Risk Review: Weekly hack update [20/10/2023]
In the ever-evolving landscape of digital security, staying informed about the latest hacks and cyber threats is crucial. This week has been fairly quiet in the threat landscape, however, there have been some more positive movements where funds were returned. We explore the methods employed by cybercriminals and shed light on the measures being taken to mitigate the impact of these hacks.
A new hacking trick is discovered
Cybercriminals have discovered a fresh technique for distributing malware by exploiting BNB Smart Chain (BSC) smart contracts. They hide malicious code inside these contracts.
Researchers from Guardio Labs posted a report on the 15th of October explaining how the technique works and labelled it “EtherHiding.” To carry out this attack, the criminals tamper with WordPress websites by adding code that helps them access harmful data stored within the blockchain contracts. These harmful files are concealed within BSC smart contracts, which function as covert hosting platforms for cybercriminals.
Fantom Foundation victim of $550K hot wallet attack
Fantom Foundation declared a hack on X caused by a vulnerability in the official Fantom Wallet. In their announcement, they stated that 99% of the foundation's funds were still safe but $550,000 was stolen. The attack was against the Fantom Foundation, a developer of the Fantom network, and their wallet users, not the network itself.
Platypus retrieves 90% of their stolen funds
Last week, Platypus protocol was victim to a $2.2 million flash loan attack. The hacker voluntarily returned the funds and as a result, Platypus Finance said it “will guarantee that no legal action will be pursued.” Since the last hack, Platypus has stopped all liquidity pools to conduct a security audit.
Contact a member of the Coincover team to find out how you can protect your assets.