Risk Review: Weekly hack update [08/12/2023]

From hacks to the latest security measures, our weekly hack update keeps you in the know on the latest threats in the crypto landscape.

Florence Finance suffers $1.45 million phishing hack

Last week, Florence Finance suffered a potential loss of $1.45 million worth of stablecoin USDC on the RWA lending project. In a well-known phishing technique, the victim's address was poisoned. The attacker sent fake tokens from the victim’s address, and then the victim unknowingly copied the scammer’s address and transferred real tokens to the scammer's address instead of a legitimate one.  

November is the worst month for hacking so far in 2023

In November alone, $363 million had been hacked and stolen across the crypto landscape. Poloniex, HTW/Heco Bridge and KyberSwap took the top three places for the biggest hacks in November. A total of $316.4 million was lost in exploits alone, the biggest threat in 2023.

The largest number of losses, $45.5m was due to flash loan attacks, however, not nearly half as much as the $206.3 million lost in flash loan attacks this March. Exit scams are the third biggest threat and caused $1.1 million worth of hacks this November.

The UK’s FCA has added Poloniex to the warning list

The Financial Conduct Authority has added Poloniex crypto exchange, owned by Justin Sun, on a warning list of non-authorised companies. The warning comes after a $100 million hack in the beginning of November.

The FCA stated on their website “This firm may be promoting financial services or products without permission. You should avoid dealing with this firm.” The FCA has only authorised one entity, PayPal UK, since October and announced there are currently 140 crypto companies on their warning list.

Security vulnerability detected in smart contracts

Thirdweb detects a security vulnerability that may affect different smart contracts across the Web3 landscape. It’s important to note that these vulnerabilities have not yet been exploited so there is still a chance for Web3 firms to avoid an attack. The vulnerability has been found in a frequently used open-source library that could impact specific pre-built smart contracts.

U.S. Take a step to protect national security against illicit crypto activity

The U.S. government wants companies to do more to stop illicit activity using cryptocurrencies. The government have said any crypto companies that do not report and block illicit money transfers will be cut off from the U.S. economy. The announcement comes after ex-Binance CEO, CZ, pleaded guilty to breaking anti-money laundering laws and ignored over 100,000 suspicious transactions.

Get in touch with the team to find out how to protect your assets from theft.