Risk Review: Weekly Hack Update [10/11/2023]
In the dynamic world of crypto threats, this week is no exception, from lost keys to compromises in private key security and vulnerabilities. Our hack update serves as a guide for ensuring you stay in the know of the most recent developments in the ever-evolving realm of crypto protection.
Onyx Protocol hit with a $2.1m flash loan attack
A hacker took advantage of a known vulnerability in the protocol’s network. The vulnerability had also been exploited before in projects similar to Onyx. The vulnerability that hackers exploited was a rounding error where you can take advantage of empty markets. The possibility of a programming error and a lack of community involvement on the protocol made
Hot wallet hack costs CoinSpot over $2m
Australia’s biggest crypto exchange CoinSpot was attacked via one of their hot wallets because of a private key compromise. In an announcement on blockchain sleuth ZachXBT’s telegram channel, two transactions were recorded entering the hacker's wallet which were then transferred to four different addresses using ThorChain and Wan Bridge to the Bitcoin network.
$470m roams the crypto-verse as LHV Bank founder loses his private key
Imagine being a crypto millionaire without being able to access your millions. LHV Bank’s founder, Rain Lõhmus, bought the initial coin offering of Ethereum, now worth $470 million. However, he has lost his private keys and therefore has no access to his wallet. Director of Coinbase, Conor Grogan revealed the whale wallet holding $470 million worth of ETH in February. He noted how the coins have not been touched since the birth of ETH. In a report from ERR, Lõhmus said he has made no effort to recover his wallet, but he knows it’s there. He also said that he is willing to split the funds with someone who can recover his funds.
SafeMoon sheds light on recent exploits after SEC charges them
SafeMoon, a decentralised finance project, faces an investigation by the SEC for security rule violations and fraud. Despite an $8.9 million loss in a March exploit, the project is actively addressing issues. The exploit revealed a vulnerability in SafeMoon's smart contract, prompting suspicions of insider involvement. Capital from the breach is traced through exchanges, with potential relevance for law enforcement. The attacker initially claimed accidental exploitation and intended to return 80% of the funds. Ongoing investigations and SafeMoon's commitment to resolution add complexity to the situation.