DeFi News Daily Official TheBitTimes.com

Notorious crypto audit firm CertiK’s security ‘researchers’ spent five days gaming Kraken’s systems before alerting the exchange, according to public statements from both companies Facing significant backlash from the crypto security community, CertiK claims to have returned the funds, despite apparently not having been provided with a repayment address. Although both companies have provided detailed statements on their own versions of events, some questions remain on both sides. Kraken’s chief security officer Nick Percoco took to X (formerly Twitter) to describe the highly irregular nature of the disclosure. The initial communication reported having generated a $4 discrepancy , which Percoco says would have been sufficient to qualify for Kraken’s bug bounty program. Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critic...

The Hack er collective responsible for a 2021 attack on one of India’s biggest Crypto exchange s is demanding a ransom of $500,000 for over 1TB of customer data stolen from event ticketing giant Ticketmaster. On Tuesday, the ShinyHunters group posted its ransom demand on cybercrime platform BreachForums. The listing allegedly contains banking information, financial transactions, and personal details of 560 million Australian Ticketmaster users.  ShinyHunters previously hacked Indian crypto exchange BuyUCoin and stole data relating to crypto transactions, banking information, passwords, and personal details from its users. The group has also targeted Pizza Hut and Wattpad. Breaking: #Ticketmaster has allegedly been hacked by ShinyHunters, extracting 560M user details, ticket sales, orders, event info, and card data, per Hackread's @WAK4S. The total data is over 1.3 TB as per the hacker – There is a post about it on the #BreachForums as well. pic.twitter.com/jDmqunvl14 ...

On May 20, 2024, Gala Games, a leading blockchain gaming project, faced a major security breach. An unknown attacker exploited the platform, minting 5 billion GALA tokens worth about $214 million at the time. This event went on to shock the cryptocurrency as well as blockchain gaming communities, revealing the vulnerabilities in decentralized systems. Looking Back at the Exploit Solidity developer 0xquit reported that the attacker used an admin address to mint the tokens. This indicates that the exploit could have been the work of an external hacker or someone with internal access. The attacker had the potential to mint up to 12 billion more tokens. However, their actions were halted when the compromised address was blacklisted. To continue, the attacker would need access to another admin address. A compromised or rogue Gala Games admin address minted 5 Billion $ GALA ($200M) and has been systematically selling the tokens for the past 2 hours. This is why decentralization ...

The liquidity manager app Concentric experienced a significant security breach today on the Arbitrum network. The breach involved a social engineering attack that enabled the unauthorized acquisition of a critical private key. This key belonged to the protocol’s deployment account and was instrumental in the attack. During the incident, the perpetrator managed to manipulate the protocol by upgrading the vaults and creating new liquidity provider (LP) tokens. This series of actions ultimately led to the extraction of assets from the vaults.  Exploiter is now targeting approvals on vaults, please revoke all approvals to these addresses:https://t.co/3vTEWu23BJ https://t.co/KlZo5PqjlI — Concentric.fi (@ConcentricFi) January 22, 2024 The breach was executed by gaining control of an employee’s deployer wallet on Arbitrum. The $1.7 million in stolen funds were converted into Ethereum and dispersed across three wallet addresses. Cybersecurity company Cyvers detec...

Canadian cryptocurrency exchange CatalX halted operations following a suspected insider job that resulted in a “security breach.” CatalX CTS Ltd., the Canadian crypto exchange operator, said in a press release on Dec. 28 that it had suffered a “ security breach” resulting in the loss of crypto assets held on behalf of its clients. The breach, suspected to involve an employee, prompted the company to consent to a cease trade order issued by the Alberta Securities Commission, the exchange said. “Management suspects that this security breach, which may involve an employee, has resulted in the loss of a portion of the crypto assets held by the company on behalf of its clients.” CatalX You might also like: Canadians allocate over $1b in WonderFi’s two crypto exchanges As a response to the incident , CatalX has temporarily halted all crypto and fiat currency withdrawals from its platform, along with a suspension of all trading activities. T...

According to CertiK, the TIME token was exploited recently, resulting in a loss of approximately $188k.  The attack began with the exploiter converting 5 ETH to Wrapped Ether (WETH), and then trading this for over 3.4 billion TIME tokens. CertiK analysts reported that the exploit ’s root cause was the manipulation of the Forwarder contract , which is designed to execute transactions from any address. The attacker crafted a request with a falsified sender address, which they controlled, and a matching signature. This deceptive req passed the Forwarder contract ’s verification process. #CertiKSkynetAlert TIME Token was exploit ed for ~ $188k due to a recently disclosed vulnerability around ERC2771 and Multicall See our in-depth Analysis on the TIME exploit belowhttps://t.co/NF8UPcRPfQ https://t.co/MGDnmFd56d — CertiK Alert (@CertiKAlert) December 8, 2023 The attacker leveraged a parsing error, where the TIME contract was deceived into recognizing an attacker-con...

Blockchain analysts warn of growing cooperation between Russia-based crypto exchanges and North Korea-linked hacking groups. Democratic People’s Republic of Korea hacker groups have been actively using Russia-based exchanges to launder crypto since 2021, as strict international monitoring of North Korea’s on-chain crimes limits the country’s possibilities of an enrichment capability. According to Chainalysis, a blockchain forensics firm, North Korean hacker groups are now “increasing their use of Russia-based exchanges” to launder crypto stolen from centralized exchanges or decentralized finance protocols. You might also like: North Korea linked to latest crypto hacks, surpassing $270m In a blog post on Sept. 14, the New York-based firm wrote that almost $22 million in crypto stolen from Harmony Protocol — a blockchain protocol exploited for roughly 100 million in crypto in Jun. 2022 — was recently transferred to a Russia-based exchange “...