Category: Hackers

Categories
Crypto News Ethereum Hackers NFTs

OpenSea Bug Sees Bored Apes Sold for 90% Below Market Value

A bug has been exploited by hackers to purchase NFTs from OpenSea users at well below market value. The loophole allowed Bored Ape #8924 to be snatched up for an old sale price listing of only 6.66 ETH (about US$16,200), leaving its seller, VirtualToast.eth, very angry.

VirtualToast.eth expressed his outrage at OpenSea’s negligence and warned other users of the platform’s flaw, urging them to remove all permissions for OpenSea to avoid suffering the same fate:

The bug allows attackers to snap up NFTs at previously listed prices (chosen by the seller in the past), which are often well below current market prices. The exploit relies on the fact that NFT owners are unaware that old marketplace listings for their NFTs are still active. This is due to the seller not delisting the item correctly by paying a gas fee. The Messenger | NFT posted on Twitter to help explain the issue:

Source: @MessengersCry

To protect users, Rarible was quick to temporarily disable all OpenSea orders on Rarible.com. It also developed a tool, Rarible Order Manager, to allow everyone to see and cancel their potentially risky sale orders.

Other NFTs Flipped Following Exploit

Etherscan has dubbed the account in question “OpenSea Opportunistic Buyer”. The exploit allowed the buyer in question (who goes by the name “jpegdegenlove“) to successfully purchase other NFTs at heavily discounted prices, including BAYC NFT #8274 for just under 23 ETH (around $56,000) and BAYC #9991 for just 0.77 ETH (about $1,800). The floor price for a BAYC NFT is currently 86 ETH, worth almost $210,000 at the time of writing.

“Jpegdegenlove” bought seven NFTs in the hack, paying a total of $133,000, before immediately flipping them for $934,000 in ETH and sending the funds through Tornado Cash.

Interestingly, “jpegdegenlove” seems to have partially compensated two of his/her victims, sending 20 ETH ($49,000) to “TBALLER” and 13 ETH ($32,000) to “Vault327”.

This isn’t the first time OpenSea has been criticised for flaws in its code. Just a few months ago, Crypto News Australia reported a bug on the platform that destroyed at least 42 NFTs worth around US$100,000.

Categories
Crime Crypto News Crypto Wallets Hackers

Warning: New ‘BHUNT’ Malware Targets Crypto Wallets and Passwords

Research done by cybersecurity company Bitdefender has found a new kind of “cryptocurrency stealer” called BHUNT, a form of malware that infiltrates wallet files and other sensitive information in the browser to access a personal wallet and transfer funds to the attackers’ wallet(s).

In a recent whitepaper, Bitdefender’s senior security researcher Janos Gergo Szeles details how BHUNT works. Similar to CryptBot, Redline Stealer and WeSteal, the malware slips in with downloads of cracked or unsecured software in order to gain access to a wallet’s seed or configuration file.

Seven Different Wallets Affected

The document states that BHUNT can exfiltrate contents from Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin and Litecoin wallets along with passwords stored in the browser and phrases used to recover accounts. With information such as this, a hacker can then easily access and transfer crypto straight out of a target’s wallet.

While the malware primarily focuses on stealing information related to cryptocurrency wallets, it can also harvest passwords and cookies stored in browser caches,

Janos Gergo Szeles,  senior software engineer, Bitdefender

Hackers and the like have even started targeting Discord servers of crypto and NFT communities to let loose ‘Babadeda’ malware disguised as a legitimate app.

Prevention Better Than Cure

At the moment countries with the highest infection rates include Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain and the US.

As the virus spreads, users should be aware that they could compromise their private information as well as their crypto wallets. By downloading software from unknown vendors, people can potentially expose themselves to malware. This is why it’s important to keep security software up to date to block the installation of unwanted software.


The most effective way to defend against this threat is to avoid installing software from untrusted sources and to keep security solutions up to date.

Janos Gergo Szeles,  senior software engineer, Bitdefender
Categories
Crypto Exchange Crypto News Crypto.com Hackers

Crypto.com Finally Admits Close to $34 Million Lost in Hack

Earlier this week, Crypto.com suspended withdrawals after some users reported suspicious activities on their accounts. Initial losses were estimated at US$15 million but later this ballooned to US$34 million, a figure that has since been confirmed by the world’s fourth-largest exchange.

A Rough Week for Crypto.com

On establishing that some 400 users had experienced unusual activity on their accounts, the company put a hold on withdrawals and reassured users that their funds were safe.

Early reports suggested that US$15 million had been stolen, as reported by blockchain security group PeckShield.

The stolen funds were subsequently laundered through popular coin mixer Tornado. However, one eagle-eyed on-chain analyst claimed that the losses were closer to US$34 million.

The on-chain analyst was initially alerted by an “abnormally large withdrawal” from Crypto.com that was then mixed through a well-known Bitcoin tumbler, as illustrated below:

BTC withdrawal through a tumbler. Source: @ErgoBTC

Crypto.com Finally Confirms Losses

In a statement on its website, Crypto.com confirmed that the hack had impacted 483 users and that unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other cryptocurrencies.

The company added:

No customers experienced a loss of funds. In the majority of cases we prevented the unauthorised withdrawal, and in all other cases customers were fully reimbursed.

Crypto.com statement on the hack

The company ascribed the hack to a problem with two-factor authentication (2FA) and said that going forward, it would put in place several mechanisms to create additional layers of security:

Based on replies to the Tweet above, it remains to be seen whether the matter is well and truly over, or if there is still more to come.

Categories
Crypto News DeFi Hackers

Hack Persists for Cross-Chain Protocol ‘Multichain’, Losses Reach $3 Million

The Multichain hack drama is far from over as hackers are still draining millions of tokens from the protocol, with the biggest victim reportedly losing roughly US$1 million.

Multichain Announcement Prompts Further Compromises

As per a January 17 blog post, Multichain – a cross-chain router protocol – announced it had been compromised by several hackers who exploited various vulnerabilities in the protocol, stealing over US$1 million from several tokens. But the protocol’s announcement backfired as it only prompted the hackers to steal more funds, raising the total amount to roughly US$3 million:

Security firm Dedaub spotted six cross-chain tokens in the protocol that are still subject to vulnerabilities: Wrapped ETH (wETH), Peri Finance Token (Peri), Official Mars Token (OMT), Wrapped BNB (wBNB), Polygon (MATIC), and Avalanche (AVAX).

Hacker Wants to Return Funds But ‘Keep Tips’

One of the hackers stole US$1.4 million in the first round of attacks, while another offered to return 80 percent of the funds while keeping the rest as “tips for me saving your money”. One user lost almost US$1 million in the hack, and decided to offer US$150,000 in ETH to the white hacker to retrieve his funds.

Multichain Sending Mixed Messages

What has Multichain users confused are the contradictory messages coming from the protocol’s Twitter account. On January 17, Multichain said that the critical vulnerabilities found in the six affected tokens had been “reported and fixed” by the team, but two days later it reminded users to revoke approvals of the tokens.

These mixed messages were spotted by Crypto Twitter figure ChainLinkGod, who said: “I can’t be the only one who’s incredibly confused by @MultichainOrg’s messaging here.”

Multichain has since turned off the comments on its Twitter account. Users in the company’s Telegram group are reporting that no vulnerability has yet been fixed, and that the company is not doing anything to reimburse affected users.

This is one of several DeFi hacks so far this month. Two weeks ago, Tinyman, an Algorand-based decentralised trading platform, was hacked and drained for roughly US$3 million.

Categories
Bitcoin BSV Crypto News Crypto.com Hackers Security

Crypto.com Suspends Withdrawals Following ‘Unauthorised Activity’ on User Accounts

Crypto.com suspended withdrawals this week after a small number of users reporting suspicious activity on their accounts, claiming “all funds are safe” – but not before security firm Peckshield reported losses amounting to “about US$15 million”.

Several Customers Report ‘Thefts’

The Singapore-based exchange stopped withdrawals on January 17 in response to several “thefts” reported by customers. One of them was Dogecoin (DOGE) founder Billy Markus, who noticed a suspicious transaction pattern on Etherscan.

Several hours later, Crypto.com issued an update advising users were required to sign back into their accounts and reset their two-factor authentication (2FA).

However, crypto enthusiast and jeweller Ben Baller claimed his account had been breached to the tune of 4.28 ETH (about US$15,000). Baller tweeted he had used 2FA to sign back in, so it appears the perpetrators must have bypassed some of Crypto.com’s security features:

At around 16:00 UTC, Crypto.com CEO Kris Marszalek tweeted that final checks were being made prior to withdrawals being resumed within the following hour, reiterating that “all funds were safe”.

Not Your Keys, Not Your Coins

In July last year, exchanges suspended Bitcoin SV (BSV) following double-spending attacks registered on the coin’s network. Developers of the BSV network had identified a wallet address that was linked with a history of illegal activities, including ransomware. The attacker had tried to mask double-spending of coins by causing block re-organisation attacks, which usually occurs when miners work together to remove previously confirmed blocks from the blockchain.

And just last month, centralised US crypto exchange BitMart was hit by one of the most devastating hacks to date, draining a combination of cryptocurrencies. The losses were estimated to be around US$200 million by security firm PeckShield, who – as in this week’s Crypto.com case – picked it up as it was happening.

Categories
Crypto News Crypto Wallets Hackers NFTs Tokens

Lympo NFT Platform Hacked for $18.7 Million, LMT Token Down 99%

Animoca Brands subsidiary Lympo has suffered a breach that cost the minter of sports non-fungible tokens (NFTs) close to US$19 million worth of its native token, LMT.

Hackers broke into Lympo’s systems on January 10 and drained 165.2 million LMT, worth US$18.7 million at the time. Since then, the value of the token has plunged 92 percent, though blockchain security company PeckShield claims it could be more than 99 percent:

According to a post from the Lympo team, 10 different project wallets were compromised in the attack. Most of the stolen tokens were sent to a single address, exchanged for Ether on Uniswap and SushiSwap, then diverted elsewhere.

Liquidity Removed to ‘Minimise Price Disruption’

In a later tweet, the team also stated that it had removed liquidity LMT from liquidity pools to “minimise disruption to token prices”:

Removing liquidity from pools means traders will be unable to buy or sell any significant amount of the tokens without experiencing a dramatic loss of value on their trade.

Lympo advised traders that most of the LMT reserve sits in so-called cold wallets that are disconnected from the internet. These were unaffected by the attack.

We are investigating the incident and how we can make up for it for our community. At this point, we recommend not buying or selling additional LMT tokens.

Lympo post on Twitter

Second Hot Wallet Hack in a Week

Lympo is a subsidiary of Animoca Brands, a Hong Kong-based game software and venture capital company. According to Animoca CEO Yat Siu, “We are working with Lympo to assist them on a recovery plan, but we don’t have any specific mechanisms.”

This was the second hot wallet hack in a week, with crypto exchange LCX losing nearly US$8 million on January 8. Both incidents follow the US$200 million BitMart hack in early December.

Categories
Crypto Exchange Crypto News Crypto Wallets Cryptocurrencies Hackers

Crypto Exchange LCX Hot Wallet Hacked for $7.94 Million

Liechtenstein-based crypto exchange LCX has had one of its hot wallets compromised, the hacker getting away with almost US$8 million in various cryptocurrencies.

First Big Hack of the Year

On January 9, the LCX team and crypto-security firm PeckShield detected a breach of one of the LCX hot wallets. On further inspection, it was established that the theft had taken place on January 8 between 11:23pm and 11:37pm CET.

Only LCX Hot Wallet Compromised

According to the LCX update, the hacker got away with an estimated US$7.94 million in Ethereum (ETH), USDC, Sand Token (SAND), LCX Token (LCX), and various others. The exchange did, however, manage to freeze US$700,000 and commented that none of its users or other LCX wallets were impacted.

Coins stolen by the LCX hacker. Source: Etherscan

The assets were moved to the hacker’s ETH wallet address (0x165402279F2C081C54B00f0E08812F3fd4560A05), which has since been flagged. In the meantime, the platform has paused all deposits and withdrawals, and the incident has been reported to several Liechtenstein authorities. It hasn’t yet been revealed how the hacker got access to the hot wallet.

Hopes for a More Secure DeFi in 2022

This latest hack follows on the heels of the US$200 million BitMart hack that took place in early December and the $450 million Bilaxy hack just before that.

Last year was a rough one for the DeFi ecosystem, having sustained an estimated US$10.2 billion in losses from hacks, bugs, fraud, exploitations and other malevolent activities, according to a report by IMMUNEFI. This represented a 137 percent increase on the losses suffered in 2020.

Categories
Crypto News Hackers Solana

Solana Down for Second Time This Week; Should Users be Concerned?

It appears Solana is down for the second time this week. As Crypto News Australia reported, Solana suffered a DDoS (Distributed Denial of Service) attack on January 4, leading to slow network performance and failed transactions.

SOL Community Outraged

Then on January 6, Solana Status announced that the network had suffered a “degraded performance due to an increase in high compute transactions”. SOL co-founders and members are denying another possible DDoS attack and that it was rather a “congestion issue”. As expected, the message wasn’t well received by the community:

Solana Beach shows that the average TPS (transactions per second) rate is back to around 1500. However, roughly 80 percent of those are not smart contract transactions, but on-chain consensus messages.

As previously explained by Twitter user and crypto enthusiast EdnStuff, the more validators join the network, the number of consensus messages grows exponentially, not linearly:

Third Time’s the Charm?

This is the third time that Solana has been struck by a DDoS attack, or as its co-founders prefer to call it, a “congestion issue”. More SOL users are complaining about the constant crashes and condemning the network’s vulnerability. After all, it was only two days ago that Solana crashed due to a DDoS attack. Already on December 14, the Solana blockchain was jammed after suffering a DDoS attack that led to huge delays.

Categories
Crypto News DeFi Hackers

Users Praise Illuvium after Team Drains Uniswap Pool to Protect Billions from Protocol Flaw

Illuvium, a multibillion-dollar GameFi company, has drained its liquidity pools after finding a security flaw that could have ended in billions of dollars lost through exploits. And while it seems like a drastic action, the move has been praised by the Illivium community.

Attackers Steal Some Funds Before Team Plugs Breach

At 2pm ET on January 4, the team behind Illuvium drained all the funds of the sILV/ETH Uniswap V3 pool to prevent a major security breach from being executed, though the attackers were able to steal some of the funds in the pool before the team got their hands on it.

The hackers went on to create a fake Illuvium Twitter account posing as a support centre for users, which had already been reported by the real Illuvium account:

In a message in the project’s official Discord channel, Illuvium co-founder Kieran Warwick said the team would ensure future bugs are prevented by implementing several security measures, such as three independent audits per contract, a bug bounty program, and additional contract testing.

In a closing note, Illuvium will reimburse sILV owners once it gets a snapshot of them. While the sILV pool had been created by a DAO, the team, including Warwick, used it to trade in it.

GameFi Community a New Target

The Illuvium community has praised the company’s action instead of condemning it. The DeFi community has been subject to attack in the past, with big blows such as last month’s BadgerDAO $120 million exploit. Now it appears that malicious actors are flocking to the GameFi community to see if they can cash a few more bucks out of investors’ pockets.

Categories
Crypto News Hackers Social media Solana

Solana Network Temporarily Down Again After Another DDoS Attack

High-performance network Solana has suffered another DDoS (Distributed Denial of Service) attack, specifically at 2:00 am (UTC+8) on January 4:

This is just another of the many exploits Solana has sustained in recent weeks. On December 14, Solana suffered a DDoS attack that jammed the network and caused huge transaction delays.

Outrage Among the SOL Community

The network appears to be back up again following the latest incident, but the continued breaches have caused outrage in the SOL community, who are now complaining en masse about how vulnerable the network is.

SOL users have expressed their outrage on Twitter and Reddit. One Redditor, angry for the constant delay, claimed that Solana Status has been lying to its users, insisting the network has been working “completely fine” and that the delay problems might be related to slow internet connections.


Turns out status dot solana page is lying to its own users. If you go into the Solana official groups, you can see dozens of people complaining about failing transactions, missing balances, transactions not being processed, etc. Users are repeatedly questioning the validity of the status dot solana page that shows 100 percent uptime even when the network was down, and even Coinbase flagged it as down.

Reddit user

‘Slowdown’, Not a Crash

Some users have said that this is just another slowdown instead of a crash. Crypto exchange Coinbase warned users that the SOL network had experienced a momentary downgraded performance with failed transactions that could be retried:

Whatever the cause, most users are complaining about lack of decentralisation and a dearth of security measures in the network.