Estimated losses last week total $8,428,033
SlowMist released its security report for last week (December 10-16, 2023), with an estimated total loss of $8,428,033. Key events:
Nirvana Finance hacker pleads guilty, agrees to compensate victims
The Southern District of New York's prosecutor's office announced on Thursday that Shakeeb Ahmed, a 34-year-old senior security engineer, admitted to attacking the Nirvana Finance protocol and another unnamed decentralized cryptocurrency exchange. Shakeeb Ahmed agreed to surrender the $12.3 million he gained from the two hacks and will compensate the victims a total of $5 million.
Hackers Steal $484,000 from DeFi Protocols After Exploiting Ledger's Connect Kit Library
Hackers stole $484,000 by inserting malicious code into the Github library for Connect Kit, a widely-used piece of blockchain software maintained by crypto wallet firm Ledger. Several major DeFi protocols that use the library have been impacted, and users have been warned to avoid using dApps until the protocols are updated. Ledger has confirmed that an employee was targeted in a phishing attack, after which the attacker published a malicious version of the Ledger Connect Kit. To completely mitigate the risk, every protocol using Ledger's Connect Kit must manually update their version of the library.
OKX DEX is suspected to have been hacked and the proxy address has been removed
On December 13th, according to Twitter user @eno_eth, community member @axe_ping claimed that wallet funds were stolen and a large amount of funds were transferred to a hacker address starting with 0x1f14. All stolen wallets were authorized by OKX DEX, and 1 hour ago OKX removed the proxy address that was attacked by the hacker. Currently, SlowMist team is tracking and analyzing the situation.
Crypto hacking losses estimated at $1.7 billion so far this year
Blockchain analysis company TRM Labs estimates that cryptocurrency hacks have caused losses of up to $1.7 billion so far this year. With improved security measures and increased law enforcement efforts this year, losses from cryptocurrency hacks have decreased significantly from last year's $4 billion. TRM Labs stated that the top ten hacker attacks this year accounted for 70% of the total thefts.
47 security breaches recorded in November, with total estimated losses of $349 million
According to the November security report released by SlowMist, a large number of security vulnerabilities appeared in the blockchain field in November 2023. A total of 47 different events were recorded, causing an estimated huge loss of about 349 million US dollars. In November, the losses caused by only the Poloniex and Heco Bridge events reached 243 million US dollars, accounting for 69% of the total losses in November's security events. There were 24 Rug Pull events, accounting for 51% of the total number of security events. Users should fully understand the project background and team before participating and choose investments carefully. Two events involving liquidity attacks caused the project operators a loss of about 54.99 million US dollars.
Phalcon: Suspicious transactions for unknown BSC projects detected, resulting in over $500,000 in losses
Phalcon posted on X platform that the system detected suspicious transactions targeting unknown projects on BSC, resulting in losses of over $500,000. Due to unverified contracts, it is suspected that this may be due to potential flaws in the reward calculation logic. Contract 0x431abb seems to distribute FCN token rewards to users, which are calculated based on the reserve amount of the FCN-BSC-USD currency pair. The attacker first pledged some tokens, then borrowed BSC-USD from this currency pair, and finally received the reward in the flash loan callback. Due to the decrease in the amount of BSC-USD in this currency pair, 0x431abb miscalculated the reward, resulting in the distribution of too many FCN tokens to the attacker.
Lazarus Group, North Korea-Linked Hackers, Steal $3 Billion in Cryptocurrency Over Six Years
According to a report by cybersecurity firm Recorded Future, the Lazarus Group, a North Korea-linked hacker organization, has stolen $3 billion in cryptocurrency over the past six years. The report also reveals that in 2022 alone, the group stole $1.7 billion in cryptocurrency, likely to fund North Korean projects. Out of this total, $1.1 billion was stolen from decentralized finance (DeFi) platforms, according to blockchain data analysis firm Chainalysis. The U.S. Treasury Department has introduced new sanctions against North Korea's cyber activities, adding 'Sinbad' to the Office of Foreign Assets Control's specially designated sanctions list, who has been implicated in laundering the cryptocurrencies stolen by the Lazarus Group.
DefiLlama: November hacker losses totaled nearly $330 million, the highest of the year
According to the statistical chart released by DefiLlama on X platform, in the past 10 days, hacker attacks have caused nearly $200 million in losses, making the total losses in November reach $329.8 million, making it the month with the most severe impact in 2023.
HTX suffers $13.6M loss in HECO Chain bridge exploit, promises full compensation
HTX, previously known as Huobi Global, has reportedly suffered a loss of $13.6 million due to an exploit on the HECO Chain bridge. The loss is said to have resulted from three compromised hot wallets, with users and exchange assets swapped for Ether and distributed to various Ethereum addresses. The attack drained 1,240 Ether, 7.3 million Tether, 1.78 million USD Coin, and 62,200 Chainlink, among other coins and tokens. HTX's de-facto owner, Justin Sun, has stated that the exchange will fully compensate for the losses, and deposits and withdrawals have been temporarily suspended.
