Risk Review: Weekly Hack Update [13/10/2023]

In the ever-evolving landscape of digital security, staying informed about the latest hacks and cyber threats is crucial. In this update, we delve into recent incidents that have sent shockwaves through the cybersecurity community. We explore the methods employed by cybercriminals and shed light on the measures being taken to mitigate the impact of these hacks. 

$120 million moved by FTX hacker during SBF trial

As the Sam Bankman-Fried trial continues, the unknown hackers from the ex-exchange FTX have been moving large sums of the stolen assets. The hacker has converted  $120 million of ETH into Bitcoin through an exchange called THORSwap since 30^th September and continued to send some Bitcoin to a cryptocurrency mixer called Sinbad. 

Whilst the identity of the hacker is still unknown, a blockchain analytics firm, Elliptic, argued three possible groups were behind the attack: FTX itself, North Korea’s Lazarus Group or Russia-linked criminal groups.

HTX retrieves $8 million of stolen funds

In the last week of September, Huobi Global’s crypto exchange HTX was victim to an attack on one of their hot wallets in the last week of September. The attack stole 5,000 ETH, equating to around $8 million during the time of the attack. The exchange reached out to the hacker, offering a deal on the condition of returning 95% of the stolen funds. In return, HTX would not take legal action and give a 5% reward worth $400,000.

The exchange announced on social media platform, X, formerly known as Twitter, that the hacker had accepted the deal and the funds had been returned.

Stars Arena victim to a reentrancy hack

Hackers exploited a reentrancy vulnerability in Stars Arena’s smart contract. Approximately $2.9 million worth of $AVAX was stolen from the protocol. Stars Arena is a social media protocol which became popular soon after its launch in September. On the platform, users can sell tickets to private chat rooms and can link their Twitter account to the platform. Since the launch of the Stars Arena, the popularity of the platform has also boosted interest in the AVAX platform to a value of $10.08 from $9.21.

A reentrancy hack can occur when a hacker can use a loophole in a smart contract to continuously withdraw from it.

Platypus victim to another $2.2 million flash loan attack

Platypus, a decentralized platform, fell victim to not one but three attacks just hours apart. Starting on the 12th of October, an attacker stole $1.2 million worth of assets followed by a further $575,000 loss just hours after. A third and final attack happened only minutes after with an additional $450,000 worth of assets lost. 

It’s been reported that the attack was a flash loan exploit whereby a vulnerability in the smart contract allows hackers to borrow crypto without providing all the necessary collateral. However, this is not the first time Platypus has been victim to a flash loan exploit this year, in February 2023 $8.5 million was stolen from the platform.

Contact a member of the Coincover team to find out how you can protect your assets.