Certik, a security firm, prevented a potentially disastrous million exploit in the Wormhole cross-chain bridge by identifying a critical bug, showcasing the importance of proactive security practices and the benefits of open-source software in enhancing Web3 security standards. Wormhole, a project enabling token and data transfers between blockchain networks like Ethereum and Solana, had […]
Bitcoin News
Fake NFT Project Hack? CTO Vanishes After Allegedly Stealing 94 SOL
A new rug pull alert sounded on Tuesday after crypto detective ZachXBT unveiled on-chain details of an alleged hack suffered by an NFT project last month. The project’s CTO announced that a response was in the works but ultimately vanished as criticism grew.
Nuddies NFT, A Hack Or Rug Pull?
On-chain sleuth ZachXBT revealed the alleged misuse of funds by the CTO of NFT project Nuddies NFT. In a now-deleted post, its CTO Kyle explained that the project was “derugged from its previous founder” and built differently from other NFT projects.
A short investigation into how @kyledegods faked a hack and stole SOL from his project @NuddiesNFT before spending it on NFTs and lying to holders about how devastated he was about the incident.
On March 3, 2024 Kyle made a post in his Discord server claiming his wallets had… pic.twitter.com/4ne6dtVyA5
— ZachXBT (@zachxbt) April 2, 2024
According to the crypto detective, Kyle faked a hack that seemingly stole the project’s funds. On March 3, the alleged culprit posted on the Nuddies NFT Discord server, informing us of the hack.
The post affirmed that Kyle’s Mac was hacked despite “not clicking in any malicious link.” The CTO concluded that a “zombie process” was on his computer for an undetermined period.
This “mini-program” gave control of the computer to “the hacker.” Through the TeamViewer app the attacker gained access to the project and Kyle’s wallets. The post further explained that 90 SOL, approximately ,000 at today’s price, were taken from the Nuddies NFT creator wallet.
Moreover, the hacker allegedly took control of Kyle’s Discord and stole 150 SOL, worth around ,300, from his wallets. At the time, he claimed to be “mentally destroyed” by the loss of the project’s treasury money.
Nonetheless, the on-chain data compiled by ZachXBT tells a different story. Per the crypto detective’s post, the CTO allegedly lied to the holders and stole the 94 SOL, worth ,000, when the incident occurred.
The post reveals that the funds were transferred during that day from the Nuddies Royalty Wallet to an exchange deposit at 8:20 UTC. The on-chain investigator claims that a destination transaction was found using time analysis. The transaction to one of Kyle’s wallets accounted for 3.42 ETH, around ,700, at 8:21 UTC.
The ETH was seemingly used to buy two NFTs: DeGods 2921 and y00t 10991. The DeGod NFT was used as the CTO’s profile picture on X until yesterday.
CTO Answers The Accusations, Then Vanishes
The accusations didn’t go unnoticed by the suspect, who posted on his X account that he was “preparing the answer” with a wink face emoji. After changing his profile picture, Kyle answered some users’ questions about his credibility, to which he replied that his “conscience is clear.”
In the early hours of Wednesday, Nuddies NFT account shared a now-deleted post informing that the creator wallet was “refilled with 12k USD.” In the post, Kyle reassured that his previous claims of intending to refill the wallet were authentic.
The CTO also claimed he was “waiting for his $W airdrop” to fulfill his promise instead of selling his DeAsset. Additionally, he “stepped out” of the project after giving the access keys to two community members.
However, the story doesn’t end there. Kyle and Nuddies NFT’s account were deleted a couple of hours after the post. The Nuddies website seems not to be working, as reported by an X user.
The project’s future is unsure as one of the community members to whom Kyle gave the access keys was unaware of the situation. Juiceddd, an NFT artist, is one of the two people in charge of the project.
The artist explained that he was responsible for redrawing the entire Nuddies collection while adding “70+ new traits.” Moreover, Juiceddd stated that he “woke up this morning to being the owner of everything.” The artist is contemplating giving his perspective on the incident as he considers that it is generally the artist who “gets fucked” in these situations.
$62 Million Munchables Hack: Rogue Developer Returns All Funds, No Ransom Demanded
Web3 gaming app, Munchables, announced on March 27 that an individual who exploited the system agreed to return the stolen funds without a ransom demand. This announcement came just hours after a former developer siphoned off more than 17,400 ethereum coins by gaining access to the Munchables lock contract. Distribution of Blast Rewards Set to […]
Bitcoin News
Prisma Finance Suffers $11.6M Hack in Liquid Staking Shockwave, Moves to Mitigate Fallout
The decentralized finance (defi) entity, Prisma Finance, has fallen prey to a security breach, with onchain detectives revealing that .6 million has been pilfered from its liquid staking protocol. Prisma Finance in Turmoil: .6M Lost to Hackers, Emergency Measures Activated On a recent Thursday, blockchain surveillance and safety squads from Peckshield and Cyvers reported the […]
Bitcoin News
‘Dutch & Razzlekhan’ — A Cinematic Dive Into the Bitfinex Hack
The intricate saga of the Bitfinex heist, involving the disappearance of billion in bitcoin, is being adapted for film. “Dutch & Razzlekhan” aims to vividly depict the bold cryptocurrency theft that impacted the cryptocurrency sector in 2016. From Heist to Hollywood: The Bitfinex Billion Scandal Hits the Big Screen Directed by Jon S. […]
Bitcoin News
Kyberswap Hack: Blockchain Security Firm Reports Movement of 800 ETH From Exploiter’s Address
Blockchain security firm Peckshield revealed on Feb. 26 that an exploiter labeled address associated with the Kyberswap hack had bridged approximately 800 ether tokens from Arbitrum to the Ethereum blockchain. On the same day, the Kyberswap team unveiled revised dates for reimbursing users impacted by the hacking. Kyberswap Hacker Starts Moving Funds Peckshield Alert, a […]
Bitcoin News
Axie Infinity Co-Founder Losses Over $10 Million In Hack, AXS Holds Firm
Two personal crypto wallets belonging to Jeff “Jihoz” Zirlin, the co-founder of Sky Mavis, the company behind the popular play-to-earn (P2E) game Axie Infinity, have been compromised, reports on February 23 show.
Following this hack, over million worth of various crypto assets were stolen, primarily RON, the native token of Ronin Chain, the Ethereum sidechain designed explicitly for Axie Infinity.
Axie Infinity Co-Founder Losses Over Million In Hack
According to Lookonchain data, the hacker got away with 3.2 million RON worth over .53 million. The co-founder also lost over 4,000 worth of Wrapped Ethereum (ETH). There were other small amounts of PIXEL, the native token of Pixels–a gaming platform; SLP, the coin priming Axie Infinity’s metaverse; and USDC, a stablecoin.
Zirlin held around 164 AXS worth less than ,300. The hack has shown an unexpected holding pattern, especially among project founders. That the co-founder only held 164 AXS is strange, considering the role played in Axie Infinity. The P2E game has distributed billions of assets since its popularity peaked in the last bull cycle.
Stolen assets, Lookonchain data reveals, were reportedly converted to ETH and deposited into Tornado Cash, a crypto mixer whose co-founders have an ongoing court case in the United States.
In charges brought forward in August 2023, the prosecution team alleges that North Korean hackers used Tornado Cash to launder millions, if not billions, of dollars worth of stolen coins. Some of these tokens were from the Ronin hack, which lost over 0 million in March 2022.
Dedicated To Mission; RON And AXS Post Minor Losses
Zirlin confirmed the hack on X on February 23, emphasizing that it was “limited to my accounts.” The hack did not affect the Ronin chain or Sky Mavis operations. The co-founder also added that the compromised private keys were not connected to the company’s internal systems.
Zirlin said they have “strict security measures in place for all chain-related activities to assuage fears.” The co-founder also remains upbeat, assuring concerned crypto community members that the project will continue pursuing its mission of bringing “economic freedom” to all users.
So far, AXS and RON prices remain stable but lower, looking at the performance in the daily chart. AXS and RON have been edging lower since February 21, cooling off after sharp gains from early Q4 2023.
Coinbase Suspends PlayDapp Trading After Hack, PLA Price Reacts
Coinbase has temporarily suspended the gaming platform PlayDapp’s token trading and transfer activities after the recent hack that resulted in the theft of 200 million PLA tokens. Recent updates from the Web3 platform have shared some insight into the investigation process.
Suspension Of Trading Activity On Coinbase
On Thursday, the news of the hack was first informed by the security platform Cyvers Alerts on X (formerly Twitter). PlayDapp’s team later confirmed the security breach and immediately contacted partnered exchanges to take measures to protect the holder’s assets.
The gaming platform contacted major centralized exchanges (CEXs) to request deposit and withdrawal suspensions due to the hacking incident and promptly reported to the authorities about the case.
On Monday, the team shared an urgent notice post detailing the state of the investigation and the temporary measures it would take to minimize the hack’s impact on PLA holders.
Following this request, Coinbase announced the suspension of PLA’s trading and transfers across their website, Coinbase Prime, Advanced Trade, and Coinbase Exchange. The exchange expressed its intention to continue monitoring the developments from PlayDapp before giving new updates to customers.
We will continue to monitor developments related to PLA from the issuer and update our customers as more information becomes available.
Learn more: https://t.co/PoDxz71eAp
— Coinbase Assets (@CoinbaseAssets) February 14, 2024
In the notice post, the team informed of its current collaboration with exchanges, blockchain intelligence, security firms, and law enforcement agencies to investigate and resolve the issue further. It has now extended its petition to temporarily pause all liquidity and pool activities related to PLA to decentralized exchanges (DEXs).
According to the circular, decentralized exchanges (DEXs) have hindered the hacker’s attempts at dispersing the stolen tokens.
Migration Process And Price Reaction
PlayDapp tried to negotiate with the hacker to retrieve the stolen funds. However, the attempts failed as the hacker “showed no willingness to help recover holders’ losses,” which resulted in an additional attack that led to the issuance of an additional 1.59 billion PLA tokens.
Subsequently, the team continues investigating the hacker’s intrusion methods to prevent further attacks, and they’re currently tracking the minted and swapped tokens by the hacker. Due to this, PLA Holder’s assistance has been requested, asking users for “the halt of transactions because we will conduct a migration based on the snapshot shortly.”
The platform has been discussing with exchanges to assess the best migration solution. The most recent update further details the attack’s damages and the coming migration process:
We are estimating the scale of damage for the initially minted 200 million tokens, while it’s confirmed that there is minimal damage from the secondary minting of 1.59 billion tokens. Currently, the transactions associated with the hacker are being tracked by security firms, so most of the invalidly minted tokens will be filtered out during the migration process.
Loss of ownership over the token smart contract opens the possibility for further attacks on PLA tokens.
As the update explains, PDA is an upgraded version of the new token. It introduces multi-signature implementation, snapshot, pause, and burn authority separation for management while removing minting authority for stability.
PDA will also introduce a DAO voting system, and it can only be swapped at a 1:1 ratio using wallets not associated with the hacker.
PlayDapp will coordinate with CEXes to reimburse PDA to PLA-holding users during the migration. Affected users will be reimbursed using the “current user balance holdings as per the snapshot timing” and receive the full token holdings at a 1:1 ratio. The team will announce the snapshot time in a future update.
According to CoinMarketCap data, the PLA price dropped from .1823 to .1498 after the attack. Since then, the token price has hovered around .14-.16.
The price dropped to .1383 after the Coinbase announcement, a 13.35% drop in the last seven days. PLA’s daily trading volume at writing time is ,786,268, representing a 23.4% decrease in the previous 24 hours.
However, after the most recent migration plan update, PLA’s price surged 1.2% in the last hour and 3.7% in the previous 24 hours, as the token trades at .1524, perhaps signaling a change in holder sentiment after the recent development.
Gary Gensler Tells Lawmakers SEC Takes Cybersecurity ‘Seriously’ After X Account Hack
U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler has assured lawmakers that the securities regulator “takes its cybersecurity obligations seriously.” Lawmakers raised concerns following the hacking of the SEC’s account on social media platform X, where a post falsely announced the approval of spot bitcoin exchange-traded funds (ETFs). Gensler: SEC Takes Cybersecurity Obligations Seriously […]
Bitcoin News
Hacken Links Ripple Chairman Hack to XRP Official Wallet
Following an investigation into the hack of Ripple co-founder Chris Larsen’s personal wallets, Hacken has discovered links to XRP’s authorized wallets. Hacken Investigation Traces Chris Larsen’s Stolen XRP Back to Official Wallets Blockchain security firm Hacken has disclosed connections between the recent 2.5 million hack of Ripple co-founder and chairman Chris Larsen’s personal wallets and […]
Bitcoin News