#hacker
82 articles found
Latest
Hacker Gummo: “I've always wanted to live a normal life”
Imagine if Frank Abagnale from “Catch Me If You Can” delved into the world of cryptocurrency – you'd end up with a tale similar to hacker Gummo's. This story follows a con artist skilled in breaching anything within his grasp, who has since transitioned into cybersecurity. 
The hacker shared a link for a supposed free NFT giveaway from Consensys, tricking users into connecting their wallets and subsequently stealing all their NFTs. According to ZachXBT, the incident led to losses of over $691,000. Speculations suggest it might be related to a SIM card swap. Shortly after the breach, Buterin's father wrote:
“Disregard this post, apparently Vitalik has been hacked. He is working on restoring access.” 
The FBI has sounded the alarm bells: Lazarus Group and APT38, North Korean hacker collectives, could potentially sell off stolen cryptocurrency amassing $40 million, potentially affecting Bitcoin's valuation.
Through their investigative work, the agency has identified nearly 1580 BTC across six distinct Bitcoin addresses. The stolen assets are reportedly from Alphapo, CoinsPaid, and Atomic Wallet.
In aiding market monitoring, the FBI has disclosed the associated wallet addresses, urging vigilance on any transactions involving them. 
RocketSwap, a DEX on the Base Layer 2 network, suffered a hack, losing 471 ETH ($862,000). The team identified lapses, including offline signatures during launchpad deployment and storing private keys on the server.
While some accused the team of a potential rug pull, RocketSwap blames a third-party hacker who brute-forced a server to extract private keys.
Post-hack, the hacker moved assets to Ethereum, creating a meme token, "LoveRCKT", which saw a brief price surge on Uniswap before plummeting. 
A Twitter user speculates that the Curve founder may be linked to the platform exploit based on a peculiar word choice. The hacker referred to users' reactions to the recent security breach as “ridiculous,” a term frequently used by Michael Egorov.
Additionally, concerns arise over Curve founder’s collateralized loans, with potential liquidation just weeks away.
The coincidence of “ridiculous” being mentioned around 20 times in the tweet makes this theory intriguing.
Furthermore, despite the deadline for fund reimbursement passing last night, the hacker has yet to return all stolen assets from the pools.
Curve Finance is offering a $1.85 million reward for anyone who can unmask the hacker. 
Arkham Intel Exchange has launched a new search, offering 100,000 ARKM to anyone who can provide crucial details about the culprit behind the last year’s exploit.
The FTX hack occurred in November 2022, resulting in an approximate loss of $415 million in cryptocurrency. 
This platform, crafted to stabilize liquidity pools within the Curve DeFi protocol, has fallen victim to a hacker who made off with 1700 ETH, a haul worth $3.2 million.
The culprit leveraged a re-entrancy vulnerability and manipulated a malfunctioning price oracle to achieve this.
The Conic Finance team has disclosed that this particular exploit is solely connected to the ETH Omnipool. 
Approximately $125 million worth of multi-chain assets has been observed flowing out of the cross-chain protocol Multichain into multiple wallets. As a response, the Multichain team has temporarily halted the protocol, without providing a specific timeline for recovery.
Some analysts suggest that the situation may not be a result of a hacker attack. They point out that the asset transfer occurred gradually, with a small test transfer of 2 USDC before the larger outflow. Each asset was transferred to an independent wallet, and no further actions such as swapping or mixing took place. The receiving wallets remain completely clean.
Considering the technical characteristics of Multichain, it is possible that the transferor gained control of private key fragments exceeding the threshold through some means. The investigation into this potential exploit is ongoing. 
Buterin explained that he has successfully recovered control of his T-Mobile account, which the hacker had compromised through this method. The co-founder of Ethereum also shared some valuable lessons gained from his experience: “I had seen the “phone numbers are insecure, don’t authenticate with them” advice before, but did not realize this”. Removing phone numbers from X accounts and having 2FA enabled is a way to protect yourself from SIM-swap attack. 
The Exactly Protocol has suffered a hacking attack. Running on the Optimism blockchain, this lending DeFi platform was targeted by malefactors who stole over 4300 ETH, totaling approximately $7.3 million.
Both BlockSec and Beosin security agencies have corroborated the theft. The hackers reportedly found and exploited a weak point in the platform's smart contracts, although the finer details are still under wraps.
UPD: The team at Exactly Protocol would declare a $700,000 reward for any leads on the hacker, should they not receive a response from the malefactor by the end of August 22nd.
"You can return the funds, minus a 10% fee to you, without worries about us coming after you," the Exactly team conveyed in their message. 
Identifying a crucial flaw in HackenProof's system, the hacker known as blazezaria was rewarded $1 million, with payouts over the course of a year.
He then pledged to allocate 10% from each disbursement to a Ukrainian fund aiding the AFU. The initial contribution of 8290 USDT has been successfully executed. 
“I saw some ridiculous views, so i want to clarify that I’m refunding you not because you can find me, it’s because I don’t want to ruin your project, maybe it’s a lot of money for a lot of people, but not for me, I’m smarter than all of you, fuck!!!”
Was this hack simply for the thrill of causing disorder? Or was there a message he was trying to convey?
Given the thorough preparation that spanned weeks or perhaps even months, it's a thought-provoking consideration. 
Ilya Lichtenstein and Heather Morgan, a husband and wife duo of crypto hackers, have pleaded guilty to federal money laundering conspiracy charges related to the 2016 hack of the cryptocurrency exchange Bitfinex.
Their guilty plea comes after a year and a half since their arrest and charges in February 2022 and seven years after the initial hack.
According to the government’s allegations, Lichtenstein hacked into Bitfinex and stole 119,754 bitcoins, which were valued at $72 million at the time and are now worth approximately $3.5 billion, for his personal benefit. US Files First Criminal Charges Against Smart Contract Hacker
The United States Department of Justice (DoJ) has filed the first criminal charges against Shakeeb Ahmed for an attack on an undisclosed smart contract-controlled decentralized exchange (DEX) platform, potentially Solana-based protocol Crema Finance. 
This decentralized protocol has suffered a loss of nearly $455,000 owing to a flaw in its code. All activities relating to contracts have been put on hold for now.
A blockchain analyst from PeckShield explains this predicament as a result of inadequate input verification within Arcadia's code, a loophole the hacker exploited to drain crypto assets (darcWETH and darcUSDC) in both the Ethereum and Optimism networks. 
Ameen Soleimani, one of the first contributors to the scandalous Tornado Cash crypto mixer, has announced the launch of a new mixing service called Primacy Pools, which is based on the TC code.
Now, every hacker and criminal will have a chance to demonstrate that they are not engaging in any malicious activity (but not for sure). What is clear is that honest users will be able to prove that they have not committed fraud and are therefore legitimately using the privacy-enhancing service.
Predictably, the new service uses zero-knowledge proof, which is the main trend of 2023. It is a protocol that confirms information without disclosing it.
Your move, SEC!