An attacker could have placed a limit buy order with an arbitrarily high open price to automatically win every trade, the Zellic security platform discovered.
Kronos Research hacker shifts funds to Tornado Cash
Kronos Research was exploited for $25 million in November 2023, with one of the six wallets linked to the hacker moving funds to Tornado Cash on May 7.
Gnus.AI Discord hack causes $1.27M in losses
The attacker was able to view team members’ private Discord messages, allowing them to gain access to the team’s wallet address and mint 100 million fake tokens.
Exploiter Steals $68M Worth of Crypto Through Address Poisoning
A cryptocurrency user has lost $68 million worth of wrapped bitcoin (WBTC) after falling victim to an “address poisoning” exploit, according to blockchain security firm CertiK.
Hundred Finance hacker moves stolen assets a year after $7M exploit
The hacker holds about $4.3 million in various crypto assets in their Ethereum wallet.
Pike Finance clarifies ‘USDC vulnerability’ statement on $1.6M exploit
Pike highlighted that the exploit occurred due to their team’s inadequate integration of third-party technologies such as the CCTP or Gelato Network’s automation services.
Bitcoin Lightning Exchange FixedFloat Sees ‘Suspicious’ Transfers of $3M to Ethereum, Tron
The website was down for “technical work” as of early European afternoon hours Tuesday.
Newly Issued Gaming Token Exploited on Blast With $4.6M Drained
A recently issued gaming token on layer-2 network Blast has been exploited with $4.6 million stolen, according to an announcement in the token’s Telegram channel.
Tornado Cash Reportedly Suffers Backend Exploit, User Deposits at Risk
User deposits on decentralized privacy protocol Tornado Cash are reportedly at risk following the insertion of malicious code in the protocol’s back end, according to a Medium post by community member Gas404.
MIM Stablecoin Suffers Flash Crash Amid $6.5M Exploit
The stablecoin issued by decentralized platform Abracadabra.money {MIM}, suffered a flash crash to $0.76 after reports emerged of a $6.5 million exploit.
Exploit On Polygon Contracts Extract $15M, Here Are The Details
The play-and-own mobile gaming platform GAMEE suffered an exploit of its GMEE token contracts on Polygon that led to the theft of 600 million GMEE tokens and left the crypto community pondering questions.
GAMEE Confirms $15M Exploit On Polygon
On January 22, GAMEE Token’s official X (formerly Twitter) account advised its users to refrain from engaging with the digital asset while their team investigated the GMEE token-related security comprise it had just suffered.
The GMEE token is an ERC-20 utility token “designed to be the currency of access, action, and governance within the GAMEE ecosystem,” as their website states.
$GMEE | URGENT
There has been a security incident involving the GMEE token. As a precautionary measure, we advise all users to refrain from engaging with $GMEE until further notice.
Our team is actively investigating the situation, and updates will be provided soon.
— GMEE Token (@GAMEEToken) January 22, 2024
Before the official announcement, crypto users quickly noticed the token’s sudden price crash and the transactions behind it. This left GAMEE users and the general crypto community wondering if an exploit had occurred.
In the early hours of January 23, GAMEE’s team returned to the X platform to explain what happened and the steps to come.
The thread explains that their preliminary investigation indicated that the GMEE token contracts on Polygon had been compromised via unauthorized GitLab access.
This compromise resulted in the theft of 600 million GMEE tokens worth approximately $15.28 million at the time of the exploit. The compromised tokens were immediately converted to ETH and MATIC and exchanged via various decentralized exchanges (DEXs) in the following hours, drastically impacting the GMEE token price.
The team behind GAMEE explained that after noticing the Polygon GMEE deployer address was compromised, they secured the token contract ownership and all associated contracts by transferring ownership to a “new secure address.”
The team also clarified that only proprietary team token reserves were affected, and the exploit did not affect assets owned by the community, as “GAMEE does not custody or manage any community-owned assets.”
GAMEE expressed its understanding of how the impact of the unauthorized transactions could have affected the GAMEE community, as it led to price volatility and limited use of the GMEE token while investigations were taking place.
The next steps for GAMEE will consist of an impacted user identification process to evaluate the best way to support the affected part of the community. Additionally, they plan to provide a real-time update on the details that further investigations will provide as an effort to keep trust and transparency.
Lastly, the user was advised to exercise caution “given the volatile market conditions and potential liquidity impacts driven by CEX measures.”
GMEE’s Violent Price Drop
Around the time of the exploit, the GMEE token had been trading at $0.02554112, according to CoinGecko’s data, and it had been previously sitting at the $0.027-$0.026 range throughout the weekend.
Shortly after the exploit, the prince crashed to $0.01155577, reaching its lowest point of $0.00897251 in the early hours of today.
It’s worth noting that many saw the price crash as a possibly once-in-a-lifetime opportunity to profit. Various users shared that they had bought the dip and even advised others to do it. One X user said, “One man’s trash is another man’s treasure.”
At writing time, the GMEE token trades at $0.016999, a 31.5% decline in the last 24 hours.
Socket, Bungee Restart Operations After Apparent $3.3M Exploit
The platform experienced a security incident late Tuesday that affected wallets with infinite approvals to Socket contracts, developers said.
In Failed Bitfinex Exploit Attempt, Billions in XRP Moved
The failed token transfers spooked some market watchers as they amounted to nearly half of XRP’s $30 billion market capitalization.
OKX Wallet Users Warned to Update App to Avoid Code Vulnerability
Blockchain security firm Certik has warned OKX Wallet users to update their iOS app after a critical Remote Code Execution (RCE) vulnerability was found in a previous version.
Solana-Based Aurory Suffers Devastating Exploit: 80% Of Liquidity Gone
Aurory (AURY), a blockchain-based tactical Japanese role-playing game built on Solana (SOL), recently experienced a significant liquidity loss in its Camelot’s AURY-USDC pool.
The incident occurred due to a hack on the SyncSpace bridge, which resulted in the unauthorized withdrawal and subsequent market sale of approximately 600,000 AURY tokens on the Arbitrum (ARB) network.
Aurory SyncSpace Bridge Hacked
In an official statement released on December 17, Aurory’s team disclosed the details of the incident. The team detected unusual activity on their marketplace and promptly initiated an investigation, which revealed that a malicious actor had exploited the marketplace’s buy endpoint.
This exploit allowed the attacker to inflate their AURY balance in SyncSpace, enabling them to withdraw around 600,000 tokens to the Arbitrum network. The attacker then liquidated the stolen amount by selling it in the market.
To protect user funds, SyncSpace was promptly disabled for maintenance, temporarily suspending deposits and withdrawals. Importantly, the statement assured that no user funds or non-fungible tokens (NFTs) were lost or at risk during the incident.
The AURY tokens originated from a team wallet, facilitating withdrawals for accounts not previously deposited AURY.
Exploit Mitigated
The Aurory statement emphasized that the exploit is no longer ongoing, as SyncSpace remains offline for maintenance. As a result, there is currently no risk of further exploits. Additionally, it was confirmed that the attacker has exhausted their AURY supply and no longer possesses any tokens to sell.
Moreover, SyncSpace will investigate further to determine how the exploit went undetected despite the previous expert audit.
The team also plans to release a comprehensive post-mortem report once the necessary fixes have been implemented and the investigation concludes. They expect SyncSpace to be back online in the coming days.
Since October 30, the price of Aurory’s token, AURY, has experienced a significant upward trend, culminating in a yearly high of $1.9008 on December 12. However, following the recent exploit, the price of AURY has retraced to $1.0868, marking a decline of 23.5% over the past 24 hours and 36.5% over the past seven days.
Despite this setback, AURY still boasts substantial gains of 74% and 70% over the 30-day and one-year periods, respectively.
The market now awaits to see whether the token’s support lines at $0.9681 and $0.9086 will be able to halt the potential continuation of the price drop or if they will succumb to the prevailing downtrend, putting a significant portion of its 2023 gains at risk.
Featured image from Shutterstock, chart from TradingView.com
How the Ledger Connect hacker tricked users into making malicious approvals
According to Cyvers, the attacker caused malicious code to be inserted into multiple app user interfaces, allowing the exploiter to fool users into confirming transactions.
How the Ledger Connect hacker tricked users into making malicious approvals
According to Cyvers, the attacker caused malicious code to be inserted into multiple app user interfaces, allowing the exploiter to fool users into confirming transactions.
BREAKING: Sushi DeFi Security Breach: CTO Sounds Alarm, SUSHI Price Drops 4%
In a significant blow to the decentralized finance (DeFi) sector, the Sushi DeFi protocol has fallen victim to its second exploit this year.
The protocol’s Chief Technology Officer (CTO), Matthew Lilley, has issued a stark warning to users, advising them to refrain from using any decentralized applications (dApps) until further notice.
Sushi And Zapper Frontends Compromised
The latest breach has prompted concerns about the security and integrity of the Sushi DeFi protocol and other associated dApps. According to Lilley, a widely-used web3 connector has been compromised, allowing malicious code injection that affects numerous dApps.
Specifically, dApps that use the LedgerHQ/connect-kit, a dApp that allows users to connect other dApps to their Ledger hardware wallets, are considered vulnerable. Notably, Lilley’s warning underscores the severity of the situation, emphasizing that this is not an isolated attack, but a large-scale assault targeting multiple dApps.
Further investigation by security experts has revealed a potential supply chain attack on the ledger connect kit. The attacker allegedly successfully injected a wallet-draining payload into the popular Node Package Manager (NPM), impacting several prominent dApps, including Hey and others.
Additionally, it has been discovered that the Zapper and Sushi frontends have been hijacked, exacerbating the scope of the breach.
Slowmist, a module of Ledger, further confirmed that their system was hijacked and tampered with during the supply chain attack. This compromised the integrity of the ledgerhq/connect-kit library, which is relied upon by many dApps.
As a result, users are urged to exercise caution when conducting any dApp-related operations and to scrutinize requests for wallet information that may appear unexpected.
Malicious Connect Kit Neutralized?
In an official statement, Ledger has confirmed the identification and removal of a malicious version of the Ledger Connect Kit. The company assures users that their Ledger devices and Ledger Live remain uncompromised.
The company stated that a genuine version of the Connect Kit is currently being pushed to replace the malicious file. Ledger advises users to refrain from interacting with any dApps at the moment for their safety.
The company pledges to provide updates as the situation develops, ensuring users stay informed about the ongoing efforts to address the security breach.
SUSHI’s Uptrend Threatened By Exploit Fallout
In light of recent events affecting the Sushi DeFi protocol, its native token, SUSHI, has experienced a decline of over 4% within the past hour, reaching a low of $1.590.
Before the exploit, SUSHI had been exhibiting a notable uptrend structure on its 1-day chart, marked by higher highs and higher lows. However, with the loss of its crucial support level at $1.961, there is a potential invalidation of the previously established uptrend.
The uncertainty surrounding the protocol’s native token raises the possibility of further downside in SUSHI’s price action. If a sustained downtrend continues, the next significant support level for SUSHI is located at $1.084.
Featured image from Shutterstock, chart from TradingView.com
KyberSwap attacker used ‘infinite money glitch’ to drain funds — DeFi expert
By exploiting a bug, the attacker caused liquidity to be “double-counted,” allowing them to get an unfair price for a swap.
KyberSwap DEX exploited for $46 million, TVL tanks 68%
The DEX aggregator has been exploited across multiple blockchains with millions in wrapped Ether and other assets stolen.