Security News
"The wormhole network was exploited for 120k wETH," the DeFi biz said via Twitter on Wednesday. Those organizations behind Wormhole said they would add more ETH in the hours to come to ensure wETH is backed with ETH. And on Thursday, as if by magic, Wormhole proclaimed, "All funds have been restored and Wormhole is back up."
Wormhole - a web-based blockchain "Bridge" that enables users to convert cryptocurrencies - said on Thursday that "All funds are safe" after attackers abused a vulnerability to shake it down for 120,000 Ethereum. The popular bridge, which connects Ethereum, the Solana blockchain and more, has reportedly been trying to negotiate on-chain with the attacker since Wednesday's attack.
Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $320 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains.
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. Mars Stealer is an information-stealing malware that steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.
Another week, another crypto upstart admitting its lax security has been exploited and parties unknown have made off with millions. The crypto concern is Qubit Finance - an outfit that offers decentralized lending and borrowing and operates under the motto "Lend to ascend - Borrow for tomorrow."
Another week, another big economy restricting cryptocurrency. In the tweet below, Wimboh Santoso, commissioner of Indonesia's financial services authority the Otoritas Jasa Keuangan, states that the agency has prohibited financial service institutions from using, marketing, and/or facilitating crypto asset trading.
Ozzy Osbourne and his famously enterprising wife and manager Sharon decided to launch a new non-fungible token collection called CryptoBatz, but the rollout was clouded by scammers who used an abandoned vanity Discord URL to drain users' crypto wallets out of at least $150,000 worth of Ethereum. A tweak to the CryptoBatz vanity URL by the company behind the project, Sutter Systems, mistakenly left the old URL active, along with old tweets referencing the abandoned URL. Soon scammers set up a dummy Discord server with the old URL and started targeting users and draining their crypto wallets, according to Malwarebytes Labs.
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement.
Details of how the crooks pulled off the attack aren't given in the report, which says simply that "Transactions were being approved without the 2FA authentication control being inputted by the user." What the report doesn't explain, or even mention, is whether 2FA codes were entered by someone - albeit not by customers themselves - in order to authorise the fraudulent withdrawals, or whether the 2FA part of the authentication process was somehow bypassed entirely.
In spite of customers having reported losses over the weekend, Crypto.com's Thursday statement said that the heist happened on Monday at about 12:46 a.m. UTC. That's when the exchange's risk monitoring systems picked up on unauthorized transactions coming out of 483 accounts and being approved without users' 2FA authentication. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.