dThe last week has brought another turbulent period in the cryptocurrencies, culminating in negative reports of a hacker attack on a large DeFi bitcoin project and a separate attack on the decentralized stock exchange.
A total of $ 150 million was stolen during the attacks. In both cases, hackers have used a sophisticated approach and technical flaws that have allowed them to transfer huge amounts of money, informs Cointelegraph.
Hackers attacked the big DeFi protocol
The attacker took the biggest catch from the DeFi protocol BadgerDAO, which focuses on the development and creation of bitcoin-oriented projects. According to investigations and data analysts, an outflow of up to $ 120 million in DAO tokens has occurred during the attack.
An investigation into the attack is still ongoing, but the team behind the project has reportedly informed users that the hack could have been caused by inserting a malicious script into the site’s user environment. The Verge. Because of this, the tokens had to be transferred directly to the hacker’s address during the transaction.
One of the investors lost an investment of 906 bitcoins, or about $ 52 million, the security and analysis company said. PeckShield on Twitter. When the BadgerDAO team learned of these fraudulent transactions, they stopped all smart contracts and practically froze the entire platform. At the same time, they advised investors to cancel all open transactions leading to a fraudulent address.
Bitcoins were also asked by Slovaks who watched %$#@. Cryptocurrencies are gaining momentum, they easily deceive you
The company is currently investigating the incident and trying to find out how the hacker managed to access its infrastructure and Cloudflare account via an API key. One of the company’s team members has already confirmed that this was the way the hacker managed to exploit the system’s vulnerability. Many investors have lost their tokens, which are irretrievably gone.
Paradoxically, users of the stock exchange warned of the administrator’s dubious requests via Discord 3 days before the attack was discovered. At that time, however, the administrator considered that it was just a harmless bug in the user interface.
As it turned out later, it was the intentional activity of the attacker, who was already trying to steal the funds of the injured user, who pointed out the problem. The hacker then chose the same tactic in the following days.
They also focused on the decentralized stock exchange
Another negative event of the week was a similar attack, this time on the decentralized MonoX exchange, from which the attacker managed to raise about $ 31 million. The attack took place on November 30, when a mistake in the smart contract allowed a mismatch between asset prices if they were manually changed.
This morning our contract has been exploited. We are sorry to our users who have deposited funds. The team is investigating and will try our very best to get the stolen funds back. We thank our community for your support.
— MonoX (@MonoXFinance) November 30, 2021
In practice, this means that the hacker could manually adjust the price of the Mono token and then buy more assets from the protocol. Just five days before the attack, the token was listed on the Huobi Stock Exchange. According to the server Rekt News the attack was split into two waves, during which nearly $ 20 million in polygon (MATIC) was first stolen, and 17 minutes later the same attack was stolen in ether theft.
He later did the same with MATIC and WETH (wrapped ETH), WBTC (wrapped BTC), LINK, GHST, DUCK, MIM and IMX assets. The MonoX project itself was launched only about a month ago.
The year 2021 was full of hacker attacks
The Poly Network also experienced a massive hacker attack in the summer, whose security the attackers broke and stole hundreds of millions of dollars in cryptocurrencies. Hackers have stolen more than $ 600 million from digital currency. The company called it “the biggest theft in the history of cryptocurrencies.” However, the hackers later returned some of the stolen funds.
Other major attacks were recorded in the spring of this year, when hackers found out, among others, the Colonial Pipeline, which operates a network of pipelines for the transportation of petroleum products in the United States.
The hacking attack took place on May 7 and shut down the pipeline network on the east coast for a week, where the Colonial Pipeline supplies 45 percent of the consumption of aviation gasoline, motor gasoline and heating oil.
According to the DPA, Deputy Secretary of Justice Lisa Monaco said that the FBI secured most of the ransom that Colonial Pipeline paid to hackers. The company itself said it had paid $ 4.4 million in the form of an untraceable cryptocurrency for hackers to regain access to its systems.
TASR materials were used in the article.