Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label PeckShield. Show all posts
PeckShield
Bitcoin Bitcoin hacked Chainalysis cryptocurrency cryptocurrency hack Cyber Attacks Lazarus Group PeckShield

DMM Bitcoin Hack: 500 BTC Transfer Linked to $305 Million Theft Raises New Concerns

 

A cryptocurrency address linked to the $305 million DMM Bitcoin hack in May has reportedly transferred 500 Bitcoin, valued at approximately $30.4 million. On August 22, PeckShield Alert reported that the suspect address initially split the funds into two separate addresses, each receiving around 250 BTC. This movement of funds marks a significant development in the aftermath of the DMM Bitcoin hack, which remains one of the most substantial cryptocurrency thefts of 2024. The DMM Bitcoin hack, which occurred in May, resulted in the theft of 4,502.9 BTC, valued at approximately $305 million at the time. 

The current value of the stolen Bitcoin is just over $274 million. In response to the breach, DMM Bitcoin quickly raised $320 million to reimburse affected users, demonstrating the exchange’s commitment to mitigating the impact of the hack on its customers. Blockchain investigator ZachXBT previously attributed the attack to the Lazarus Group, a notorious hacking organization allegedly linked to the Democratic People’s Republic of Korea. The Lazarus Group has been implicated in several high-profile cyberattacks, and its involvement in the DMM Bitcoin hack highlights the growing sophistication of cybercriminals targeting the cryptocurrency industry. 

According to on-chain analysts, the methods used to launder the stolen funds and various off-chain indicators strongly suggest the Lazarus Group’s involvement in the heist. Following the hack, the attackers reportedly split the stolen Bitcoin into smaller batches of 500 BTC and transferred them to new wallets. PeckShield identified that the latest funds moved since the May 31 incident originated from one of these wallets. This strategy of splitting and moving funds is a common tactic among cybercriminals to obfuscate the trail of stolen assets and avoid detection. 

In July, ZachXBT alleged that the attackers transferred approximately $35 million worth of Bitcoin to the Cambodia-based exchange Huione Guarantee. The exchange has faced accusations of facilitating the laundering of funds from various crypto hacks, pig butchering scams, and other illicit activities. The involvement of exchanges like Huione underscores the challenges in tracking and recovering stolen cryptocurrency, as these platforms can serve as intermediaries for converting stolen assets into fiat currency or other cryptocurrencies. 

The DMM Bitcoin hack is a significant addition to the growing list of cryptocurrency thefts in 2024, which had already claimed over $473 million in losses before this incident. The hack is the second largest in Japan’s history, following the 58 billion yen loss suffered by Coincheck in 2018. In the aftermath of the DMM Bitcoin hack, the exchange halted all spot trading on its platform and warned that withdrawals in Japanese yen might take longer than usual, as they implemented measures to prevent further unauthorized outflows. This incident also highlights broader trends in the cryptocurrency industry. 

According to a Chainalysis report, while illegal activity on blockchain networks has decreased by almost 20% year-to-date, malware attacks and stolen funds have surged. Stolen funds inflows doubled to $1.58 billion compared to $857 million last year, and ransomware inflows climbed around 2%, reaching $459.8 million. The DMM Bitcoin hack serves as a stark reminder of the ongoing vulnerabilities in the cryptocurrency sector and the need for enhanced security measures to protect digital assets from increasingly sophisticated cyber threats.
Read more »
Vulnerabilities and Exploits
Binance Coins (BNB) Liquidity Pool PeckShield SafeMoon SafeMoon: WBNB liquidity pool Vulnerabilities and Exploits

SafeMoon: Threat Actors Exploit the “Burn” Bug, Stealing $8.9M From Liquidity Pool


The SafeMoon token liquidity pool lost $8.9 million, after a threat actor took advantage of a recently developed "burn" smart contract function that artificially inflate the token price, enabling the actors to sell SafeMoon at a much higher price. 

SafeMoon confirmed the incident, stating on Twitter that it was working to fix the issue. In another follow up announcement, the company's CEO, John Karony, gave some details on the event, saying that the "DEX is safe" and that it "ultimately affected the SFM:BNB LP pool." 

"We have located the suspected exploit, patched the vulnerability, and are engaging a chain forensics consultant to determine the precise nature and extent of the exploit," reads Karony’s statement. 

"Users should be assured that their tokens remain safe. I want to assure you that the other LP pools on the DEX have not been affected, and nor have any of our upcoming upgrades and releases," the announcement continues. 

Details of the Exploit 

PeckShield, a Blockchain security company has released more details in regard to the vulnerability exploited by the attackers to organize the $9 million heist against SafeMoon. 

According to PeckShield, a new SafeMoon smart contract feature, that burns tokens was recently introduced. Unfortunately, the function was mistakenly implemented for public use with no restriction, enabling anyone to use it however they pleased. 

According to earlier statements by Karony, this approach would only be employed in extreme circumstances, such as when the liquidity pool would be threatened by malicious smart contracts, significant slippage, or other transient losses. 

The threat actor made use of this function to burn huge amounts of SafeMoon tokens, which caused the token's price to skyrocket. 

As soon as the price rose, SafeMoon was sold at the inflated price by a different address, depleting the SafeMoon: WBNB liquidity pool of $8.9 million. Following the attack, the hackers apparently converted SafeMoon to BNB. 

Interestingly, researchers discovered a remark appended to a transaction from the second address, stating they were not the original hackers but “accidentally performed a front run” as the price was artificially inflated as a result of the burn() function exploit. The comment seems like an attempt to establish a communication channel between parties: “Hey relax, we are accidently front-run an attack against you, we would like to return the fund, setup secure communication channel , lets talk.” 

Additionally, the wallet owner has since transferred 4,000 Binance Coins (BNB), which are currently worth $1,261,972.52. Although it could appear to be a gesture of goodwill, researchers reacted to the transfer with skepticism, questioning the validity of the second wallet owner's assertions that he was unrelated to the original exploiter.  

Read more »
Subscribe to: Posts (Atom)