Pike highlighted that the exploit occurred due to their team’s inadequate integration of third-party technologies such as the CCTP or Gelato Network’s automation services.
Ledger Commits To Full Restitution For Victims Of $600,000 ConnectKit Attack
Hardware wallet manufacturer Ledger has responded to a recent security breach resulting in the theft of $600,000 worth of user assets.
The company has pledged to enhance its security protocols by eliminating Blind Signing, a process where transactions are displayed in code rather than plain language, by June 2024.
Ledger Takes Responsibility For ConnectKit Attack
In a statement, Ledger emphasized its focus on addressing the recent security incident and preventing similar occurrences in the future.
The company acknowledged the approximately $600,000 in assets that were impacted by the ConnectKit attack, particularly affecting users blind signing on Ethereum Virtual Machine (EVM) decentralized applications (dApps).
Furthermore, Ledger pledged to make sure affected victims are fully compensated, including non-Ledger customers, with CEO & Chairman Pascal Gauthier personally overseeing the restitution process.
According to the statement, Ledger has already initiated contact with affected users and is actively working with them to resolve their specific cases.
In addition, by June 2024, blind signing will no longer be supported on Ledger devices, contributing to a “new standard of user protection” and advocating for “Clear Signing,” which refers to a process that allows users to verify transactions on their Ledger devices before signing them across dApps.
On this matter, Ledger’s CEO Pascal Gauthier stated:
My personal commitment: Ledger will dedicate as much internal and external resources as possible to help the affected individuals recover their assets.
Heightened dApp Security Measures
According to an incident report released by the hardware wallet manufacturer, the attack exploited the Ledger Connect Kit, injecting malicious code into dApps utilizing the kit.
This malicious code redirected assets to the attacker’s wallets, tricking EVM dApp users into “unknowingly signing transactions” that drained their wallets.
Ledger addressed the attack by deploying a genuine fix for the Connect Kit within 40 minutes of detection. The compromised code remained accessible for a limited time due to the nature of content delivery networks (CDNs) and caching mechanisms.
Ledger acknowledged the risks faced by the entire industry in safeguarding users and emphasized the need to continually raise the bar for security in dApps.
The company plans to strengthen its access controls, conduct audits of internal and external tools, reinforce code signing, and improve infrastructure monitoring and alerting systems.
Additionally, Ledger will educate users on the importance of Clear Signing and the potential risks associated with blind signing transactions without a secure display.
Notably, with Clear Signing, users are presented with a clear and readable representation of the transaction details, enabling them to review and validate the transaction before providing their signature.
This added layer of transparency and verification helps users mitigate the risks associated with front-end attacks or malicious code injected into decentralized applications
Featured image from Shutterstock, chart from TradingView.com
Solana-Based Aurory Suffers Devastating Exploit: 80% Of Liquidity Gone
Aurory (AURY), a blockchain-based tactical Japanese role-playing game built on Solana (SOL), recently experienced a significant liquidity loss in its Camelot’s AURY-USDC pool.
The incident occurred due to a hack on the SyncSpace bridge, which resulted in the unauthorized withdrawal and subsequent market sale of approximately 600,000 AURY tokens on the Arbitrum (ARB) network.
Aurory SyncSpace Bridge Hacked
In an official statement released on December 17, Aurory’s team disclosed the details of the incident. The team detected unusual activity on their marketplace and promptly initiated an investigation, which revealed that a malicious actor had exploited the marketplace’s buy endpoint.
This exploit allowed the attacker to inflate their AURY balance in SyncSpace, enabling them to withdraw around 600,000 tokens to the Arbitrum network. The attacker then liquidated the stolen amount by selling it in the market.
To protect user funds, SyncSpace was promptly disabled for maintenance, temporarily suspending deposits and withdrawals. Importantly, the statement assured that no user funds or non-fungible tokens (NFTs) were lost or at risk during the incident.
The AURY tokens originated from a team wallet, facilitating withdrawals for accounts not previously deposited AURY.
Exploit Mitigated
The Aurory statement emphasized that the exploit is no longer ongoing, as SyncSpace remains offline for maintenance. As a result, there is currently no risk of further exploits. Additionally, it was confirmed that the attacker has exhausted their AURY supply and no longer possesses any tokens to sell.
Moreover, SyncSpace will investigate further to determine how the exploit went undetected despite the previous expert audit.
The team also plans to release a comprehensive post-mortem report once the necessary fixes have been implemented and the investigation concludes. They expect SyncSpace to be back online in the coming days.
Since October 30, the price of Aurory’s token, AURY, has experienced a significant upward trend, culminating in a yearly high of $1.9008 on December 12. However, following the recent exploit, the price of AURY has retraced to $1.0868, marking a decline of 23.5% over the past 24 hours and 36.5% over the past seven days.
Despite this setback, AURY still boasts substantial gains of 74% and 70% over the 30-day and one-year periods, respectively.
The market now awaits to see whether the token’s support lines at $0.9681 and $0.9086 will be able to halt the potential continuation of the price drop or if they will succumb to the prevailing downtrend, putting a significant portion of its 2023 gains at risk.
Featured image from Shutterstock, chart from TradingView.com
Is Your Crypto at Risk? FBI Issues Dire Warning Over ‘Phantom Hacker’
As the crypto market continues to attract substantial investments, it has also witnessed a surge in scams and fraudulent activities. Regulatory institutions worldwide, spearheaded by the United States, seem to intensify their efforts to combat cyber threats, hacks, and frauds that affect the industry.
However, the nascent sector is far from the only one suffering from increasing cyber threats. Since 2020, these attacks have been common both within the crypto space and outside.
In line with this, the Federal Bureau of Investigation (FBI) identified a new threat dubbed “The Phantom Menace.” The FBI issued a warning on September 29, alerting the public about the escalating “Phantom Hacker” scams, particularly affecting senior citizens.
FBI Warns Of ‘Phantom Hacker’ Scams Targeting Crypto
The FBI’s statement revealed that the “Phantom Hacker” scam is an evolution of traditional tech support scams, employing imposter tech support, fraudulent exchange account support, and government personas to gain victims’ trust. This multi-layered approach helps scammers identify lucrative accounts to target.
From January to June 2023, the FBI Internet Crime Complaint Center (IC3) received over 19,000 complaints about tech support and crypto scams, resulting in estimated losses exceeding $542 million. Losses have already surpassed 2022 figures by 40% as of August 2023.
The Scam Phases:
- In the initial phase of the scam, fraudsters adopt the guise of tech or customer support representatives from legitimate companies. They reach out to their victims through various communication channels and employ persuasive tactics to convince them to call a designated number for assistance.
Once victims are connected, scammers manipulate them into downloading software that grants remote access to their computers. By fabricating a fictitious virus scan, scammers deceive victims into believing their computers have been compromised or are at risk.
Subsequently, they coax victims into opening their financial accounts, allowing scammers to identify the most lucrative targets.
- Upon successfully gaining access to victims’ financial accounts, scammers proceed to the second phase of the scam. In this stage, they assume the role of representatives from reputable financial institutions such as banks or brokerage firms.
The scammers falsely inform victims that foreign hackers have compromised their computers and accounts. To ensure the safety of victims’ funds, they instruct victims to transfer their money to a purportedly “secure” third-party account, often claiming an affiliation with recognized entities like the Federal Reserve or other US government agencies.
These transfers typically involve wire transfers, cash, or even cryptocurrencies, with the funds predominantly sent overseas. Scammers coerce victims into maintaining secrecy regarding the true purpose of these transfers.
Rise In Ransomware Attacks
In contrast with the alarming rise of “Phantom Hacker” scams, a Chainalysis report indicates an overall decline in cryptocurrency-related crime in 2023. Cumulative daily inflows to known illicit entities have decreased by 65% compared to the same period in 2022.
Notably, scams have experienced the most significant decline, with scammers generating nearly $3.3 billion less revenue in 2023 than in 2022. However, the report highlights a concerning trend: ransomware attacks.
Ransomware attackers extorted $175.8 million more by June 2023 than during the same period in 2022, suggesting a reversal from the downward trend observed in 2022.
While overall crypto-related crime has declined, the resurgence of ransomware attacks poses a significant menace and could spill over to the nascent sector. While the number declines, the amount stolen in the crypto space urging users to remain cautious in the face of new threats.
Featured image from Shutterstock, chart from TradingView.com
Crypto hacks and exploits snatch over $300M in Q2 2023: Report
While total year-over-year losses to hackers dropped 58%, BNB Chain saw 119 security incidents leading to losses of around $70 million, followed by Ethereum, with 55 incidents netting hackers over $65 million.
Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’
The scammer behind the crypto wallet draining kit even recommended an alternative and gave advice to budding cybercriminals.
No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm
The industry is likely to see “further attempts from hackers targeting bridges in 2023,” while users are urged to be warier of their private keys.
$62M crypto stolen in Dec was the ‘lowest monthly figure’ in 2022: CertiK
The month of December had the smallest figure for cryptocurrencies stolen in 2022 with around 23 major incidents according to CertiK.
Are North Korean IT Remote Workers Targeting Crypto Firms? Here’s What We Know
According to the US Government, North Korean IT workers are flooding the freelance market. It’s illegal for US businesses to employ them, but, what if they have no idea they’re doing it? In this new remote work world we’re living in, it’s completely possible. The North Korean workers are targeting all kinds of technology-focused businesses, but of course, the CNN report on the matter focused on cryptocurrency firms.
“It’s an elaborate money-making scheme that relies on front companies, contractors and deception to prey on a volatile industry that is always on the hunt for top talent. North Korean tech workers can earn more than $300,000 annually — hundreds of times the average income of a North Korean citizen — and up to 90% of their wages go to the regime, according to the US advisory.”
In contrast, this is what the US Government actually published:
“The DPRK dispatches thousands of highly skilled IT workers around the world to generate revenue that contributes to its weapons of mass destruction (WMD) and ballistic missile programs, in violation of U.S. and UN sanctions. These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and East Asia.”
It’s worth noting that the document doesn’t mention “crypto” or “bitcoin,” but let’s read what mainstream media has to say.
How Does CNN Relate North Korean IT Workers To Crypto?
The plan is simple, to associate this new development with the numerous crypto-related hacks that NewsBTC has timely reported on:
“North Korean government-backed hackers have stolen the equivalent of billions of dollars in recent years by raiding cryptocurrency exchanges, according to the United Nations. In some cases, they’ve been able to nab hundreds of millions of dollars in a single heist, the FBI and private investigators say.”
To establish authority, CNN also quotes US Government-related individuals, like “Soo Kim, a former North Korea analyst at the CIA.” She said, “(The North Koreans) take this very seriously. It’s not just some rando in his basement trying to mine cryptocurrency it’s a way of life.” Is she talking about the hackers or the job hunters, though? “Even though the tradecraft is not perfect right now, in terms of their ways of approaching foreigners and preying upon their vulnerabilities, it’s still a fresh market for North Korea,” she said later, apparently talking about the job hunters.
Another authority figure CNN features is “Fred Plan, principal analyst at cybersecurity firm Mandiant, which investigated suspected North Korean tech workers”. He says, “Most of these crypto firms and services are still a long way off from the security posture that we see with traditional banks and other financial institutions”. He’s right about that, but, what does that have to do with freelancers looking for jobs in IT?
ETH price chart for 07/12/2022 on FTX | Source: ETH/USD on TradingView.com
What About Those Hacks That Everyone Keeps Talking About?
The only authority figure that relates the IT workers to North Korean hackers is “Nick Carlsen, who until last year was an FBI intelligence analyst focused on North Korea.” What this man says might be the most important part of the article. “These guys know each other. Even if a particular IT worker isn’t a hacker, he absolutely knows one. Any vulnerability they might identify in a client’s systems would be at grave risk.”
The CNN article keeps it as vague as possible regarding the hacks:
“Pyongyang-linked hackers in March stole what was then the equivalent of $600 million in cryptocurrency from a Vietnam-based video gaming company, according to the FBI. And North Korean hackers were likely behind a $100 million heist at a California-based cryptocurrency firm, according to blockchain analysis firm Elliptic.”
Luckily for you, NewsBTC is here to help.
What Does NewsBTC Know About The North Korean Hackers?
The first item seems to refer to the Axie Infinity/ Ronin hack. About that one, we reported:
“The alphabet agency traced the funds to wallets associated with North Korean hacking group Lazarus. Does The Block’s article complete or negate this version of the story? It’s hard to see North Koreans pulling a stunt quite like this.
In any case, at the time the FBI was extremely clear in a statement quoted here:
“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th.”
If the IT remote workers’ story is true, we were wrong by saying, “It’s hard to see North Koreans pulling a stunt quite like this.” The second item seems to refer to the Harmony hack, and to describe that one we’ll quote our sister site Bitcoinist, who reported:
“The United States government believes that Lazarus was acting on behalf of North Korea’s covert intelligence service. Elliptic, a blockchain analytics company, disclosed in a report that: “The theft was achieved by compromising the cryptographic keys of a multi-signature wallet — most likely through a social engineering attack on members of the Harmony team. The Lazarus Group has routinely employed such methods.”
And that’s what we know so far. Are the North Korean IT workers related to the hackers? Probably so, but, the US Government didn’t even mention cryptocurrencies or bitcoin in their “Guidance on the Democratic People’s Republic of Korea information technology workers.”
Featured Image taken from this post | Charts by TradingView
Illicit crypto usage as a percent of total usage has fallen: Report
A rapidly growing crypto market means that hacks and scams are accounting for less overall activity, and their percentage of total usage continues to decline.
Data Shows Crypto Hacks And Fraud In 2021 Are On Track For A New Record
Crypto hacks and scams are nothing new in the crypto space, but every time they happen, they still come as a shock to investors. Most especially the victims of these attacks. Bull markets always seem to come with an increased number of attacks. So with a bull market that has raged on for the better part of a year, 2021 has definitely had its fair share of attacks, despite just entering its ninth month of the year.
Related Reading |
These attacks have accelerated with the recent crypto surge. Prices have been up across the board and it seems like this has been a cue for the attackers to ramp up their operations. This could be due in part to the high prices of the cryptocurrencies bringing much higher returns on their attacks. Whatever the case may be, attacks in 2021 have increased and data shows that the number this year will most likely surpass the record for last year.
Accelerated Crypto Attacks In 2021
Crypto hacks and scams had previously reached a record number in 2020. At a total of 32 identified cases in 2020, it was the year with the highest number of hacking and fraud incidents in the crypto market. In just eight months, there have been 32 identified cases of hacking and fraud in 2021. With six months to go and the bull rally raging on, more of these attacks can be expected to happen before the year runs out.
Related Reading | Data Shows Nearly 90% of Bitcoin Has Been Mined, Here’s How Long It Will Take To Mine The Rest
Since 2017, the number of breaches has consistently increased each year, according to an analysis from Crypto Head. 2017 marks the beginning of one of the most memorable bull runs in the crypto space. So it is no surprise that there was a jump in the number of attacks from the previous year. In 2016, there were only 5 identified cases of crypto hacking and fraud. But this number jumped to 21 the following year in 2017.
With four months left to go and DeFi exploits still on the rise, the number of attacks in 2021 may very well beat 38. These hacks and breaches are becoming even more sophisticated. Attackers are now developing tools that make their attacks harder to catch and trace.
2017 Attacks Carted Away The Biggest Loots
On average, just in 2017, attackers made away with $223.5 million on average. The total number of 21 attacks for the year came out to a balance of $4.7 billion stolen in crypto hacks and fraud. Setting the record for the highest amount stolen in a single year.
Related Reading | New To Bitcoin? Learn To Trade Crypto With The NewsBTC Trading Course
Despite having a higher number of attacks, 2020’s 38 identified cases came out to about $1.8 billion total. This amount already surpassed in 2021 by at least a billion. So far, the 32 combined attacks of 2021 have come out to a value of $2.9. The Poly Network attack that took place this year amounted to $610 million. Making it the biggest DeFi heist in history.
These attacks have mostly focused on the top coins in the crypto market, which, incidentally, also provide the most liquidity. About a third of these breaches have been targeted at the leading cryptocurrency, bitcoin. Ethereum comes in as second most targeted with 12.8%. Unknown coins make up about 9.2%, while ERC-20 tokens were targeted 7.4% of the time.
Total crypto market cap now trading at $2.29 trillion | Source: Crypto Total Market Cap on TradingView.com
Featured image from iStock, chart from TradingView.com
