Risk Review: Weekly hack update [17/11/2023]

Our hack update serves as a guide for ensuring you stay in the know of the most recent developments in the ever-evolving realm of crypto protection. From hot wallet attacks to $2.1 billion in crypto wallets being at risk, this hack update digests it all. So what's happened?

Poloniex exchange victim to a hot wallet attack of $114 million

Poloniex, a long-running crypto exchange, fell victim to an attack on one of its hot wallets with hackers taking about $114 million. A few wallets on multiple blockchains have been targeted. The attacker sent the crypto to an Ethereum wallet, within 357 transactions. The hacker then bought $20 million worth of tron (TRX), bumping the price by over 25%. Justin Sun, an investor of Poloniex, has offered 5% white hat bounty to the hacker. Sun also posted on X, formerly known as Twitter, that they had frozen some of the assets linked to the hacker's address. He also reassured customers of the exchange saying, “At present, the losses are within manageable limits, and Poloniex’s operating revenue can cover these losses”.

Mango Market’s exploiter’s trial pushed to April

Mango Market’s was exploited for $116 million, and the culprit, Avraham Eisenberg, was meant to appear in court in December 2023. However, the lawyers representing him managed to convince the judge and push back the fraud trial to April 2024 saying that the extra time was necessary to ensure a fair trial as the case “involves complex and novel legal and factual issues.”

Mango markets is a protocol on the Solana network. The protocol was allegedly attacked by Avraham at the start of October 2022 by manipulating the MNGO token by taking out big loans with massively overvalued MNGO collateral.

Almost $2.1 billion in old crypto wallets at risk

A cybersecurity company has flagged a threat that could impact billions worth of crypto. The firm found some issues within some of their wallets whilst they were recovering a Bitcoin wallet. The issue has the potential to affect millions of wallets as well as $2.1 billion worth of cryptocurrencies. The company flagged wallets from Dogecoin, Litecoin and Zcash as containing possible vulnerabilities that could be exploited.

Hacker drains $27 million from wallet linked to Binance’s deployer address

Last weekend, a crypto wallet had $27 million worth of tether (USDT) stolen. The wallet has been inactive since December 2020 and Binance has not denied or confirmed the attack. The hacker converted the coins to ether (ETH) soon after and then it was sent to various low liquidity, noncustodial exchanges such as FixedFloat and ChangeNow using THORChain bridge. The Binance deployer wallet that is normally used to create smart contract has not been used since the end of 2020.