hacks - Pwim.Net

US Intelligence Reveals Extent of North Korea’s “Hidden Cobra” Crypto-Dependent Cyber Crimes

In an effort to combat North Korea’s rampant crypto-dependent and money generating cyber crime campaign, the United States government published a list outlining the sanctioned state’s attacks dating back to 2017—as well as guidance on countermeasures.

The new warning released on April 15 by the US Treasury, Homeland Security, and the FBI advocated that it was imperative to stop North Korea’s illicit cyber activities and subsequent money stream to obstruct the authoritarian regime’s plan to develop weapons of mass destruction.

Per the release, “ The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.”

The countermeasures guidance includes the implementation of a tough anti-money-laundering framework for digital currencies and the expulsion of North Korean IT workers, as well as stern advice to follow best cyber practices, and communicate with law enforcement.

Hidden Cobra

The US government is calling the North Korean cyber crime campaign by the code name “Hidden Cobra” and believes the campaign began as far back as May 2017 with the WannaCry and Malware attacks which infiltrated hundreds of thousands of computers, holding data hostage until a ransom in Bitcoin was paid. These hacks have been attributed to the DPRK by governments around the world, not only the United States.

The US agencies cite evidence that Hidden Cobra’s attackers have grown more sophisticated and diverse in their cyber campaigns with the majority of their plots highly dependent on stealing digital currency.

As stated by the US agencies, “The DPRK also uses cyber capabilities to steal from financial institutions and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent,”—with expectations of international cyber conduct.

North Korea has rebutted the allegations of stealing almost $2 billion dollars in fiat and crypto, by calling the accusations “a sort of a nasty game.”

The Case of Virgil Griffiths

US officials have adopted a zero-tolerance policy towards anyone even appearing to assist the North Korean crypto operations.

Virgil Griffith, the Ethereum research scientist was arrested in Los Angeles last December and charged for allegedly aiding in the circumvention of US Sanctions that have been placed on the Democratic People’s Republic of North Korea.

According to the official complaint, Griffith had explicitly asked and been denied permission to travel to North Korea in order to give the presentation on blockchain technology. Specifically, the charges cited that Griffith had been aiding the development of a crypto exchange between North Korea and South Korea and was fully aware this would violate US and UN sanctions against the DPRK.

Image via Shutterstock

Hackers exploit Raydium protocol, send $2.7 million

Blockchain security company CertiK issued a warning in which it revealed that an exploiter of the Raydium protocol had contributed 1,774.5 ether (ETH) to the mixer.

At the time of this writing, the sum had a value of around $2.7 million.

While security teams from several exchanges continue to battle the attempts of hackers, monies continue to flow to the sanctioned cryptocurrency mixer Tornado Cash. [Cryptocurrency] Back on December 16, 2022, an assault was launched against the decentralised finance (DeFi) system that was based on Solana.

The developers claim that the hackers gained control of the account belonging to the exchange owner and stole the liquidity provider cash, which consisted of a variety of digital assets such as USD Coin (USDC), Wrapped Solana (wSOL), and Raydium (RAY).

Following the first examination, the DeFi protocol came to the conclusion that the attack was the result of a weakness in the smart contracts that were used by the decentralised exchange.

Because of this, administrators were able to withdraw fees from liquidity pools.

Because of the losses, the Raydium team has also presented a strategy to recompense the victims of the attacks. The idea involves utilising the treasury of the decentralised autonomous organisation to acquire missing tokens, which would then be used to refund people who were harmed by the exploit.

Chainalysis, a company that specialises in blockchain research, noted out in a paper that was published on January 9 that despite the fact that the penalties imposed on Tornado Cash had some impact on the mixer, no entity can “draw the plug” as quickly as centralised services.

The fact that its smart contracts may continue to function eternally despite the fact that its website can be taken down emphasises the fact that anybody can continue to utilise it at any point.

Although hackers continue to aggressively shift cash, their efforts may not always result in a successful outcome for them.

Binance and Huobi, two centralised cryptocurrency exchanges, have recently been able to identify and seize assets that were placed by hackers working for Harmony One.

The CEO of Binance, Changpeng Zhao, said that the company’s security team, in collaboration with Huobi’s security team, was able to recover 121 Bitcoin (BTC), which had a value of $2.5 million at the time of the incident.

The Wormhole hack: hacker shifts $155 million

According to transaction data, the hacker who was responsible for the $321 million Wormhole bridge breach has moved a substantial portion of the stolen cash. On January 23, the hacker transferred $155 million worth of Ether (ETH) to a decentralised exchange (DEX).

The Wormhole hack was the third greatest cryptocurrency theft in 2022. This occurred after an issue was discovered on February 2 in the protocol’s token bridge. This attack led to the theft of 120,000 Wrapped ETH (wETH), which had a total value of around $321 million.

According to the transaction history of the alleged wallet address used by the hacker, the most recent activity shows that 95,630 ETH was sent to the OpenOcean DEX and then subsequently converted into ETH-pegged assets such as Lido Finance’s staked ETH (stETH) and wrapped staked ETH. This information was gleaned from the blockchain transaction history of the alleged wallet address used by the hacker.

After doing more research into the transaction history, members of the cryptocurrency community such as Spreekaway discovered that the hacker went on to carry out a number of transactions that seemed to be strange.

For instance, the hacker utilised their holdings of stETH as collateral to borrow 13 million worth of the DAI stablecoin, which they then exchanged for more stETH, wrapped in more stETH, and then used to borrow some more DAI.

Notably, the Wormhole team has taken use of the chance to once again give the hacker a reward of $10 million if they return all of the cash. An encoded message in a transaction communicates this information to the hacker.

According to statistics provided by Dune Analytics, the substantial amount of ETH that was transacted by the hacker seems to have had a direct effect on the price of stETH.

The price of the asset began the day slightly below its peg of 0.9962 ETH on January 23, and it reached a high of 1.0002 ETH the next day before falling back to its previous level of 0.9981 ETH at the time of this writing.

Blockchain security companies such as Ancilia Inc. issued a warning on January 19 that searching the keywords “Wormhole Bridge” in Google currently shows promoted ad websites that are actually phishing operations. This is likely to attract more attention to the Wormhole hack in light of the most recent incident.

The community has been cautioned to use extreme caution on the content of the links they click on in relation to this phrase.

Kevin Rose, co-founder of Moonbirds, falls victim to phishing attack

Kevin Rose, who is also the co-founder of the nonfungible token (NFT) collection Moonbirds, has been a victim of a phishing scam, which has resulted in the loss of nonfungible tokens with a combined value of over $1.1 million that were individually owned by Kevin Rose. Moonbirds was a collection of nonfungible tokens that were named after birds.

On January 25, the news was made to the 1.6 million people who follow the person who created the NFT and a co-founder of PROOF on Twitter. He advised those people to refrain from collecting any Squiggles NFTs until his team was able to have them marked as stolen until his team could do so. Until they could do so, he urged them to wait to acquire any Squiggles NFTs.

Following that, sometime in the neighbourhood of two hours later, he revealed it in a following tweet.

It is believed that Rose’s non-financial assets were depleted when he authorised a bogus signature that transferred a significant amount of his non-financial assets to the exploiter. This theory is based on the fact that Rose may have been the victim of financial exploitation. This was the occurrence that resulted in Rose’s NFTs being used up completely. Because of this, Rose’s natural defence mechanisms (NFTs) were used to their utmost potential.

An independent investigation that was conducted by Arkham discovered that the exploiter stole at least one Autoglyph, which has a floor price of 345 Ether, at least nine OnChainMonkey items, each of which is worth at least 7.2 ether, at least 25 Art Blocks, also known as Chromie Squiggles, which are each worth at least a total of 332.5 ETH, and at least one OnChainMonkey item that is worth at least a total of 332.5 ETH

It is anticipated that a total of at least 684.7 ETH, which is equivalent to around $1.1 million, was successfully obtained.

Azuki's Twitter Account Hacked, Over $750,000 Stolen

A well-known nonfungible token (NFT) project known as Azuki had its Twitter account stolen on January 27. This resulted in the theft of about $750,000 worth of USD Coin (USDC) by the hackers who stole the account. Azuki is an example of a non-fictional character. Hackers were able to steal USDC by tweeting a link to a malicious “wallet drainer” website that disguised as a virtual land mint. This allowed them to access the website and take USDC. Because of this, they were able to take the USDC.

The data also showed that hackers were responsible for the loss of a total of $6,752.62 worth of USDC from a variety of wallets that held more than 3.9 ether and 11 NFTs combined. This amount of USDC was taken from a wallet that housed a total of $6,752.62 in USDC (ETH).

According to estimations provided by Wallet Guard, the total amount of money taken was in the range of $758,074.42 USD.

Emily Rose, who is the community manager for the NFT project, which is based on anime, verified on January 27 that the Azuki account had been hacked. Emily Rose is responsible for managing the NFT community. Twitter was the medium via which Rose communicated her affirmation. In addition, she cautioned Azuki’s followers to avoid clicking on any of the links that were sent to their Twitter account and warned them not to click on any of the links.

After gaining control of Azuki’s Twitter account, con artists were able to “publish a wallet drainer link,” as stated by Azuki’s head of community and product manager, Dem, on a Twitter Space sponsored by Wallet Guard on January 27. Dem was speaking about the incident. Wallet Guard sponsored the Twitter Space. Dem continued to talk about the event in question. Wallet Guard was in charge of maintaining the Twitter Space. Dem claims that the scam artists were successful in carrying out their operation because they were able to “post a wallet drainer link.”

Dem issued a call to action to the community while the organisation was attempting to recover control of the account. In the message, he advised people to “remain cautious and be vigilant” as the group worked to restore control of the account.

The January figures are 92.7% lower than the $121.4 million

During the month of January, there was a sharp drop in losses from exploits compared to the same time period last year. This was more encouraging news for the sector, which came on the heels of the bullish rise that occurred in the cryptocurrency market during the month of January.

PeckShield, a company that specialises in blockchain security, released statistics on January 31 indicating that crypto attacks caused $8.8 million worth of damages in the month of January.

During the course of the month, there were 24 exploits, and a total of $2.6 million worth of cryptocurrency was transmitted to mixers like Tornado Cash. The proportion of assets that were transferred to mixers is as follows: 1,200 Ether (ETH) and about 2,668 BNB (BNB).

The statistics for January are 92.7% lower than the $121.4 million that was lost to exploits during the same month in 2022.

According to PeckShield’s findings, the greatest exploit from the previous month was a Jan. 12 assault on LendHub that resulted in the theft of $6 million from the decentralised finance lending and borrowing platform. This attack accounted for 68% of the overall exploits.

Other major exploits that occurred during the month included an assault on Thoreum Finance that resulted in a loss of $580,000 and an attack on Midas Capital that resulted in a loss of $650,000 via a flash loan scam.

According to PeckShield, the number for January is also down 68% from the amount that was lost due to exploits in the month of December 2022, which was over $27.3 million.

According to DeFiYield’s Rekt database, there was a rug pull on the FCS BNB Chain token that cost $2.6 million but was not included in the data’s tally of losses. According to the data provided by DeFiYield, there was an additional loss of $150,000 due to bogus BONK tokens as well as a loss of $200,000 due to a rug pull on the Doglands Metaverse gaming platform.

On January 4, a phishing attempt was launched against the GMX decentralised trading system, which resulted in at least one victim losing as much as $4 million.

In addition, the company said that the amount of cryptocurrency that was taken in December, $62 million, was the “lowest monthly number” in 2022.

At the conclusion of the previous year, the ten greatest exploits of 2022 had resulted in a staggering $2.1 billion being stolen from various cryptographic algorithms.

Despite the attacker borrowing 100 million BEUR

The blockchain security company CertiK suggests that the amount of harm that was done to the decentralised protocol BonqDAO on February 1 may have been far less than what was previously believed.

According to information provided by CertiK, the attacker started by taking out a loan for 100 million BEUR, which is a euro stablecoin, using less than $1,000 as collateral since there were no limitations on the ratio of collateralization. If users set the parameter to zero, then the platform will provide the “largest value of uint256” as the default action. This will make it possible for an incredible number of loans to be distributed.

However, according to CertiK, the hacker was only able to withdraw approximately one million dollars due to a lack of liquidity on the platform. This is despite the fact that the attacker borrowed a total of one hundred million BEUR (approximately one hundred twenty million dollars at the time of the attack). Earlier reports from blockchain security companies such as PeckSheild suggested that the hack resulted in losses of about 120 million dollars.

The Liquity Protocol was forked into Bonq, and both blockchains employ Troves to represent discrete debt positions. Bonq is a fork of the Liquity Protocol. On the other hand, reports indicate that Bonq has introduced a Community Liquidation Feature, which resulted in the liquidation of 45 Troves that had exposure to BEUR. CertiK reports that the hack also affected Troves, each of which had around 110 million Alliance Block tokens (ALBT). However, none of the Alliance Block smart contracts were compromised during the event, and the team behind the project has promised to distribute replacement tokens through an airdrop as a form of compensation to the holders of tokens who were harmed.

Although it looks that BonqDAO suffered less loss as a result of the occurrences due to a lack of liquidity, other participants were not as fortunate. On October 12, DeFi protocol Mango Markets suffered an initial loss of $116 million as a result of hacker Avraham Eisenberg’s manipulation of the price of the MNGO token price. Eisenberg drove the price up 30 times using huge perpetual future contracts in a short amount of time. Because of the limited liquidity, this was feasible since the amount of initial cash needed to control MNGO was only somewhat significant.

After that, Eisenberg obtained a loan for $116 million using the $423 million of his inflated MNGO holdings as security and stole cash from the platform. He did this simultaneously. On December 28th, Eisenberg was taken into custody in Puerto Rico on suspicion of manipulating the value of commodities and committing commodities fraud.

Web3 Builders Reveals Suite of Tools to Combat DeFi exploits

Users of decentralised finance (DeFi) have expressed a significant amount of anxiety over the system’s vulnerability to exploitation. According to a research published by Privacy Affairs, cybercriminals stole bitcoin worth $4.3 billion between January and November of 2022, representing a 37% rise over the previous year’s total.

The integrity of organisations is harmed as a result of these exploits, and naysayers from outside the cryptocurrency industry are given more ammunition to make their argument against cryptocurrencies. Nevertheless, in an announcement made on February 2 by Web3 Builders, the business disclosed a set of tools that may be used to address this problem.

The first version of TrustCheck was developed as a browser plugin to identify fraudulent Web3-related activities before users continued to engage with them. This new set of tools expands on that by include a transaction checker, website checker, and smart contract checker that are all built using Web3 Builders.

According to Ricky Pellegrini, the Chief Executive Officer of Web3 Builders, now is a crucial time for the industry to demonstrate that it can be trusted.

Scams and fraudulent activity are unfortunately still prevalent in the Web3 domain, which is a sad reality.

According to the statement, the tools do daily vulnerability checks on about 55 million Ethereum smart contracts and scan close to 30 million potentially malicious URLs.

He went on to claim that even in the last month, the suite of tools uncovered dozens of frauds advertised on prominent platforms, marketplaces, and exchanges. He said this was the case even though the most recent month was the most recent month.

Over the course of the last week, there has been an uptick in the number of assaults that have been designed to steal information from millions of users. This covers an incident that occurred on February 1 in which the BonqDAO protocol suffered a loss of 120 million dollars as a result of an oracle compromise.

Azuki’s Twitter account was hacked the week before last, and the thieves made off with $758k in only half an hour. On January 25, criminals gained access to the Twitter account of the financial services platform Robinhood and attempted to spread the word about a fraudulent cryptocurrency.

According to Nicholas Horelik, the technical co-founder and chief blockchain officer at Web3 Builders, having a good grasp of what is going on with your transaction is absolutely necessary for maintaining the security of your assets.

“End users ought to have this capabilities on whichever platform they choose, and companies should be adopting solutions like this to assure the safety of their consumers in Web3,” said one researcher.

The Wormhole hacker shifted $155 million of the total $321 million taken on January 24, which was the largest relocation of stolen assets witnessed in months. The total amount of money stolen was $321 million.

FBI seizes $100,000 in cryptocurrency and NFTs

The Federal Bureau of Investigation (FBI) is said to have taken possession of 86.5 ether (ETH) as well as two nonfungible tokens (NFTs) with a combined value of over $100,000 from a phishing scammer.

The suspected con artist in issue, Chase Senecal, also known as Horror (HZ) online, was originally uncovered as a result of a comprehensive investigation that was conducted by an independent blockchain investigator named ZachXBT and publicised in September 2022.

The formal statement that was sent out by the FBI on February 3 said that Seneca’s property, which included a watch with a value of $41,000 made by Audemars Piguet called a royal oak watch, was “seized for federal forfeiture for violation of federal law.”

Aside from mentioning that all of the property was taken into custody on October 24, 2022, the letter from the FBI did not provide a great lot of more information on the incident. The confiscated non-fungible tokens (NFTs) included Bored Ape Yacht Club#9658 and Doodle #3114, which, at the time of the seizure, had respective values of $95,495 and $9,361.

At the time of the seizure, the value of the 86.5 ETH was determined to be $116,433, but it is now estimated to be $144,000.

At this moment, the exact extent of the legal procedures that have been brought against Senecal cannot be determined due to a lack of clarity. However, a law enforcement advisory published by the FBI states that federal forfeiture is a weapon that gives the government the ability to “remove without recompense for the person ownership of property engaged in a crime.”

According to the Federal Bureau of Investigation (FBI), this kind of thing “may arise in a civil proceeding, such a lawsuit against the item, or after the conviction of a person in a criminal prosecution.”

The on-chain detective ZachXBT revealed on February 3 through Twitter that the property seizure did “occur as a consequence” of his investigation, despite the fact that the FBI has not publicly acknowledged ZachXBT’s contribution to the case in any way.

ZachXBT commented, “I look forward to possibly seeing more phishing fraudsters face a similar fate in the future for injuring so many people in this arena.” “I look forward to seeing more phishing scammers suffer a similar fate in the future.”

People in the community have joked that as a result of the recent seizure of a Bored Ape NFT, the FBI will change its profile image to that of Ape #9658.

During the course of the inquiry, ZachXBT was able to uncover Senecal’s identity and on-chain behaviour with the assistance of many crucial indicators, one of which was the flashy watch.

ZachXBT explained that after seeing HZ brag about the new watch on social media, he asked “around a few mutual friends who sell watches” and eventually managed to get in contact with the person who sold that particular AP watch to Senecal. Zach’s explanation was included in a medium post that was published on September 2, 2022.

Unfortunately for Senecal, the transaction was reported to have been completed on the blockchain using USD Coin as the medium of exchange (USDC).

This is not the first time that research conducted by ZachXBT has been an important factor in assisting governmental officials. In October 2022, the national cyber unit of France acknowledged ZachXBT’s efforts in helping it capture and prosecute a gang of accused fraudsters suspected of stealing $2.5 million worth of NFTs using phishing schemes. ZachXBT was able to assist in the investigation because to information provided by ZachXBT.

Webaverse Co-Founder Reveals $4 Million Crypto Hack

After having a meeting with con artists who pretended to be investors in a hotel lobby in Rome, the co-founder of the Web3 metaverse gaming engine known as “Webaverse” has stated that the company was the victim of a $4 million crypto heist.

According to the co-founder Ahad Shams, the most peculiar feature of the incident is the fact that the cryptocurrency was taken from a Trust Wallet that had just been set up and that the hack took place at some time during the meeting.

He asserts that the burglars had no way of knowing the private key since he was not linked to a public WiFi network at the time and they would not have had access to it.

Shams thinks that the burglars were able to access the wallet while she was photographing the contents of the wallet to record the amount.

The letter, which was published on Twitter on February 7 and comprises testimonies from Webaverse and Shams, explains that they met with a guy called “Mr. Safra” on November 26 after many weeks of negotiations regarding the possibility of receiving funds.

Shams provided the following explanation: “We communicated with ‘Mr. Safra’ by email and video chats, and he stated that he wanted to invest in interesting Web3 startups.”

“He explained that he had been scammed by people in crypto before, and so he collected our IDs for KYC, and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to ‘get comfortable’ with who we were each doing business with,” he added. “He explained that he had been scammed by people in crypto before.”

Even though Shams was initially skeptical, he agreed to meet “Mr. Safra” and his “banker” in person in the lobby of a hotel in Rome. During this meeting, Shams was supposed to show “Mr. Safra” the “proof of funds” for the project, which “Mr. Safra” claimed he needed in order to begin the “paperwork.””

“Despite the fact that we reluctantly agreed to the Trust Wallet ‘evidence,’ we went ahead and set up a brand new account for Trust Wallet at home on a device that we don’t often use when interacting with them. Our logic led us to believe that even if we lost our private keys or seed phrases, the monies would still be secure “explained Shams.

When we first got together, the three of us sat across from each other and put four million USDC into the Trust Wallet. “Mr. Safra” requested to see the current balances on the Trust Wallet app, at which point he pulled out his phone and pretended to “shoot some photographs.”

Shams clarified that he was of the opinion that everything was above board since “Mr. Safra” did not have access to any private keys or seed phrases.

But as “Mr. Safra” left the conference room, ostensibly to confer with his other banking colleagues, he vanished without a trace and was never seen again. Then Shams saw the disappearance of the cash.

“We were never able to locate him again. After a few minutes, the money was gone from the wallet.

Shams reported the theft to a local police station in Rome almost soon after it occurred, and a few days later she sent an Internet Crime Complaint (IC3) form to the Federal Bureau of Investigation in the United States.