exploit

HTX and Poloniex assets are '100% safe', says Justin Sun after $200M hack

Cryptocurrency tycoon Justin Sun has said assets held on HTX and Poloniex are "100% safe" following last month's hack in which more than $200 million was siphoned from both exchanges.

Both exchanges have opened withdrawals for certain assets, although several altcoins remain blocked. Bitcoin (BTC) and Tron (TRX) are the two digital assets that could retire; This led to both tokens trading at a premium on Poloniex over the past few weeks, meaning users would have to take a haircut of up to 10% to liquidate their asset and withdraw another.

The withdrawal freeze came after hackers stole $114 million from Poloniex hot wallets on November 10; This was followed by the theft of $97 million from HTX and the Heco Chain blockchain protocol. “At this time, Poloniex and HTX have recovered from the attack and we are resuming tokens one by one,” investor Justin Sun told CoinDesk. at Poloniex and HTX advisor. “I think for HTX, we have already recovered 95% in terms of assets worth dollars. At Poloniex, we have recovered around 85% in terms of dollar asset value.”

“And also note that since we have already covered all token losses on the platform, on HTX and Poloniex, 100% of the assets are 100% safe,” Sun added. “Although in terms of the exchanges themselves, we basically need to make those profits in the future. But for clients’ assets, it is 100% safe.”

An HTX spokesperson told CoinDesk: “The recent exit represents a small fraction of our total reserves, and HTX remains in stable and healthy operation.”
#HTXExchange #PoloniexHack #hackers #exploit #BTC

During tough market situations, especially the rising competition between perp decentralized exchanges, $GMX is still the safest option to trade perp in decentralized and secure manner with organic trading volumes and risk managed liquidity pools.

Also, it's one of the most profitable protocols with high cash flow and real yield to their token holders.

With upcoming multichain and $BTC L2 expansion aligned with a huge Arbitrum market share and $SOL new platform, GMX will be the king of perp dexs.

#StaySafeInTheCryptoWorld
#InvestSmart
#TradeWisely

#HackerAlert
#exploit

🛑🛑Breaking news: Exploit alert

Radiant Capital exploited, resulting in a loss of 💲4.4 million, 1902 $ETH ETH.

$RDNT #Scam #exploit #RadiantCapital

⚡️ KyberSwap exchange losses $47M in possible liquidity providers exploit

KyberSwap appears to have suffered a $47M exploit of its Elastic Pools liquidity solution. The funds included $20.7M on Arbitrum, $15M on Optimism, $7M on Ethereum, $3M on Polygon, and $2M on Base. A large portion of the funds are denominated in various forms of ether, such as wrapped tokens and liquid staking tokens.

$KNC #KNC #KyberSwap #exploit $MATIC $ARB #ARB #MATIC🔥🔥

North Korea was responsible for more than $600 million in cryptocurrency thefts last year

US national security officials have expressed concern over North Korea's use of stolen cryptocurrencies to develop nuclear weapons.

North Korea-affiliated hackers were involved in a third of all cryptocurrency exploits and thefts last year, making off with some $600 million in funds, according to a report from TRM Labs.

The sum brings the Democratic People's Republic of Korea's (DPRK) total crypto project haul to nearly $3 billion over the past six years, the blockchain analytics firm said on Friday.

Still, the figure is about 30% lower than in 2022, TRM head of legal and government affairs Ari Redbord said. That year, DPRK-affiliated actors made off with around $850 million, "a large chunk" of which came from the Ronin Bridge exploit, Redbord told CoinDesk in an interview. In 2023, most of the stolen funds were stolen in recent months; TRM attributed around $200 million in stolen funds to North Korea in August 2023.

“They are clearly attacking the crypto ecosystem at unprecedented speed and scale and continue to take advantage of some sort of weak cyber controls,” he said.

Many of the attacks continue to use so-called social engineering, which allows perpetrators to acquire private keys for projects, he said.

Overall, the amount stolen in hacks in 2023 was about half that of the previous year: $1.7 billion compared to $4 billion.
Redbord attributed the decline to several factors.

There were fewer major attacks like the 2022 Ronin theft and other factors include successful law enforcement actions, better cybersecurity controls and, to some extent, price volatility over the past year.
#HackerAlert #hackers #BTC #exploit #Hacker

🚨🕵️🚨#NOW🚨🕵️🚨

Sushi CTO Matthew Lilley reports that "damage appears to be limited across the board thanks to a bit of luck and coincidence in discovering it early."

At the same time, he pointed out that "sushicom is safe."

It warns that it advises against "using other dApps until the teams have confirmed that the same is true for theirs."
#exploit #Ledger #sushi #HackerAlert #hackers

📌Be careful when using #Ledger

A bookstore that is used by many #DApps which is maintained by Ledger, has been compromised and a "wallet drain" has been placed.

Users are being asked not to interact with any dapp frontend for now.

How does it work?
If you visit a dapp website, #exploit will not be activated immediately to steal your funds. What happens is that messages will appear from the browser's wallet, such as Metamask, that if you give permission, your assets will be handed over to malicious actors.

Ledger is currently aware of this exploit and they are working on it until they can find a solution. Caution is requested for the moment.

✏️Do you want to continue learning about the crypto world?
Share and follow me for more 👈😎

⚡️ Top 10 Crypto Protocols Exploits in November

During November 2023, the crypto industry saw a loss of $343M across the web3 ecosystem. According to Immunefi's report, $335.5M was lost to hacks across 18 specific incidents, and $7.46M was lost to fraud across 23 specific incidents. Let's analyze the largest losses of the month!

#exploit #hack #hacks $KNC $HT $DYDX $RAFT $XCN #dydx #KNC

$USDC Why businesses choose USDC
USDC works seamlessly across applications and platforms around the globe, using blockchain 
infrastructure that’s faster, less expensive, and more customizable than legacy rails. #$USDC #TrendingTopic #earnpoints #exploit #USDC✅

The #Bedrock liquid restaking protocol has suffered an #exploit resulting in a $2 million loss. The exploit was discovered in the protocol's smart contract code, leading to unauthorized withdrawals.
The Bedrock team is currently investigating the situation and has taken steps to prevent further losses by pausing the protocol.
#Binance #restaking #TrendingTopic

🚨Just in: The #BingX exchange has been hacked, and over 💲26 million in 360 altcoins have been stolen.

➡️The attackers then converted the stolen assets into $ETH and $BNB

#Crypto #exploit #ethereum

#Bitfinex has fallen prey to a deposit #exploit, resulting in losses of approximately 8.5 #BTC. This exploit involves consolidating tiny inputs into high-priority withdrawal transactions, with fees far exceeding their value. Notably, these inputs originate from commitment transactions for Atomicals' "infinity" token mints, using a proof-of-work scheme. Users, finding it impractical to construct transactions themselves due to increasing difficulty, use services like #WizzWallet for mining, paying a small fee per token. To bypass uneconomical fees, they send worthless outputs to Bitfinex, benefiting from its free #bitcoin deposits. This tactic has cost Bitfinex around 9.13 BTC in consolidation fees, highlighting the vulnerability of custodial services to such exploits.

Via @Michaeltalkhere ($BPET dev team lead ) on X regarding the #PvP contract #exploit

As announced, I would like to disclose the details of the exploit and how did we get the money back.
Firsly, the reason of the exploit was there was a bug in ‘request swap from #POTION to #BPET ’ functionality that makes the exploiter be able to withdraw excessive amounts of $BPET tokens from the PvP contract after staking their own tokens.
Below are some noticeable withdrawing transactions the exploiter made.
(https://arbiscan.io/tx/0x058b8808e721f68c01c62ad70687f38f39d749bfc9d0e8f6be839c3af603dec6)
(https://arbiscan.io/tx/0x1ad1f7536e2d91cc5aeef6e29f948ee73fa760a482b0455ca78adade83c4ef53)
(https://arbiscan.io/tx/0x500713e7c025d5ab71e2446069a46a60009ef8060d2537bc4b29296c6f76f9d7)

Right after becoming fully aware of the exploit, we did 2 things

- Checked out to see if the exploiter’s addresses can be mapped with any Twitter profiles of any xPet users (and we found the user mapping with one of the exploiter addresses)

- Reached out to all partners in our network who can pour in the helps. They were explorer sites, centralized exchanges, privacy mixers, offramp tools, and security firms.

To be specific, #Etherscan team helped us to tag all 4 addresses related to the exploiter on Ethereum on Arbiscan as ‘xPet exploiter’. Thanks for that, the exploiter addresses were visibly exposed to and closely-watched by the public. All the centralized exchange, privacy mixer, and offramp tool teams helped to take close notice In case any of the exploiting address would have interactions with centralized exchange Hot wallets, privacy mixer contracts, or offramp tool depositing addresses. The security firms has helped us follow all, even smallest, onchain traces from the exploiter

In short, we had the combined efforts from multiple parties to closely monitoring the exploiter's movements and ensure that exploiter doesn’t have any chance to get the stolen funds mixed or obscured.

Join us to win 🦸🥳😱.!!

اضغططط هنا ( TOB )

#PiCoreTeam #Binance #PİNetwork
$BTC #exploit
$ETH
$SOL

🚨🕵️🚨#NOW🚨🕵️🚨

Ledger exploit drained $484,000 and put DeFi in check; a former employee linked to malicious code

The CEO of security company Blockaid told CoinDesk that users remain at risk.

Hackers stole $484,000 on Thursday after inserting malicious code into the Github library for Connect Kit, a widely used blockchain software maintained by crypto wallet company Ledger. Several major decentralized finance (DeFi) protocols using the library have been affected and users have been warned to avoid using decentralized applications (dApps) entirely until these protocols are updated.

Ledger's Connect Kit is a snippet of code that allows DeFi protocols to connect to crypto hardware wallets. The exploit potentially affects the interface of all protocols that use Connect Kit, which includes companies like Sushi, Lido, Metamask, and Coinbase.

In an X post on Thursday addressing the incident, Ledger confirmed that an employee had been the target of a "phishing attack," after which the attacker "posted a malicious version of the Ledger Connect Kit."

A Ledger spokesperson told CoinDesk that it had “identified and removed a malicious version of the Ledger Connect Kit,” and the company said in its X post that “the window where funds were drained was limited to a period of less than two hours.” ".
#Ledger #exploit #HackerAlert #hackers #Hacker

Via #AnciliaAlerts on X, @rugged_dot_art has identified a re-entrancy #vulnerability in a smart contract with address 0x9733303117504c146a4e22261f2685ddb79780ef, allowing an attacker to #exploit it and gain 11 #ETH . The attack transaction can be traced on #Etherscan at https://etherscan.io/tx/0x5a63da39b5b83fccdd825fed0226f330f802e995b8e49e19fbdd246876c67e1f. Despite reaching out to the owner three days ago, there has been no response.
The vulnerability resides in the targetedPurchase() function, where a user can input arbitrary swapParams, including commands to 4. This triggers the UNIVERSAL_ROUTER.execute() function, and as per Uniswap Technical Reference, command 4 corresponds to SWEEP, invoking the sweep() function. This function sends ETH back to the user's contract, leading to a re-entrancy issue.
Within targetedPurchase(), a balance check is performed before and after calling _executeSwap(). Due to the re-entrancy problem, a user can stake tokens (e.g., from a flashloan) to satisfy the balance check, ensuring a successful purchase action where tokens are transferred to the user. The urgency of the situation is underscored by the ongoing waiting period for the owner's response, emphasizing the need for prompt attention to mitigate potential exploitation.

Attacker Mint 1 Billion CGT Governance Tokens in Exploit Within Curio Ecosystem

Curio, a project that aims to help companies unlock liquidity from their real-world assets, has suffered a $16 million attack on its ecosystem.

According to the web3 detection and prevention project Cyvers on
The attacker in question currently holds these CGT tokens, which are worth almost $40 million, Cyvers Alerts noted.

The notification follows a post from the Curio Ecosystem account on X on Saturday alerting the community about the smart contract exploit.

He explained that a MakerDAO-based smart contract used within the ecosystem was exploited on the Ethereum side. "We are actively addressing the situation and will keep you informed. Please be assured that all Polkadot and Curio Chain contracts remain secure."

"This only affected a portion of our ecosystem, highlighting the importance of multi-chain infrastructure," added account X. He said a recovery plan will be published shortly.
#exploit #HotTrends #CGT #Curio #hackers

🚨 BREAKING: The game on the #BLAST platform, #SSSHQ experienced an #exploit through a token contract bug, enabling users to double their own balances!

Blockchain detective ZachXBT has been named a custodian of Munchables' multisig wallet, enhancing security following a $63 million exploit. Discover how this GameFi platform is bolstering defenses.

https://btc-pulse.com/zachxbt-appointed-recovered-hacked-security-overhaul/

#zachxbt #wallet #exploit #Gamefi