The Beanstalk attacker managed to get away with $80 million in illicit crypto funds, though the DeFi platform is looking at a total $182 million loss due to remediation and a sharp value drop that sent the token from $1 to 11 cents in value overnight.
A new study from Chainalysis finds that crypto crimes are proving more lucrative than ever for organized criminal gangs, but that illicit activity overall only saw a slight raise from its record low levels in 2021.
The Chinese hackers are distributing backdoored Web3 wallets, primarily targeting searches for Coinbase Wallet, imToken, MetaMask and Token Pocket, and are focused on both iOS and Android users.
The crypto world has been anticipating the approval of Bitcoin ETFs by the SEC. A group of hackers touched off premature celebration on Tuesday when they gained control of the SEC's X account, using the unauthorized access to post a fake approval message.
New report from Elliptic finds a major spike in cross-chain crypto laundering to $7 billion in the past year. North Korea's state-backed Lazarus group is a major driver, responsible for about 13% ($900 million) alone.
A strong recovery and resilience strategy will ensure that crypto and DeFi firms are able to rebound from cyber attacks with minimal disruptions to their operations, mitigating losses for their investors and users.
DeFi projects continue to be a popular target of attack for advanced hackers, as a number of finance pools associated with Curve were hit on July 31 for a total loss of about $61 million. The attack appears to have been the result of a vulnerability found in certain versions of the Vyper programming language.
The attack on the OpenSea NFT marketplace does not appear to be a code issue or vulnerability, the phishing attacks apparently involved unknown threat actors approaching individual users and tricking them into signing a malicious payload.
The Inferno Drainer malware that plagued the crypto world throughout 2023 ultimately compromised about 130,000 victims and stole about $87 million in total, according to a new report from Group-IB. It was part of a broader movement of "crypto drainer" services that some security experts believe is poised to become the next big thing in cybercrime in 2024.
Tornado Cash said that the OFAC sanctioned address that was being used to process the $625 million stolen from NFT game Axie Infinity's Ronin bridge had already been blocked.