Cryptohack Roundup: Poly Network Hacked for $10MAlso: Belarus Mulls P2P Crypto Payments Ban; New Standard May Boost DeFi Security
Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. This week, a Poly Network hacker pocketed $10 million, Belarus mulled banning P2P crypto payments, Ethereum community members proposed a new standard to boost the security of decentralized finance protocols and the Russian military raised $20 million in cryptocurrency.
Poly Network Hack
A hacker pocketed more than $10 million worth of ETH in a Sunday attack on cross-chain bridge Poly Network, security company Beosin said. The unknown hacker minted crypto tokens from 57 blockchains, putting more than $34 billion in the hacker's wallet - but the lack of liquidity on the affected chains meant that the theft did not translate into actual gains for the attacker. The hacker was able to pocket a relatively smaller portion of the artificially minted tokens, totaling $10.1 million, Beosin said.
Poly Network, which was the subject of a $611 million hack in 2021, said it has suspended services after the latest incident and is working with law enforcement and centralized exchanges to identify the criminal and recover the stolen funds. It recommended that affected entities withdraw funds from the decentralized exchange. Likely hoping for a repeat of the 2021 incident in which the hacker returned the stolen funds, the crypto company appealed to the hacker to again give back the money - to "avoid any potential legal consequences."
Belarus Mulls Banning P2P Crypto Transactions
Belarus is looking to introduce legislation to ban peer-to-peer crypto transactions, which are popular among cybercriminals and only allow registered exchanges to operate in the Eastern European country, said Alexander Ringevich, deputy chief of a crime division in Belarus' Ministry of Internal Affairs. Fraudsters use P2P services to off-ramp stolen funds and convert them to fiat currency and to transfer money to other criminals. The ministry has taken down 27 individuals providing illegal crypto exchange services so far this year, he said, adding that the individuals made nearly $8.4 million from these services.
New Proposal to Boost DeFi Security
A group of Ethereum community members proposed a new standard, dubbed ERC 7265, which looks to boost the security of decentralized finance protocols. The standard allows companies to include a circuit breaker - a backstop in the underlying smart contract - to stop tokens from leaving the contract in case of a hack and curbing the attacker's ability to drain the stolen funds, one of the standard's builders said. Fluid Protocol developer Meir Bank, said in an announcement that the proposed standard comes amid a rise in DeFi hacks. "We all agree, DeFi is broken. Not only are there many hacks, but the results are catastrophic. When protocols are hacked, often they lose everything. The TVL tanks to zero in a matter of seconds," he said, explaining in a series of tweets the details of the standard's proposals.
Russia Raises $20M in Crypto to Fund Cyberwar
Pro-Russian military procurement and disinformation groups raised $20 million in cryptocurrency amid the country's cyberwar with Ukraine, a steep increase from just $4.2 million in February last year. The number is tiny in comparison to Ukraine's $212 million campaign, but Elliptic said that the number is significant: At $10.6 million, more than half of the funds involve entities sanctioned by the United States, including darknet markets Hydra and Shkaf and crypto exchanges Garantex and Bitzlato.
Phishing Attacks on Hot and Cold Wallets
Hackers are targeting internet-connected crypto wallets - or hot wallets - and offline crypto wallets - or cold wallets - to steal funds through phishing, said Kaspersky, which uncovered an "ongoing wave" of phishing attacks. The company detected more than 85,000 scam emails targeting crypto users in March, April and May, it said.
In the scam focused on cold wallets, the attackers send victims an email purporting to be from crypto exchange Ripple and ask them to participate in a token giveaway. When victims follow the link in the email, they're prompted to connect their hardware wallets, which allows the scammers to access and drain the victims' accounts. The hot wallet campaign involves hackers impersonating Coinbase and asking users to validate transactions or reconfirm their wallet security. When the victims do so, they're redirected to fake web pages that prompt them to enter their seed phrase, enabling the attackers to access and steal the funds.