TronWeekly

Crypto World News

You are here: Home / Archives for Crypto hack

Crypto hack

Solana-Based Casino Robbed $2M By Ex-Employee

by

Just a month after its launch, Solana-based gambling platform Pump.fun suffered an exploit worth $2 million from smart contract vulnerabilities. Further investigation unearthed a shocking twist. The attacker has been doxxed and is a former employee who has allegedly abused a position of trust within the organization to embezzle approximately 12.3K SOL. The team assures that they have upgraded the contracts, and the TVL in the protocol remains safe.

The team redeployed the contracts. trading is live again with 0% trading fees for the next 7 days. you can safely create coins, buy and sell them coins that reached 100% between 15:21-17:00 UTC are in limbo, meaning that no one can trade them until LPs are deployed for them on Raydium to make users whole, the team will seed the LPs for each affected coin with an equal or greater amount of SOL liquidity that the coin had at 15:21 UTC within the next 24 hours. thank you to anyone who has lent a hand, and to the best community in the space for trusting us Solana shitcoins are back, and greater than ever

On-chain sleuths detailed the onslaught. The attacker borrowed Solana tokens to buy new tokens for Pump.fun without actually needing them—called flash loans—illegally, obtaining the key to Pump.fun’s service account, thus disrupting the process of listing these tokens on trading platforms. This, in turn, restricted people from trading these new tokens as intended. Additionally, there are rumors that this exploit has cost Pump.fun a huge loss of around $80 million. However, the platform has so far not acknowledged that.

Solana’s Pump.fun Drama Escalates

Solana
Solana-Based Casino Robbed $2M By Ex-Employee 2

On top of this economic exploit, there is also a disgruntled former employee publicly attacking Pump.fun on Twitter. Lookonchain delved further into his post, which read, “The founders withdrew $2 million from the Treasury yesterday. They should be the ones to pay for it.” The amount he was exploited for happened to be around $2 million. It seems to be the reason for the attack, as the investigative platform opined. This attack is a testing time for the Solana ecosystem and Pump.fun as it highlights vulnerabilities in the system, especially in the part of the crypto world focused on fun, meme-based tokens [meme coins].

Tether Takes Swift Action To Freeze Exploiter’s Address In Security Breach

by

Tether, the issuer of the largest stablecoin in the world, has taken a bold step to freeze the address of an exploiter who attempted to steal funds from its users. The blacklisting of the address, identified as 0x65…5c2d, occurred on December 14, according to Paolo Ardoino, the CEO of Tether.

Screenshot 2023 12 15 110337

The blacklisted address holds a significant amount of assets, totaling 44,000 USDT (Tether’s stablecoin), along with STETH and USDC, contributing to a cumulative value of 412,000 USD. Tether’s proactive measures demonstrate a commitment to preserving the integrity and security of its users’ assets.

The exploit and subsequent freezing of the address shed light on the ongoing challenges faced by cryptocurrency platforms in maintaining robust security protocols. Ardoino’s swift action reflects its dedication to promptly addressing security concerns to mitigate potential risks for its users.

As the crypto community navigates a dynamic landscape, incidents like these underscore the critical role of proactive security measures in protecting digital assets. The move not only protects its users but also sets a precedent for other platforms to stay vigilant and take swift action against potential threats.

Tether’s Commitment to Transparency

Ledge­r recently issued an update­ called Ledger Conne­ct Kit version 1.1.8 to fix a security issue. The­ harmful version impacted versions 1.1.5 to 1.1.7. The­ hacker used a fraudulent Walle­tConnect project to redire­ct funds to their wallet.

After receiving a warning, Ledger’s team quickly resolved the problem within 40 minutes. As a result, the malicious file­ was only active for about 5 hours. The timeframe­ for draining funds was even shorter, lasting less than two hours.

Tether’s commitment to transparency and rapid response contributes to the collective effort of building a more secure and resilient crypto ecosystem. The company has been transparent about its audits, reserves, and operations for years and has faced several controversies over its backing assets and legal issues.

However, the company has also been proactive in improving its security practices and preventing future exploits. The firm has implemented various measures such as multi-signature wallets, cold storage wallets, encryption key management systems, anti-money laundering policies, and compliance programs.

Related Reading | Tether Launches New Policy To Boost Stablecoin Security And Adoption

Stars Arena Security Breach: Crypto Vulnerability Exposed

by

In the crypto sphere, Stars Arena stands at the forefront of security concerns in the dynamic landscape of digital platforms and online transactions. In this rapidly evolving environment, ensuring the integrity of these platforms is paramount for businesses and users alike. Despite their robustness, even the most fortified systems encounter challenges daily.

According to a recent report, Stars Arena suffered a major security breach, resulting in a substantial loss of $2.9 million. A thorough investigation revealed that the breach stemmed from a reentrancy vulnerability. PeckShield Inc., a distinguished cybersecurity firm specializing in scrutinizing potential weaknesses in digital platforms, unveiled this crucial finding.

Reentrancy attacks occur when an external contract seizes control of its state, allowing it to make unanticipated calls into the contract before the initial function invocation concludes. In more straightforward language, think of it as a virtual loophole that empowers malicious actors to siphon funds or exploit a system continuously.

Stars Arena Breach And DeFi’s Vulnerability Alert

PeckShield’s exhaustive analysis pinpointed the vulnerability within the Stars Arena Shares contract. This discovery is a testament to the importance of ceaseless vigilance and periodic system updates. It’s a stark reminder that no matter how robust a system appears, it remains susceptible to lurking threats. Timely assessments and proactive measures are the armor against potential financial devastation.

The Stars Arena incident is a compelling reminder of online platforms’ persistent challenges in the crypto landscape. It underscores the critical need for proactive rather than reactive digital security measures and highlights the vital role of vigilant users in ensuring secure platform interactions.

Just a fortnight ago, Linear Finance, a decentralized finance (DeFi) platform rooted in blockchain technology, bore the brunt of a devastating attack that wiped out the entire $LUSD liquidity from prominent exchanges such as PancakeSwap and Ascendex.

The aftermath was nothing short of catastrophic, with the value of $LUSD plummeting to zero, resulting in substantial financial casualties for investors. This unfortunate event, akin to Stars Arena’s breach, spotlights the frailties within the DeFi realm while casting a shadow of doubt upon the cryptocurrency market’s overall reliability.

Axie Infinity Promises to Recover All $600 M of the Lost Funds to Its Users

by

The parent firm of Axie Infinity, which was recently the victim of an unprecedented $600 million crypto-hack, has announced that consumers who lost money in the robbery will be reimbursed.

Sky Mavis’ chief operational officer, Aleksander Leonard Larsen, told Bloomberg, “We are absolutely committed to reimbursing our gamers as quickly as feasible.” “We’re still working on a solution; that’s something we’re talking about right now.”

According to a blog post published Tuesday, a hacker broke into the Ronin Network’s network, stealing 173,600 ether and 25.5 million USDC stablecoins. It affected the Sky Mavis game studio’s Ronin Network validator nodes.

“We’re collaborating with law enforcement, forensic cryptographers, and our investors to ensure that all money is recovered or refunded,” Ronin Network wrote.

Axie Infinity suffered one of the biggest DeFi hacks

“In order to fabricate false withdrawals, the attacker exploited compromised private keys.”

Funds stolen in the crypto hack include “deposits of players and speculators and the Axie Infinity Treasury revenue,” Larsen said. 

The assault took place on March 23, but the corporation just found out about it on Tuesday.

Axie Infinity is still one of the most popular play-to-earn games, and gamers continued to come in on Wednesday after the crypto theft was revealed.

To drain cash in two separate transactions, hackers exploited a weakness in the bridge — a software mechanism for transferring different types of crypto tokens.

“The simplest way to think about it is that the bridge is the Ronin Network’s bank,” Larsen explained.

“The robbery that occurred resulted in the loss of all ETH and USDC. As a result, the ETH/USDC on Ronin Network is temporarily unbacked. However, we are considering alternative solutions.”

Hackers struck Poly Network in August 2021, stealing almost $600 million from the cross-chain protocol, while most of the assets were later restored.

The native cryptocurrency used on the Ronin blockchain, RON, was down roughly 20% following the hack.

The team updated the blog with updates about the current works that they are doing to catch the culprit. They are in close contact with key stakeholders and law enforcement to ensure that the funds will be recovered.