Tag Archives: Security & Ransomware

Neo X employs GoPlus’ USM to improve node security and real-time risk assessment. The partnership enhances blockchain security by combining on-chain firewalls and powerful AI algorithms. GoPlus, a cutting-edge blockchain security startup, has announced a strategic alliance with Neo X, an EVM-compatible sidechain to the established blockchain Neo. This cooperation brings the GoPlus User Security Module (USM) to Neo X, marking a key milestone as the first decentralized network to use this...

The FBI has warned about North Korean hackers targeting employees of cryptocurrency and decentralized finance (DeFi) companies. In a public service announcement (PSA) released on Tuesday, the FBI detailed how these state-sponsored attackers use advanced social engineering tactics to infiltrate organizations and steal cryptocurrency. Recognizing this danger is crucial, as the FBI stated that North Korean actors utilize diverse approaches targeting particular DeFi and cryptocurrency...

Attackers could have minted up to 35 million USDC on the Noble Bridge if Asymmetric Research had not found the flaws. Asymmetric Research, a blockchain cybersecurity firm, helped Circle identify a bug that could have led to massive losses if not addressed. It existed in Circle’s Cross-Chain Transfer Protocol (CCTP) deployed on the Cosmos network, which allows the firm’s USDC stablecoin to be bridged. Specifically, Asymmetric found the vulnerability in the noble-cctp module of the CCTP. “We...

Hacker groups are preventing user access to websites belonging to French authorities to show their support for Pavel Durov. Durov was arrested on August 24 by French authorities. Russian hackers are staging Distributed Denial of Service (DDoS) attacks on the French government’s website in response to the August 24 arrest of Telegram CEO Pavel Durov. He was arrested in France for alleged involvement in money laundering, drug trafficking, and more crimes, but no formal charges have been issued...

Ronin suffered from a $10 million attack on August 6 as an MEV bot withdrew the funds. The individual managing the bot returned those assets to the protocol. Blockchain cybersecurity firm Verichains revealed details about the Ronin chain attack on August 6, causing a loss of about $10 million. While the attack was brought by an MEV (maximum extractable value) bot overseen by a white hat hacker who returned the funds, the incident was highly concerning. The Verichains report mentioned how an...

Cybersecurity researchers have uncovered a malicious package on the Python Package Index (PyPI) that was disguised as a legitimate Solana blockchain library. Instead of performing its claimed function, the package was designed to steal private keys from users’ cryptocurrency wallets. The actual Solana Python API project on GitHub is called “solana-py”, but it is named “solana” on PyPI. A threat actor took advantage of this small difference and uploaded a malicious package called ‘solana-py’...

The increasing phishing attacks in the crypto ecosystem have found their next victim. This time, a governance participant in the MakerDAO ecosystem lost $11 million in Aave Ethereum Maker (aETHMKR) and USDe tokens to an attacker who mercilessly siphoned the funds away from their wallet. They signed multiple transactions on a spoofed application, which was all that was needed for the hacker to make away with the $11 million. About 3,657 aETHMKR tokens got transferred in the process through a...

CertiK, the Web3 cybersecurity firm, has exploited a vulnerability in Kraken’s software to siphon away $3 million. Kraken has accused CertiK of not returning the funds and trying to extort it for unreasonable amounts. On June 9, CertiK siphoned away the $3 million despite making a minute transaction of just $4, which was enough to alert Kraken. So, the exchange felt there was no reason to drain its treasury of the millions. No user funds were affected during this fiasco. Nick Percoco, Chief...

UwU Lend, a crypto lending protocol, was exploited twice within three days as the attacker walked away with about $23.7 million. The first attack came on June 10, with the attacker walking away with $20 million in crypto from the platform. Today’s attack resulted in an additional loss of around $3.7 million. The second exploit was an extension of the first as they still had funds left on the protocol, which they withdrew less than three days after the first incident. Essentially, the...

The wallet behind the $82 million cross-chain bridge exploit committed on Orbit Chain on the last day of 2023 has finally become active after lying still for over five months. The hacker sent $48 million in ETH to TornadoCash on June 8 to obfuscate their fund flows and utilize the value without intelligence firms and authorities tracking them. The funds were transferred to the mixer over eight transactions totaling 12,932 ETH. While original reporting stated they stole about $82 million,...