Risk Review: Weekly hack update [24/11/2023]

The crypto landscape has witnessed a busy week of hacks, with private key compromises being the cause of many. Our weekly hack update keeps you in the know on the latest threats in the crypto landscape.

Kronos Research pauses trading for $25 million API key hack investigation

Quantitative trading firm, Kronos Research has temporarily halted its trading services due to a security breach. A hacker managed to access compromised API keys, resulting in the theft of over 12,800 ETH, equivalent to $25 million. Kronos Research has initiated internal investigations to identify the attacker. Although, the firm acknowledges the incident, it states that the potential losses represent an insignificant portion of its overall equity.

Poloniex continues withdrawals following $100 million hack and identity is confirmed

Crypto exchange Poloniex, suffered a big hack on November 10^th worth $100 million. Shortly after the hack happened, Poloniex quickly disabled the wallet which had its private keys compromised. They’re getting ready to resume withdrawals after almost completing restoration efforts after the hack. However, the evaluation process will be ongoing following the completion of their audit. The hacker’s identity has also been confirmed as Poloniex makes a final $10 million bounty offer in exchange for returning the funds.

Compromised private keys cost Heco Bridge $86.6 million

Heco Bridge, set up by the HTX exchange, was drained of $86.6 million. The funds were sent to other exchanges straight after the attack and sold for other tokens. Head of Research at Wintermute, Igor Igamberdiev, estimated an additional exploit following the one on Heco Bridge. Igamberdiev said $23.4 million in suspicious transactions followed similar patterns to the Heco Bridge exploit. Following this, HTX started sending funds to a recovery wallet from a hot wallet. 

Following the attack, security firm PeckShield analysed the movement of funds and suggested that the bridge is compromised, and the exploit is still happening. Justin Sun, founder of Tron said that HTX will fully compensate users who suffered losses during the attack and that once the investigation of the attack is complete, the bridge’s services can continue.

KyberSwap Elastic prompts users to withdraw funds after $46 million hack

KyberSwap exchange fell victim to a well-executed smart contract exploit, resulting in the unauthorized access and manipulation of approximately $46 million worth of various crypto assets. The attacker skillfully used the concentrated liquidity feature within the exchange to deceive the system and portray that it had more money than it actually.

The liquidity feature lets liquidity providers set price limits for buying or selling crypto. The attack involved multiple exploits on different pools, each following a similar pattern. On Ethereum, the ETH/wstETH pool, the attacker borrowed 10,000 wstETH (valued at $23 million) from Aave, a flash loan platform. Subsequently, the attacker dumped $6.7 million worth of these tokens into the pool, causing a significant price drop to 0.0000152 ETH per 1 wstETH. This resulted in no liquidity providers willing to trade at that price, theoretically reducing liquidity to zero. The attacker continued to repeat these exploits in multiple other KyberSwap pools.

Get in touch with the team to find out how to protect your assets from theft.