has confirmed that all other network bridges have not been impacted and also that the leftover funds are protected. furthermore, the broken bridges will soon be back in service. The company also had a message to the "black hat hacker" with a "clean" 1 million dollars bounty if all money were returned. 

Although pNetwork recognizes that possibility of such an instance is little, this is no precedence. As previously reported, Poly Network likewise utilized other digital assets for almost $600 million. But Mr. White Hat finally refunded the cash and even dismissed the provided bond, since the project named the culprit. 

The company stated that “We are adding additional security measures on the bridges as we reactivate them (more on this in the risk management section). Currently, we are also doing some extra checks on the transactions before they are broadcasted — this is not necessary, but something we are temporarily doing to be on the safe side and extra cautious.” 

It should be noted that the network's indigenous cryptocurrency – PNT – has dropped by 20% within 24-hour and is presently below $1.

THORChain Suffers $7.6 Million Loss in Latest DeFi Exploit

 

Popular cross-chain liquidity exchange THORChain got compromised in a new DeFi hack where $7.6 million were stolen, suffering a second security breach in less than a month. 

THORChain announced the security breach on Twitter and initially estimated the loss at about 13,000 ETH (around $25 million). Later, however, this was revised on Twitter, with the project claiming, “At this stage, the estimate is around ~4000 ETH worth of assets (ETH/ERC20) was taken, not 13k ETH. More detailed assessment and recovery steps will be announced soon. The users who suffered (LPs) will be made whole in the coming weeks.” 

According to the project team, attackers exploited the vulnerability in the Bifrost protocol which allowed them to redirect ETH tokens to their own accounts. Bifrost is a multi-chain DeFi protocol that enables multichain connectivity by building a bridge between blockchains. Bifrost ETH was recently updated for better composability.

In the THORChain community Telegram channel, administrators have suggested the project has the funds needed to cover users’ stolen assets but articulated a preference for the hacker to return the stolen funds in exchange for a bug bounty. 

“While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery,” a Telegram post stated, adding that user funds “will be available when the issue has been patched & the network resumes.”

As a precautionary measure, THORChain paused its network, with the team assuring users that only liquidity providers were affected. THORChain has since tweeted that its preliminary roadmap to recovery is underway, announcing that after the flaw is patched and the network is restarted, Ether will be donated to liquidity provider pools to reimburse impacted users. Thereon, the team plans to engage security firms to have its contracts audited. 

Today’s attack is not the first time THORChain has been targeted by hackers, during its Chaosnet deployment, it had lost around $140,000 worth of assets over the previous month. At the time, the project had claimed it was “very mature and resilient.”