U.S. spot bitcoin exchange-traded funds (ETFs) experienced their third consecutive day of outflows on Monday, losing over 5 million. Fidelity’s FBTC continued to lead the outflows with million exiting the fund on June 17. Fidelity’s FBTC and Ark Invest’s ARKB Among Biggest Losers During Monday’s Outflow According to sosovalue.xyz metrics, U.S.-based spot bitcoin ETFs […]
Bitcoin News
Crypto Wallets Drained Off $600K Due To Ignored Phishing Attack
On January 23, Wallet Connect and other web3 companies informed their users about a phishing scam using official web3 companies’ email addresses to steal funds from thousands of crypto wallets.
A Massive Phishing Campaign
Wallet Connect took X to notify its community about an authorized email sent from a Wallet Connect-linked email address. This email prompted the receivers to open a link to claim an airdrop, however, the link led to a malicious site and, as Wallet Connect confirmed, it was not issued directly by the team or anyone affiliated. Wallet Connect contacted web3 security and privacy firm Blockaid to investigate the phishing scam further.
We've detected a sophisticated phishing attack impersonating @WalletConnect via a fake email linking to a malicious dapp.
Blockaid enabled wallets are safe.https://t.co/quz9olGrpZ pic.twitter.com/TYS0BjIk2J
— Blockaid (@blockaid_) January 23, 2024
In the following hours, crypto sleuth posted a community alert to inform unaware users that CoinTelegraph, Token Terminal, and De.Fi team emails were also compromised, signaling that a massive and more sophisticated phishing campaign was happening. At the time of the post, around 0K had been stolen.
After investigating, Blockaid later revealed that the attacker “was able to leverage a vulnerability in email service provider MailerLite to impersonate web3 companies.”
Email phishing scams are common among cyber scammers, making users wary of most suspicious links or emails. At the same time, companies and entities advise against opening links that do not come from their official channels. In this case, the attacker was able to trick a vast number of users from these companies as the malicious links came from their official email addresses.
The compromise allowed the attacker to send convincing emails with malicious links attached that led to wallet drainer websites. Specifically, the links led to several malicious dApps that utilize the Angel Drainer Group infrastructure.
The attackers, as Bloackaid explained, took advantage of the data previously provided to Mailer Lite, as it had been given access by these companies to send emails on behalf of these sites’ domains before, specifically using pre-existing DNS records, as detailed in the thread:
Specifically, they used “dangling dns” records which were created and associated with Mailer Lite (previously used by these companies). After closing their accounts these DNS records remain active, giving attackers the opportunity to claim and impersonate these accounts. pic.twitter.com/cbTpc5MXu1
— Blockaid (@blockaid_) January 23, 2024
MailerLite Explains Security Breach
The explanation later came Via an email, where MailerLite explained that the investigation showed that a member of their customer support team inadvertently became the initial point of the compromise. As the email explains:
The team member, responding to a customer inquiry via our support portal, clicked on an image that was deceptively linked to a fraudulent Google sign-in page. Mistakenly entering their credentials there, the perpetrator(s) gained access to their account. The intrusion was inadvertently authenticated by the team member through a mobile phone confirmation, believing it to be a legitimate access attempt. This breach enabled the perpetrators) to penetrate our internal admin panel.
MailerLite further adds that the attacker reset the password for a specific user on the admin panel to consolidate the unauthorized control further. This control gave them access to 117 accounts, of which they only focused on cryptocurrency-related accounts for the phishing campaign attack.
An anonymous Reddit user posted an analysis of the situation and gave a closer look at the attacker’s transactions. The user revealed:
One victim wallet appears to have lost 2.64M worth of XB Tokens. I’m showing about 2.7M sitting in the phishing wallet of 0xe7D13137923142A0424771E1778865b88752B3c7, while 518.75K went to 0xef3d9A1a4Bf6E042F5aaebe620B5cF327ea05d4D.
The user stated that most stolen funds were in the first phishing address. At the same time, approximately 0,000 worth of ETH were sent to privacy protocol Railgun, and he believes that they will soon be moved through another mixer or exchange.
Gamma Heist — Over $3M in Digital Assets Drained, 1,000 ETH Moved to Tornado Cash
On Jan. 4, the decentralized finance protocol Gamma Strategies was a victim of a hacking attack which saw criminals make off with digital assets worth over million. To pre-empt further attacks, Gamma Strategies said it has shut off all deposits on any of its “public-facing vaults.”
Hacker Transfers 1,000 Ethereum to Crypto Tumbler Tornado Cash
On Jan. 4, 2023, the decentralized finance (defi) protocol Gamma announced its platform had been breached in a cyber attack, resulting in the theft of digital assets valued at several million dollars. In response to thwart additional security breaches, Gamma reported it has ceased all deposits into its “public-facing vaults.”
According to a series of alerts issued by the blockchain security company Peckshield, the exploiter-labeled address has been transferring or swapping digital assets from the hack. For instance, the security firm said it detected that the exploiter address “bridged and transferred 800.5 $ETH (worth ~.8M).” Before this, the exploiter address had moved 1,000 ETH to the decentralized cryptocurrency tumbler Tornado Cash.
Our vaults have 4 main sources of deposit protection against flashloans:
1.) Mandating a ratio of token0 and token1 in accordance with the ratio in the pool
2.) Setting a price change threshold, such that deposits will be disallowed when price change exceeds a certain amount
3.)…— Gamma (@GammaStrategies) January 4, 2024
In a post on X, the Gamma team insisted that the steps taken so far, including shutting down deposits, effectively nullify further attacks. The team nevertheless suggested that the set price change threshold might be the reason why the protocol became a victim of the attack.
“The main issue is with the settings we placed on (2) the price change threshold. It was placed too high allowing for up to 50-200% price change on certain LST and stablecoin vaults. This allowed the attacker to manipulate the price up to the price change threshold and mint a disproportionately high number of LP tokens.,” the Gamma team said.
To prevent hackers from carrying out a similar attack, Gamma said it is setting all price change thresholds to “a safe threshold level.” Additionally, third parties will now be required to review the code before the deposit functionality is reopened. Gamma has also promised to maximize “recovery for all affected users.”
What are your thoughts on this story? Let us know what you think in the comments section below.
Fantom Foundation Wallets Drained, More Pain For FTM Holders As Prices Tank
Two Fantom Foundation wallets on Ethereum and the Fantom Network have fallen victim to a phishing attack, losing over 0,000, according to reports from CertiK, a blockchain security firm. Another report by “Spreakaway” on X alleges that one of Fantom’s team members also lost .4 million.
Fantom Foundation Falls Victim To Phishing Attack
Fantom Foundation is a non-profit organization dedicated to supporting the growth and development of the Fantom ecosystem. On the other hand, Fantom is a scalable, layer-1 blockchain that is compatible with Ethereum. Like the world’s most valuable network, the platform supports the deployment of smart contracts. For clarity, Fantom’s network was not hacked; the foundation’s wallets were compromised.
According to CertiK, the Fantom Foundation lost 0,000 on Fantom and at least 7,000 on Ethereum. Following the attack, Etherscan data show that the scammers consolidated funds into one account, holding at least million of various coins. The address has already been marked and identified as a facilitator of multiple phishing campaigns impacting crypto and decentralized finance (DeFi) projects.
Reports on Reddit show that Fantom Foundation fell victim to a “zero day” exploit on Chrome, a web browser, resulting in the loss of hundreds of thousands worth of FTM. In a screenshot of a Telegram conversation said to have been shared by a Fantom admin, the foundation acknowledged that “some” of their wallets were “drained.” They are actively tracking the movement of stolen funds.
Zero Day Exploit, FTM Sinks Even Lower
A zero-day exploit is a vulnerability unknown to the developer or its tech team, who might be able to fix it. Because the flaw isn’t known to the team, the threat actor can exploit it until it is patched. This is why zero-day exploits can be consequential, especially for DeFi protocols whose infrastructure relies on flawed software.
In the same screenshot shared on Reddit, a representative of Fantom Foundation said they didn’t update their browser to the latest version. The latest Chrome browser update, version 118.0.5993.70, was released on October 11.
Following this news, FTM fell roughly 5% and is now rocking close to multi-month lows. If bears press on, the coin may drop below 2022 lows.
As such, it will reverse all gains made in the first half of 2023. At this year’s peaks, FTM prices rose to as high as .65 in February 2023 before contracting to spot rates. The coin is trading at approximately .17 and under intense selling pressure.
A Hacker Just Drained $500k in Ethereum & Altcoins From a DeFi App
Ethereum’s budding decentralized finance ecosystem has gone parabolic over recent weeks.
The value of cryptocurrencies locked in DeFi applications has skyrocketed to .65 billion, 65% higher than this metric was just 12 days ago. Simultaneously, the number of users leveraging applications like Compound, Maker, and Synthetix has skyrocketed.
Unfortunately, a purported hack just took place that may temporarily slow DeFi’s growth.
0k in Ethereum and Other Altcoins Stolen in Hack
Early Sunday afternoon, reports started to spread via social media that a DeFi hack/attack took place.
Word first spread via Telegram, according to The Block’s Steven Zheng. An admin of a Telegram group noticed that there was an issue with Balancer, a DeFi protocol focused on facilitating token swaps.
“Apparently someone drained a Balancer Pool made up of WETH and STA and got away with 0k worth of WETH,” Zheng wrote, becoming one of the first to spread news of this via Twitter.
Hours after Zheng’s tweet, the attack was confirmed by Ethereum-based decentralized exchange 1inch and Mike McDonald, co-founder of Balancer Labs. Balancer Labs is the entity that is behind Balancer’s development; the former is a company, the latter is an Ethereum-based protocol.
According to a breakdown of the situation by 1inch, Zhang was correct: more than 0,000 worth of Ethereum and other altcoins were drained during this attack.
The exchange’s research found that the attacker used a smart contract to manipulate the Balancer Pool so that it went into debt:
“These funds were used to swap WETH to STA token back and forth 24 times which drained STA balance from the pool. […] Every time the attacker swapped WETH to STA, the Balancer Pool received 1% less STA than was expected.”
After this, the Ethereum user leveraged a vulnerability to drain Wrapped Ethereum, Wrapped Bitcoin, Synthetix, and Chainlink from the pool. As aforementioned, the value of the stolen funds amounts to ~0,000.
For some context, the issue was a byproduct of the built-in deflation of STA. The token has an algorithm designed to “ensure that for every transaction, 1% of the amount transacted is destroyed.”
1inch has classified the attacker as a “very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols” due to the exploits used. The attacker is currently at large because they used an Ethereum mixer to obfuscate their identity/ties to exchanges.
The post by Balancer Labs’ Mike McDonald corroborated what the decentralized exchange staff wrote.
Not DeFi’s Only Issue
Hacks aren’t the only issues that DeFi is currently facing.
Larry Sukernik, an investor at Digital Currency Group, argued that DeFi products are too complicated for their own good.
“A very high IQ can be a headwind to building massively successful products. You get people with a big brains that need to be put to work. And when they’re put to work, the result is often a complex, brilliant, but massively unusable product. Lots of that in DeFi now,” he explained.
There are also concerns surrounding high transaction fees. Joseph Todaro of BlockTown Capital wrote:
“If fees move higher or even maintain this level, I expect $ETH competitors focused on scalability to see increased attention.”
Featured Image from Shutterstock A Hacker Just Drained 0k in Ethereum & Altcoins From a DeFi App
A Hacker Just Drained $500k in Ethereum & Altcoins From a DeFi App
Ethereum’s budding decentralized finance ecosystem has gone parabolic over recent weeks.
The value of cryptocurrencies locked in DeFi applications has skyrocketed to .65 billion, 65% higher than this metric was just 12 days ago. Simultaneously, the number of users leveraging applications like Compound, Maker, and Synthetix has skyrocketed.
Unfortunately, a purported hack just took place that may temporarily slow DeFi’s growth.
0k in Ethereum and Other Altcoins Stolen in Hack
Early Sunday afternoon, reports started to spread via social media that a DeFi hack/attack took place.
Word first spread via Telegram, according to The Block’s Steven Zheng. An admin of a Telegram group noticed that there was an issue with Balancer, a DeFi protocol focused on facilitating token swaps.
“Apparently someone drained a Balancer Pool made up of WETH and STA and got away with 0k worth of WETH,” Zheng wrote, becoming one of the first to spread news of this via Twitter.
Hours after Zheng’s tweet, the attack was confirmed by Ethereum-based decentralized exchange 1inch and Mike McDonald, co-founder of Balancer Labs. Balancer Labs is the entity that is behind Balancer’s development; the former is a company, the latter is an Ethereum-based protocol.
According to a breakdown of the situation by 1inch, Zhang was correct: more than 0,000 worth of Ethereum and other altcoins were drained during this attack.
The exchange’s research found that the attacker used a smart contract to manipulate the Balancer Pool so that it went into debt:
“These funds were used to swap WETH to STA token back and forth 24 times which drained STA balance from the pool. […] Every time the attacker swapped WETH to STA, the Balancer Pool received 1% less STA than was expected.”
After this, the Ethereum user leveraged a vulnerability to drain Wrapped Ethereum, Wrapped Bitcoin, Synthetix, and Chainlink from the pool. As aforementioned, the value of the stolen funds amounts to ~0,000.
For some context, the issue was a byproduct of the built-in deflation of STA. The token has an algorithm designed to “ensure that for every transaction, 1% of the amount transacted is destroyed.”
1inch has classified the attacker as a “very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols” due to the exploits used. The attacker is currently at large because they used an Ethereum mixer to obfuscate their identity/ties to exchange.
The post by Balancer Labs’ Mike McDonald corroborated what the decentralized exchange staff wrote.
Not DeFi’s Only Issue
Hacks aren’t the only issues that DeFi is currently facing.
Larry Sukernik, an investor at Digital Currency Group, argued that DeFi products are too complicated for their own good.
“A very high IQ can be a headwind to building massively successful products. You get people with a big brains that need to be put to work. And when they’re put to work, the result is often a complex, brilliant, but massively unusable product. Lots of that in DeFi now,” he explained.
There are also concerns surrounding high transaction fees. Joseph Todaro of BlockTown Capital wrote:
“If fees move higher or even maintain this level, I expect $ETH competitors focused on scalability to see increased attention.”
Featured Image from Shutterstock A Hacker Just Drained 0k in Ethereum & Altcoins From a DeFi App
QuadrigaCX Auditor: Most of $150m in Lost Crypto Has Been Drained, What Does This Mean for Investors?
The QuadrigaCX imbroglio took a turn yesterday when Big Four Auditing Firm, Ernst & Young (EY) released its “Third Report of the Monitor” that asserts that they have identified six separate crypto wallets were used to store the exchange’s cryptocurrency.
Unfortunately for embattled QuadrigaCX investors, the wallets did not contain any of the nearly 0 million in cryptocurrency that is still missing following the death of the exchange’s CEO, and the hunt for this missing crypto will continue on.
Ernst & Young: There Have Been No Deposits into QuadrigaCX Crypto Cold Wallets Since April 2018
Aside from one inadvertent transfer into one of the wallets totaling at under 0,000, the report claims that there have been no deposits into the wallets since April of last year.
“To date, the Applicants have been unable to identify a reason why Quadriga may have stopped using the Identified Bitcoin Cold Wallets for deposits in April 2018, however, the Monitor and Management will continue to review the Quadriga database to obtain further information,” the report explained.
Importantly, besides a small fraction of cryptocurrency remaining in the addresses, there is still well over 0 million worth of customer’s crypto still missing.
Furthermore, EY noted that they have thus far been unable to discover why the six wallet addresses had stopped being used by the exchange, but that they would continue to review their data sources in order to garner more info on where the funds were being directed to.
“The Monitor has made inquiries of the Applicants as to the reason for the lack of cryptocurrency reserves in the Identified Bitcoin Cold Wallets since April 2018. To date, the Applicants have been unable to identify a reason why Quadriga may have stopped using the Identified Bitcoin Cold Wallets for deposits in April 2018, however, the Monitor and Management will continue to review the Quadriga database to obtain further information.”
Ernst & Young did not discuss whether or not they know about any existing wallet addresses outside of the six aforementioned ones, and also did not discuss whether or not there are any cold storage addresses holding cryptocurrency besides Bitcoin.
Could the Missing QuadrigaCX Funds Be Held on Various Crypto Exchanges?
Recently, a research report published on the Zerononcense Blog claimed that they have identified the wallet addresses where the exchange was keeping their Ethereum, and that there is a “strong possibility” that there may be a significant amount of ETH being held on some major cryptocurrency exchanges, including Poloniex, Kraken, and Bitfinex.
According to the report, there may be over 600,000 ETH being held in wallets on these exchanges, and that the now defunct exchange’s deceased CEO – Gerry Cotton – may have been moving the ETH to these exchanges while QuadrigaCX was operational.
“Based on the transaction analysis included in the report, it appears that a significant amount of Ethereum (600,000+ ETH) was transferred to these exchanges as a means of ‘storage’ during the years that QuadrigaCX was in operation and offering Ethereum on their exchange… it is very possible that QuadrigaCX, the creditors, and other entities are unaware of this discovery,” the Zerononcense Blog report explains.
Jesse Powell, the co-founder and CEO of Kraken, responded to the report on Twitter, explaining that none of the aforementioned funds are being stored on Kraken, and further adding that the possibility of these funds being held on exchanges is the “best hope that QCX clients have” of ever retrieving their lost funds.
“This is the best hope that QCX clients have — that Cotten was keeping client funds in other exchanges. Unfortunately, nothing at Kraken. Hopefully, others are looking. Could be accounts were created under different names so might take some real digging to find.”
This is the best hope that QCX clients have — that Cotten was keeping client funds in other exchanges. Unfortunately, nothing at Kraken. Hopefully, others are looking. Could be accounts were created under different names so might take some real digging to find.
— Jesse Powell (@jespow) March 1, 2019
Powell has been highly involved in the whole imbroglio since it first began, and Kraken just recently announced a 0k bounty for any information leading to the discovery of the missing funds.
“Kraken is giving up to 0,000 USD (fiat or crypto) as a reward for the tip(s) that best lead to the discovery of the missing 0 million US dollars. Can you help us unravel the Curious Case of Cotton’s Coins?” The exchange announced in a recent tweet.
Kraken is giving up to 0,000 USD (fiat or crypto) as a reward for the tip(s) that best lead to the discovery of the missing 0 million US dollars. Can you help us unravel the Curious Case of Cotton's Coins?https://t.co/BurmEMKVku
— Kraken Exchange (@krakenfx) February 28, 2019
The entire crypto community will continue sitting at the edge of their seats as the situation relating to the status and whereabouts of the missing funds continues to unravel, but at this time the best hope for investors affected by the situation is likely that the missing funds are scattered about on various cryptocurrency exchanges.
NewsBTC will continue to bring you the latest developments relating to the QuadrigaCX situation.
Featured image from Shutterstock.
The post QuadrigaCX Auditor: Most of 0m in Lost Crypto Has Been Drained, What Does This Mean for Investors? appeared first on NewsBTC.