Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label DeFi. Show all posts
zkLend
Cyvers Alerts Data Breach DeFi Digital Assets zkLend

zkLend DeFi Platform Hacked, Loses $9.5 Million

 



A major hacking incident has hit zkLend, a decentralized lending platform that operates on the Starknet blockchain. The attacker managed to steal about $9.5 million worth of cryptocurrency by exploiting a vulnerability in the system.

According to blockchain security company Cyvers, the stolen digital assets were initially moved to the Ethereum network through a bridging mechanism. The hacker then tried to hide the transactions using Railgun, a privacy-focused tool that makes it difficult to trace funds. However, due to Railgun’s internal restrictions, the stolen funds were redirected back to the hacker’s original wallet.

In reaction to the security breach, zkLend temporarily disabled all withdrawals and advised its users to avoid making deposits or repaying loans until the issue was fully investigated. The company is working with law enforcement agencies and cybersecurity experts, including StarkWare, Starknet Foundation, and Binance Security, to track the stolen assets and identify the culprit.

The incident has raised fresh concerns about security vulnerabilities in the decentralized finance (DeFi) sector. Data from DeFiLlama reveals that cybercriminals have already stolen over $110 million from blockchain projects since the beginning of 2024. This attack on zkLend is now considered one of the most significant breaches to affect the Starknet ecosystem.

Efforts to Recover Stolen Funds

To retrieve the lost assets, zkLend has reached out to the hacker via an on-chain message. They have offered the attacker a 10% “white hat” reward, allowing them to keep a portion of the funds if they return the remaining amount. The total sum requested back is around 3,300 ETH, valued at approximately $8.78 million. zkLend has set a strict deadline of February 14, warning that legal action will follow if the assets are not returned.

Preetam Rao, CEO of security firm QuillAudits, pointed out that this is likely the most significant security breach on Starknet in recent years. He commended zkLend for maintaining transparency and offering a bounty to incentivize the hacker to return the funds.

Meir Dolev, Co-founder and CTO of Cyvers, highlighted that the breach exposes major risks in DeFi lending. He noted that the vulnerability lay in zkLend’s smart contract structure rather than in the core cryptographic system of Starknet’s zero-knowledge rollup technology.

Understanding Railgun’s Role in the Attack

Unlike other tools such as Tornado Cash, which mixes funds to hide their source, Railgun is built into DeFi applications, ensuring user privacy while they interact with blockchain networks. The hacker used Railgun to obscure the movement of stolen assets, but due to its built-in policies, the funds were eventually sent back to the original wallet.

What Happens Next?

zkLend has promised to provide a full report detailing how the breach occurred once their investigation is complete. The company is urging its users to remain patient as they work to strengthen security measures and prevent similar attacks in the future.

This hack serves as a reminder of the risks in DeFi platforms. It highlights the importance of continuous security upgrades to protect digital assets from increasingly sophisticated cyber threats.



Read more »
Technology
AI Ecosystem AI Models AI technology AI Tool Computing Data Privacy Data Sets DeFi privacy protection secure computing Technology

The Role of Confidential Computing in AI and Web3

 

 
The rise of artificial intelligence (AI) has amplified the demand for privacy-focused computing technologies, ushering in a transformative era for confidential computing. At the forefront of this movement is the integration of these technologies within the AI and Web3 ecosystems, where maintaining privacy while enabling innovation has become a pressing challenge. A major event in this sphere, the DeCC x Shielding Summit in Bangkok, brought together more than 60 experts to discuss the future of confidential computing.

Pioneering Confidential Computing in Web3

Lisa Loud, Executive Director of the Secret Network Foundation, emphasized in her keynote that Secret Network has been pioneering confidential computing in Web3 since its launch in 2020. According to Loud, the focus now is to mainstream this technology alongside blockchain and decentralized AI, addressing concerns with centralized AI systems and ensuring data privacy.

Yannik Schrade, CEO of Arcium, highlighted the growing necessity for decentralized confidential computing, calling it the “missing link” for distributed systems. He stressed that as AI models play an increasingly central role in decision-making, conducting computations in encrypted environments is no longer optional but essential.

Schrade also noted the potential of confidential computing in improving applications like decentralized finance (DeFi) by integrating robust privacy measures while maintaining accessibility for end users. However, achieving a balance between privacy and scalability remains a significant hurdle. Schrade pointed out that privacy safeguards often compromise user experience, which can hinder broader adoption. He emphasized that for confidential computing to succeed, it must be seamlessly integrated so users remain unaware they are engaging with such technologies.

Shahaf Bar-Geffen, CEO of COTI, underscored the role of federated learning in training AI models on decentralized datasets without exposing raw data. This approach is particularly valuable in sensitive sectors like healthcare and finance, where confidentiality and compliance are critical.

Innovations in Privacy and Scalability

Henry de Valence, founder of Penumbra Labs, discussed the importance of aligning cryptographic systems with user expectations. Drawing parallels with secure messaging apps like Signal, he emphasized that cryptography should function invisibly, enabling users to interact with systems without technical expertise. De Valence stressed that privacy-first infrastructure is vital as AI’s capabilities to analyze and exploit data grow more advanced.

Other leaders in the field, such as Martin Leclerc of iEXEC, highlighted the complexity of achieving privacy, usability, and regulatory compliance. Innovative approaches like zero-knowledge proof technology, as demonstrated by Lasha Antadze of Rarimo, offer promising solutions. Antadze explained how this technology enables users to prove eligibility for actions like voting or purchasing age-restricted goods without exposing personal data, making blockchain interactions more accessible.

Dominik Schmidt, co-founder of Polygon Miden, reflected on lessons from legacy systems like Ethereum to address challenges in privacy and scalability. By leveraging zero-knowledge proofs and collaborating with decentralized storage providers, his team aims to enhance both developer and user experiences.

As confidential computing evolves, it is clear that privacy and usability must go hand in hand to address the needs of an increasingly data-driven world. Through innovation and collaboration, these technologies are set to redefine how privacy is maintained in AI and Web3 applications.

Read more »
web3 technology
Blockchain Blockchain Technology data security DeFi Gaming Community Technology Web3 web3 technology

Hyperscaling and On-Chain Confidentiality: The Cornerstones of Web3’s Future

 

The future of Web3 is being significantly shaped by two critical advancements: hyperscaling and on-chain confidentiality. As blockchain technology continues to evolve, these innovations are poised to address some of the fundamental challenges faced by decentralized systems, paving the way for broader adoption and more robust applications. 

Hyperscaling refers to the capability of blockchain systems to handle a massive number of transactions efficiently and seamlessly. This is crucial for the practicality and usability of decentralized applications (dApps). Without effective hyperscaling, blockchains can become congested, leading to slow transaction speeds and high fees, which are major deterrents for users and developers alike. By improving the scalability of blockchain networks, hyperscaling ensures that dApps can support extensive user bases and complex functionalities, making them more viable for mainstream use. 

On-chain confidentiality, on the other hand, addresses the critical issue of privacy within blockchain transactions. While blockchain technology is inherently transparent, this transparency can be a double-edged sword when it comes to sensitive data. On-chain confidentiality allows transactions to occur in a manner that ensures privacy, protecting sensitive information while maintaining the integrity and security of the blockchain. This is particularly important for sectors such as finance, healthcare, and personal identity management, where the protection of confidential data is paramount. 

The integration of hyperscaling and on-chain confidentiality is not just about overcoming technical hurdles; it’s about transforming the user experience and broadening the scope of what can be achieved with blockchain technology. For instance, in decentralized finance (DeFi), hyperscaling can enable platforms to handle more users and transactions without compromising performance. At the same time, on-chain confidentiality can ensure that users’ financial data remains private and secure, fostering greater trust and adoption. Moreover, these advancements open the door to new and innovative use cases. 

In the gaming industry, for example, hyperscaling can support complex in-game economies and interactions among millions of players. On-chain confidentiality can protect players’ personal data and transaction histories, enhancing the overall gaming experience. Similarly, in supply chain management, these technologies can ensure that data is both scalable and secure, allowing for efficient and transparent tracking of goods without compromising sensitive information. The ongoing development and implementation of hyperscaling and on-chain confidentiality reflect a broader trend towards making blockchain technology more user-friendly and adaptable. These innovations are set to play a crucial role in the next phase of Web3’s evolution, driving greater adoption and enabling more sophisticated applications. 

The future of Web3 looks incredibly promising with the advent of hyperscaling and on-chain confidentiality. These advancements are essential for addressing current limitations and expanding the potential of blockchain technology. By enhancing scalability and ensuring privacy, hyperscaling and on-chain confidentiality will be the cornerstones of Web3’s next evolutionary step, driving innovation, trust, and widespread adoption in the decentralized landscape.
Read more »
TechCrunch
Crypto Hack cryptocurrency Cyber Security DeFi Hackers TechCrunch

Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023


For another year, crypto-stealing cases made headlines. However, as per crypto security firms, this was the first time since 2020, that the trend has been declining. 

Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database. 

The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.

DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”

In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.

Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.

Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.

In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.

It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.  

Read more »
Security Breach
Cryptopolitan Cyber Attacks DeFi DeFi Platforms GitHub hack Security Breach

Hackers Steal Assets Worth $484,000 in Ledger Security Breach


Threat actors responsible for attacking Ledger’s connector library have stolen assets valued at approximately $484,000. This information was given by the blockchain analysis platform Lookonchain. Ledger has said that the security breach might have a large effect, possibly totalling hundreds of thousands of dollars, even if they are yet to confirm the actual valuation. 

Direct Impact of the Hack

According to a report by Cryptopolitan, the breach happened when malicious code was added to Ledger's Github repository for Connect Kit, an essential component that is required by several DeFi protocols in order to communicate with hardware wallets for cryptocurrencies. Every application that used the Connect Kit had issues with its front end due to the malicious code. Notable protocols affected by this security flaw were Sushi, Lido, Metamask, and Coinbase.

In regards to the incident, Ledger informed that one of its employees had fallen victim to a phishing attack, resulting in the unauthorized leak of a compromised version of the Ledger Connect Kit. The leaked code revealed the name and email address of the former employees. It is important to note that the developer was first believed to be behind the exploit by the cryptocurrency community. Ledger subsequently stated, nevertheless, that the incident was the consequence of a former employee falling for a phishing scheme.

Ledger, after acknowledging the incident, identified and removed the exploited version of the software. However, despite the swift response, the damage was already done, since the software was left vulnerable for at least two hours, in the course of which the threat actors had already drained the funds. 

The company acted promptly, identifying and removing the harmful version of the software. However, despite Ledger’s quick response, the damage had already been done in approximately two hours, during which the hackers drained funds.

Broader Implications for the DeFi Community

This incident has raised major concerns regarding the security infrastructure of decentralized applications. DeFi protocols frequently rely on code from multiple software providers, including Ledger, which leaves them vulnerable to multiple potential points of failure.

This incident has further highlighted the significance of boosting security protocols across the DeFi ecosystem.

The victims who were directly affected by the attack included users of services such as revoke.cash. Also, the service normally used in withdrawing permissions from DeFi protocols following security breaches was compromised. Users who were trying to protect their assets were unintentionally sent to a fraudulent token drainer, which increased the extent of the theft.  

Read more »
DeFi
Blockchain cryptocurrency Cyber Attacks CyberCrime Cyberhackers Cybersecurity DeFi

DeFi Concerns Rise as Balancer's Web Front End Battles Ongoing Attack

 


The Peckshield team said that a frontend compromise of the DeFi protocol by Balancer led to the theft of roughly $240,000 in digital assets. This could indicate that the balancer was involved in the hacking of digital assets.

A Balancer spokesperson announced earlier today that the company's front end is currently being attacked and advised users not to interact with the interface until further notice as a precaution. There have been tweets from Balancer that suggest the Balancer URL – or the web address for the Balancer service -- has been victimized by a redirect attack, and users are being sent to a malicious website rather than the Balancer site that they are expected to find. 

By exploiting the trust users place in a website, cybercriminals can launch redirect attacks by inserting malicious code in a website's code or in an email sent by a phishing website to redirect users to a malicious web page. 

According to blockchain security firm Certik, hacks, exploits, and scams have cost over $1 billion in losses across the crypto sector as of early September this year, due to hacks, exploits, and scams across the market. Traders trading cryptocurrencies lost a total of $303 million in June alone, the worst month of the year for losses related to cryptocurrency hacks. 

A crypto sleuth on the chain called ZachXBT verified the amount that was stolen, sharing an image with the address of the unknown attacker. There have been several transactions associated with this address in the past ten hours, which have been classified as scams by ZachXBT. 

Additionally, the wallet's balance currently contains $152,000 in assets, which has been deemed a scam by ZachXBT. Balancer, however, maintains that it is unaffected by the compromise of its smart contract, as it is independent of it. 

During these times, it should be noted that the attack comes less than a month after the DeFi project lost almost $1 million worth of assets after a breach of their V2 pools compromised their assets. To prevent further attacks on the project, it advised the users to withdraw their funds from the affected pools as soon as possible. 

An internet sleuth identified by ZachXBT recently discovered an address associated with an account that may have been compromised may have exposed over $200,000 in digital assets. The wallet currently possesses a balance of just over $100,000, according to Nansen.ai data, with most of the assets being STEETH and DAI, according to the data. 

By data shown on the blockchain, it appears that the person who holds the wallet has transferred some of the proceeds to the Aave network. The balancer is currently the fourth-largest decentralized exchange in terms of total value locked, according to DefiLlama data, with a total value locked worth about $700 million, making it the fourth-largest.  

MistTrack, based on the "relevant intelligence" it has collected, said that the attacker may have links with Russia and that it is investigating the possibility. However, it did not elaborate. In a security advisory released by Balancer about a separate vulnerability in the protocol's pools, which could potentially be exploited by attackers, the company urged the public to withdraw their assets from the protocol. This makes it the fourth-largest decentralized exchange by market cap, according to DefiLlama data, with a total value locked of roughly $700 million.
Read more »
Finance
Blockchain cryptocurrency Cyberscams DeFi Digital WAllets Finance

DeFi Clients Lost $228 Million to Hackers in Past 3 Months


In the recent past, there has been a dramatic rise in the number of cyber incidents, where cyber threat actors have tried to exploit many cryptocurrency projects. It is interesting to note that hackers have significantly targeted DeFi, according to the latest report by the leading bug bounty program – Immunefi.

According to this report, the total hacks across blockchains have increased up to 63%, during the second quarter of 2023 when compared to the activities recorded from the same period last year. While the overall losses went as low as 60%, ImmuneFi notes that the number of hacks has only grown by 65%, with the losses shooting up by 225%.  

According to Immunefi's analysis of the attacks that were launched against DeFi platforms, they lost an overall sum of around $228 million in the second quarter across 79 separate cyber incidents. In comparison, over the course of two instances, centralized platforms lost $37 million. 

The firm’s analysis further concluded that most of the losses in cryptocurrency were a result of two specific incidents – the Atomic Wallet Hack of June 3 and the exit scam by the Fintoch platform, which is no longer in use. 

Atomic Wallet Hack 

The self-custodial wallet – Atomic Wallet – lost a whopping $100 million in crypto allegedly to the North Korea-linked hackers, Lazarus Group. According to the Atomic Wallet team, the threat organization affected “less than 0.1” of its customers, however, they did not make it clear if Lazarus was actually behind the attacks.

Fontoch 

After promising users a 1% daily interest on their investments, FinToch disappeared, losing almost $32 million in user funds in May. The scam, better known by the name ‘rugpull,’ was first discovered by Twitter blockchain sleuth ZackXBT. 

In addition, Immunefi also found that some chains were targeted more than others. The firm found that assaults on Ethereum and BNB Chain accounted for 77% of all losses in the most recent quarter, with Arbitrum coming in second at 12%. Given that Arbitrum had absolutely no issues during the same time period last year, they claimed that attacks on it were noteworthy. However, both Arbitrum and Binance spokespeople denied to comment on the matter.  

Read more »
Security
Application Security Cyber Security DeFi Fintech fintech companies IAM Identity and Access Management Security

FinTech Sector Emerges as a Prominent Target for Cybercriminals


Like every other sector that has evolved, thanks to the innovative digital transformation it has adopted, cybercrime has become a significant challenge in the finances of organizations. As per research by VMware’s Modern Bank Heist, there has been an increase of a whopping 238% in cyberattacks on companies’ financial sectors since the wake of the COVID-19 pandemic. 

A series of cyberattacks witnessed recently on the DeFi platform illustrates how fintech companies have emerged as a prominent target and a big prize to cyber criminals. Particularly when it comes to fintech apps, there is often a huge possibility for profit. Attackers can also do greater damage by going after tech users, who may have adopted comparatively less stringent cybersecurity measures. One malicious software can deprive fintech consumers of their assets and ruin the reputation of the financial organization. 

Considering the seriousness of the constantly evolving threat, fintech companies are now required to reconsider their approach including their identity and access control strategies, in order to ensure sure that their platforms are equally trusted by consumers and businesses. It is crucial to implement the right controls to maintain an organization's security posture as this industry continues to transition to the cloud, but doing so presents a unique set of problems. 

Why Are FinTech Applications Hard to Secure? 

While cloud development has emerged as a breakthrough, garnering the opportunity for new apps to be made possible and existing apps to operate more smoothly than before, it has also rapidly increased the number of potential attack surfaces and created additional opportunities for configuration errors, human mistake, and identity management problems. 

Any form of change makes a company vulnerable at the cloud scale, whether it is upgrading an outdated program to a new and better cloud-based architecture or enhancing current capabilities. Due to the fact that an infrastructure's attack surface now expands and is dynamic in the cloud, this can further increase the explosion radius of a single attack. 

Fintech applications must also adhere to strict regularity standards that differ from country to country and frequently incur heavy fines for noncompliance. 

Since operating in the financial sector requires a greater standard of accountability towards clients and the entire sector, which can be a challenging task, organizations must assure visibility, dependability, and proper configuration as a result of fintech. 

Fintech companies need to maintain a tight grasp on security and privacy from the very beginning of growth, especially as third-party services continue to expand, in order to remain competitive in this extremely crowded market. 

How can FinTech Sector be Secured? 

Since fintech organizations are more dependent on vendors and other partners like manufacturers, suppliers, and subcontractors and an increasingly complex supply chain. This further could be a reason for the system being exposed to potential attackers. 

Companies frequently lack visibility into their third- and fourth-party partners, and consequently, the large amount of data that is available to them. Interoperability is crucial in today's software-centric world, but it frequently makes firms even more vulnerable to attackers. 

Fintech developers are thus advised to continuously be vigilant for potential problems with the software supply chain and the security risks that third-party services may pose to their companies. 

We are listing more measures that could be adopted by fintech organizations to safeguard themselves from potential cyber-attacks that could hinder their security: 

  • Companies must be aware of the entities that have access to their data and applications, along with their location and what they do with it. It will be crucial to integrate identity and access management (IAM) systems as dangers inside fintech continue to develop significantly.
  • An organization must have the appropriate technology and tactics in place to safeguard and comply with industry regulations as well as to consistently protect its sensitive data, especially in the cloud. IAM systems, for instance, offer businesses protection without impeding progress or burdening their teams with the extra workload. 
Unfortunately, the security risks offered by financially motivated cybercriminals will only get more advanced over time. The fintech sector must adopt a proactive security posture and a strong identity and access management strategy that can handle the complexity and scope of today's cloud security concerns in order to meet the pressure to protect sensitive client data.   

Read more »
Subscribe to: Posts (Atom)