Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Cryptohack Roundup: Bitrue, Hundred Finance, SafeMoon

Also: $10.5M Exploit on 11 Blockchains, MetaMask Third-Party Breach
Cryptohack Roundup: Bitrue, Hundred Finance, SafeMoon
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In the days between April 14 and April 20, hackers stole $23 million from Bitrue, $7 million from Hundred Finance and more than $10.5 million from 11 blockchains. The SafeMoon hacker returned 80% of the stolen $8.9 million, MetaMask suffered a third-party security breach and Kyber Network advised its LPs to withdraw funds from Elastic.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Bitrue

Hackers stole crypto assets worth nearly $23 million by exploiting a hot wallet vulnerability in crypto exchange Bitrue. "Most" users were unaffected by the "brief" exploit, but the company said it would fully compensate those who were. It partially resumed transactions on Monday, after pausing withdrawals after the attack announcement on Friday.

Hundred Finance

A hacker stole $7 million from lending protocol Hundred Finance by exploiting a vulnerability on its Layer-2 scaling network. The company on Sunday said it had contacted the hacker for negotiations while working with security teams to fix the vulnerability. The company on Wednesday offered a $500,000 bounty in exchange for information that would lead to the hacker's arrest or in return for all the stolen funds.

SafeMoon

An attacker who drained $8.9 million from crypto firm SafeMoon returned 80% of the funds, according to a Thursday tweet from the company. The company on Tuesday said it had "struck a deal" with the hacker, in which the hacker would return 80% of the funds, and keep the rest as a "bounty" with no legal consequences.

$10.5M Stolen From 11 Blockchains

Hackers drained at least $10.5 million in non-fungible tokens and coins by exploiting an unidentified vulnerability on 11 blockchains since December. The funds were stolen from experienced community members who were "reasonably secure," said MetaMask developer Taylor Monahan, who discovered the attack on Monday. The hackers appear to target keys of experienced users who work in the space, mostly created between 2014 and 2022.

MetaMask

The email addresses of thousands of MetaMask users who raised customer support tickets between Aug. 1 and Feb. 10 may have been compromised in a third-party cybersecurity incident. Parent company ConsenSys on Friday said an unauthorized actor had gained access to a third party's system that processed customer service requests, likely allowing the bad actor to view the complaints, email IDs and potentially personal identifiable information of about 7,000 users.

Kyber Network

Decentralized finance protocol Kyber Network on Monday asked liquidity providers to withdraw all their funds from its crypto exchange Elastic, after it discovered a potential vulnerability in its product. The company did not specify what the flaw was but said that no funds had been lost as a result of its exploitation.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.