Cybercrime

Hundred Finance loses $7 million in Optimism hack

The attacker reportedly manipulated the exchange rate between ERC-20 tokens and hTOKENS to steal over $7 million from the protocol.

Multichain lending protocol Hundred Finance has experienced a significant security breach on the Ethereum layer-2 blockchain Optimism. The protocol tweeted that the losses sit at $7.4 million.

Hundred Finance announced the exploit on April 15, saying it had contacted the hacker and was working with various security teams on the incident. Although the protocol didn’t reveal how the attack was executed, blockchain security firm CertiK said it was a flash loan attack:

Flash loan attacks involve a hacker borrowing a large amount of funds via a type of uncollateralized loan from a lending protocol. The hacker then uses these funds to manipulate the price of an asset on a decentralized finance (DeFi) platform. 

In Hundred’s case, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, allowing them to withdraw more tokens than originally deposited, according to Certik. The blockchain security firm continued:

“The exchange rate formula was manipulated through Cash value. Cash is the amount of WBTC that the hBTC contract has. The attacker manipulated it by donating large amounts of WBTC to the hToken contract so that the exchange rate goes up.”

Certik says that large loans were taken out under the manipulated exchange rate. Hundred Finance was preparing a postmortem report on the incident.

This attack comes almost nearly 12 months after Hundred was exposed to another exploit on the Gnosis Chain. At that time, the hacker drained all of the protocol’s liquidity through a reentrancy attack, taking over $6 million. In the same exploit, the hacker also stole funds from the Agave protocol.

Since last year, a number of perpetrators have used flash loan attacks to target DeFi protocols. Recent cases include attacks against Euler Finance ($196 million) and Mango Markets ($46 million). Eulerwhile ’s hacker returned most of the funds, Mango’s thief has been arrested by United States authorities.

Magazine: Should crypto projects ever negotiate with hackers? Probably

MetaMask third-party provider was hacked, exposing email addresses

The incident affected users who submitted a MetaMask customer service ticket between August 1, 2021 and February 10, 2023.

The email addresses of some MetaMask users may have been exposed to a malicious party due to a recently discovered cyber-security incident. According to parent company ConsenSys, the incident affected users who submitted a customer support ticket to MetaMask between August 1, 2021 and February 10, 2023.

According to the April 14 blog post, unauthorized actors gained access to a third party’s computer system that was used to process customer service requests, potentially allowing them to view customer support tickets submitted by MetaMask users.

These tickets did not ask for information other than what was necessary to help the user, including email address to facilitate replies. However, they did include a “free text-field,” which some users may have used to submit personally identifying information. This may have included “economic or financial information, name, surname, date of birth, phone number, and postal address,” the post stated.

Consensys emphasized that it does not ask for personally identifying information in customer conversations, but some may have provided it anyway.

The company estimates that the breach may have affected up to 7,000 MetaMask users who submitted customer support tickets.

In response to this incident, hardware wallet provider Keystone warned MetaMask users that some might receive more phishing emails due to the incident since the attacker may use this swiped email database to look for potential victims.

Phishing is a scam that tricks a user into providing sensitive information to an attacker. It is often performed by sending an email to the victim that appears to be from a trusted party or someone the victim knows.

Related: MetaMask launches new fiat purchase function for cryptocurrency

Consensys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should be unaffected by the incident. They have also contacted the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom to report the breach. In addition, the company’s third-party customer service provider is working with a cyber-security and forensics team to perform a more detailed investigation of the incident.

MetaMask came under fire from privacy advocates in late 2022 when it revealed that it sometimes logged users’ IP addresses. However, it updated its app in March to give users more control over which providers could obtain this information.

MetaMask third-party provider hacked, exposing email addresses

The incident affected users who submitted a MetaMask customer service ticket between August 1, 2021 and February 10, 2023.

The email addresses of some MetaMask users may have been exposed to a malicious party due to a recently discovered cybersecurity incident. According to parent company ConsenSys, the incident affected users who submitted a customer support ticket to MetaMask between August 1, 2021 and February 10, 2023.

According to the April 14 blog post, unauthorized actors gained access to a third party’s computer system that was used to process customer service requests, potentially allowing them to view customer support tickets submitted by MetaMask users.

These tickets did not ask for information other than what was necessary to help the user, including an email address to facilitate replies. However, they did include a “free text-field,” which some users may have used to submit personally identifying information. This may have included “economic or financial information, name, surname, date of birth, phone number, and postal address,” the post stated.

ConsenSys emphasized that it does not ask for personally identifying information in customer conversations, but some may have provided it anyway.

The company estimates that the breach may have affected up to 7,000 MetaMask users who submitted customer support tickets.

In response to this incident, hardware wallet provider Keystone warned MetaMask users that some might receive more phishing emails due to the incident since the attacker may use this swiped email database to look for potential victims.

Phishing is a scam that tricks a user into providing sensitive information to an attacker. It is often performed by sending an email to the victim that appears to be from a trusted party or someone the victim knows.

Related: MetaMask launches new fiat purchase function for cryptocurrency

ConsenSys said it had taken steps to eliminate unauthorized access in the future. As a result, tickets submitted after February 10 should be unaffected by the incident. The company also contacted the Data Protection Commission of Ireland and the Information Commissioner’s Office of the United Kingdom to report the breach. In addition, the company’s third-party customer service provider is working with a cybersecurity and forensics team to perform a more detailed investigation of the incident.

MetaMask came under fire from privacy advocates in late 2022 when it revealed that it sometimes logged users’ IP addresses. However, it updated its app in March to give users more control over which providers could obtain this information.

Platypus reveals compensation plan for users’ funds after attack

DeFi protocol Platypus seeks to return nearly 78% of the main pool funds by reminting frozen stablecoins.

Decentralized finance (DeFi) protocol Platypus has disclosed the details of a recent $9.1 million exploit, alongside its efforts to recover the funds and a compensation plan for victims.

In a Medium post on Feb. 23, the company revealed that a logic error in the USP solvency check mechanism within the collateral-holding contract was responsible for the three separate attacks carried out by the same exploiter. The stableswap operations have not been affected, said Platypus.

Several stablecoins and other assets were stolen in the attacks. Approximately $8.5 million in assets were stolen in the first attack. In the second incident, roughly 380,000 assets were mistakenly sent to the Aave v3 contract. The third attack resulted in the theft of approximately $287,000 in assets.

Platypus’ recovery plan will see the return of at least 63% of the main pool funds. Following the attack, nearly 35.4% of the funds remained in the pool, and 2.4 million USD Coin (USDC), or 17.7% of pre-attack assets, had been recovered. Another 1.4 million (10.4% of pre-attack assets) in the treasury will also be used to compensate LP’s losses within six months if the stolen funds are not recovered. The company stated:

“We are currently discussing with various parties to help recreate stablecoins that were trapped in the attack contract. Once any stablecoins are retrieved, we will distribute the reminted tokens to LPs on a pro-rata basis.”

Platypus is also working with the Aave protocol to recover locked assets worth around $380,000. A proposal seeking to retrieve the funds will be voted on on Aave’s governance forum. “Once the proposal is approved, we will partner with the Aave team to create a recovery contract that will transfer the exploited funds from the Aave pool to Platypus’ contract.” The company also noted:

“If our proposal submitted to Aave is approved and Tether confirms reminting the frozen USDT, we will be able to recover approximately 78% of user’s funds.”

Blockchain security firm CertiK first reported the flash loan attack on the platform through a tweet on Feb.16. Flash loan attacks violate the smart contract security of a platform to borrow large amounts of money without collateral. The attack resulted in the depegged of the Platypus USD (USP) stablecoin from the U.S. dollar, dropping to nearly $0.32 at the time of writing, according to CoinGecko. 

Interpol wants to police metaverse crimes, reveals secretary general

According to Stock, criminals have started targeting users on platforms similar to the metaverse, adding that “we need to sufficiently respond to that.”

The International Criminal Police Organization (ICPO), or Interpol, is investigating how it could police crimes in the metaverse. However, a top Interpol executive believes there are issues with defining a metaverse crime.

According to BBC, Interpol Secretary General Jurgen Stock revealed the agency’s intent to oversee criminal activities on the metaverse. Stock highlighted the ability of “sophisticated and professional” criminals to adapt to new technological tools for committing crimes.

The move to police the metaverse comes nearly four months after Interpol launched its own metaverse in October 2022 at the 90th Interpol General Assembly in New Delhi, India.

The official Interpol office in the metaverse. Source: Interpol

During the launch, the announcement read:

“As the number of metaverse users grows and the technology further develops, the list of possible crimes will only expand to potentially include crimes against children, data theft, money laundering, financial fraud, counterfeiting, ransomware, phishing, and sexual assault and harassment.”

According to Stock, criminals have started targeting users on platforms similar to the metaverse, adding that “we need to sufficiently respond to that.” However, the organization faces issues with defining a metaverse crime. Madan Oberoi, Interpol’s executive director of technology and innovation, stated:

“There are crimes where I don’t know whether it can still be called a crime or not. If you look at the definitions of these crimes in physical space, and you try to apply it in the metaverse, there is a difficulty.”

Moreover, he revealed that Interpol is also challenged with raising awareness about possible metaverse crimes.

Related: The world must take a ‘collective action’ approach to regulations — India’s finance minister

In parallel to launching into the metaverse in October 2022, the organization created a dedicated unit to fight crypto crimes.

The initiatives followed Interpol’s “red notice” to global law enforcement in September for the arrest of Terraform Labs co-founder Do Kwon.

Illicit crypto transactions reached all-time highs in 2022: Report

The abnormal number of illicit transactions is caused by the equally record-breaking scale of international sanctions.

2022 set the record in illicit on-chain transactions, setting aside the criminal investigations of failed crypto businesses like FTX, Celsius, Three Arrows Capital, Terraform Labs and others. According to a Jan. 12 report from Chainalysis, the total cryptocurrency value received by illicit addresses reached $20.1 billion last year.

The numbers aren’t final, as the measure of illicit transaction volume grows over time as the analysts identify new addresses associated with criminal activity. Moreover, it doesn’t include proceeds from non-crypto native crimes like drug trafficking and the funds on the balance of the above-mentioned failed companies, which are now under investigation in various jurisdictions around the globe.

At this point, the total value of $20.1 billion slightly exceeds the same measure in 2021 ($18 billion) by 10%. However, it still represents an all-time record and significantly (by 60%) transcends the 2020 marker, which stands at $8 billion.

Such numbers can be explained by the fact that 44% of 2022’s illicit transactions account for sanctioned entities: Last year, the United States Office of Foreign Assets Control (OFAC) launched some of its “most ambitious and difficult-to-enforce” crypto sanctions. Sanctions-related transaction volumes rose so drastically that they couldn’t even be included on the graphs due to scale issues. Chainalysis evaluates this growth at the 10% million mark.

Related: Sanctions couldn’t ‘pull the plug’ on Tornado Cash: Chainalysis

The report cites an example of crypto exchange Garantex. The Russian platform continued to operate while being listed on the OFAC sanctions register in April, and it hosted the majority of sanctions-related transaction volume in 2022.

Cast your vote now!

As Eric Jardine, cybercrimes research lead at Chainalysis, explained to Cointelegraph that the report counts wallets as “illicit” when they are part of a known illicit entity, such as a darknet market or sanctioned platform. Personal or unhosted wallets may be tagged as illicit if they are holding funds stolen in a hack. However:

“If a personal/unhosted wallet sent money to Tornado Cash after its designation, that wallet would not be tagged as illicit for that activity, but the transaction volume would be considered ‘illicit’ because it involves funds received by an illicit entity.”

In early January, the United Kingdom’s National Cyber Crime Unit launched a cryptocurrency unit to investigate U.K. cyber incidents involving the use of cryptocurrencies. This move aims to increase enforcement focus on crypto assets in the country amid the government’s call to eliminate “dirty money” in the country.

UK looks for a crypto crime fighter with a $50K salary

The United Kingdom’s top crime agency is looking to hire a crypto investigator with experience of identifying and recovering seed phrases.

The United Kingdom’s National Crime Agency (NCA) is taking measures to increase its focus on cryptocurrency crimes and combat criminals.

NCA’s cyber-focused command, the National Cyber Crime Unit (NCCU), is launching a dedicated cryptocurrency unit to investigate U.K. cyber incidents involving the use of cryptocurrencies like Bitcoin (BTC).

Called “NCCU Crypto Cell,” the crypto-focused unit will initially contain five officers dedicated to “proactive cryptocurrency remit.”

“This is a really exciting opportunity which involves working in a team at the forefront of protecting the U.K. from cyber crime,” NCA infrastructure investigations director Chris Lewis-Evans told Cointelegraph. He added:

“Cryptocurrency and virtual assets are widely viewed as specialist areas of knowledge, and this role is key to supporting NCA investigations in which these are used to enable serious criminality.”

As part of the project, NCA is seeking to hire a cryptocurrency investigator with good knowledge of crypto and strong experience in conducting blockchain forensic investigations on serious and organized crime.

NCA’s upcoming crypto crime fighter will be required to provide strategic and tactical advice to investigators in dealing with cases involving crypto, supporting both existing and new investigations. The position requires experience in identifying and recovering seed phrases alongside advanced tracing through blockchains.

The position offers an annual salary between 40,200 British pounds ($48,200) and 43,705 pounds ($52,400). Candidates are invited to apply before Jan. 10, 2023.

Related: US Feds put together ‘FTX task force’ to trace stolen user funds

NCA’s move aims to increase regulatory focus on crypto assets in the U.K. amid the government’s call to eliminate “dirty money” in the country. In September 2022, the U.K. government introduced a bill aiming to crack down on money laundering and fraud, particularly through expanding authorities’ ability to seize crypto used for illicit purposes.

According to National Police Chiefs’ Council detective chief superintendent Andy Gould, all police forces in the U.K. had all officers trained for investigations involving the seizure of and enforcement of crypto as of October 2022.

UK looks for a crypto crime fighter willing to accept a $50K salary

The United Kingdom’s top crime agency is looking to hire a crypto investigator with experience of identifying and recovering seed phrases.

The United Kingdom’s National Crime Agency (NCA) is taking measures to increase its focus on cryptocurrency crimes and combat criminals.

NCA’s cyber-focused command, the National Cyber Crime Unit (NCCU), is launching a dedicated cryptocurrency unit to investigate U.K. cyber incidents involving the use of cryptocurrencies like Bitcoin (BTC).

Called “NCCU Crypto Cell,” the crypto-focused unit will initially contain five officers dedicated to “proactive cryptocurrency remit.”

“This is a really exciting opportunity which involves working in a team at the forefront of protecting the U.K. from cyber crime,” NCA infrastructure investigations director Chris Lewis-Evans told Cointelegraph. He added:

“Cryptocurrency and virtual assets are widely viewed as specialist areas of knowledge, and this role is key to supporting NCA investigations in which these are used to enable serious criminality.”

As part of the project, NCA is seeking to hire a cryptocurrency investigator with good knowledge of crypto and strong experience in conducting blockchain forensic investigations on serious and organized crime.

NCA’s upcoming crypto crime fighter will be required to provide strategic and tactical advice to investigators in dealing with cases involving crypto, supporting both existing and new investigations. The position requires experience in identifying and recovering seed phrases alongside advanced tracing through blockchains.

The position offers an annual salary between 40,200 British pounds ($48,200) and 43,705 pounds ($52,400). Candidates are invited to apply before Jan. 10.

Related: US Feds put together ‘FTX task force’ to trace stolen user funds

NCA’s move aims to increase regulatory focus on crypto assets in the U.K. amid the government’s call to eliminate “dirty money” in the country. In September, the U.K. government introduced a bill aiming to crack down on money laundering and fraud, particularly through expanding authorities’ ability to seize crypto used for illicit purposes.

According to National Police Chiefs’ Council detective chief superintendent Andy Gould, all police forces in the U.K. had their officers trained for investigations involving the seizure of and enforcement of crypto as of October.

Metaverse exploitation and abuse to rise in 2023: Kaspersky

Cybercriminals will flock to the metaverse next year to prey on unsuspecting virtual world participants, according to a report by cybersecurity firm Kaspersky.

Malware, ransomware attacks and phishing are not the only scourges of the crypto industry, as the Metaverse could become a big target next year, according to cybersecurity experts.

In its “Consumer cyberthreats: predictions for 2023” report on Nov. 28, cybersecurity firm Kaspersky forewarned that there will be greater exploitation of the metaverse due to lacking data protection and moderation rules.

Kaspersky acknowledged there are currently only a handful of metaverse platforms, but the number of metaverses is set to expand in the coming years and the market could even top $50 billion by 2026. That expansion will entice cyber criminals to the ecosystem seeking to exploit unwitting virtual world participants:

“As the metaverse experience is universal and does not obey regional data protection laws, such as GDPR, this might create complex conflicts between the requirements of the regulations regarding data breach notification.”

Social media is already a hotbed of data breach activity, so it stands to reason that the metaverse will be an extension of this. As reported by Cointelegraph earlier this year, Social media was responsible for more than $1 billion in crypto scam-related losses in 2021.

Kaspersky also predicted that virtual abuse and sexual assault will spill over into Metaverse ecosystems. It mentioned cases of “avatar rape and abuse,” adding that without protection mechanisms or moderation rules, “this scary trend is likely to follow us into 2023.”

Meta, the firm formerly known as Facebook, has already received a lot of pushback over its metaverse ambitions due to the lack of user protection and privacy concerns on its social media platform.

The report predicted that in-game virtual currencies and valuable items will be one of the “prime goals” among cybercriminals who will seek to hijack player accounts or trick them into fraudulent deals to fork over valuable virtual assets. Most modern games have introduced some form of monetization or digital currency support, which will become a honeypot for malicious actors.

Related: The Metaverse is a new frontier for earning passive income

Kaspersky noted that new forms of social media will also bring more risks. It specifically mentioned a shift to augmented reality-based social media, adding that cybercriminals can start “distributing fake trojanized applications” to infect devices for further malicious purposes.

Threats to new AR-based social media and metaverse platforms are primarily data and money theft, phishing and account hacking, the report concluded.

Cybercrooks to ditch BTC as regulation and tracking improves: Kaspersky

The cybersecurity firm predicted that crypto-related cybercrime won’t slow down in 2023, but it will move on from Bitcoin as a source of payment.

Bitcoin (BTC) is forecasted to be a less enticing payment choice by cybercriminals as regulations and tracking technologies improve, thwarting their ability to safely move funds.

Cybersecurity firm Kaspersky in a Nov. 22 report noted that ransomware negotiations and payments would rely less on Bitcoin as a transfer of value as an increase in digital asset regulations and tracking technologies will force cybercriminals to rotate away from Bitcoin and into other methods.

As reported by Cointelegraph, ransomware payments using crypto topped $600 million in 2021, and some of the biggest heists, such as the Colonial Pipeline attack, demanded BTC as a ransom.

Kaspersky also noted that crypto scams have increased along with the greater adoption of digital assets. However, it said that people have become more aware of crypto and are less likely to fall for primitive scams such as Elon Musk-deepfake videos promising huge crypto returns.

It predicted malicious actors will continue trying to steal funds through fake initial token offerings and nonfungible tokens (NFTs), and crypto-based theft such as smart contract exploits will become more advanced and widespread.

2022 has largely been a year of bridge exploits with more than $2.5 billion already pilfered from them as reported by Cointelegraph.

The report also noted that malware loaders will become hot property on hacker forums as they are harder to detect. Kaspersky predicted that ransomware attackers may shift from destructive financial activity to more politically-based demands.

Related: Hackers keeping stolen crypto: What is the long-term solution?

Back to the present, the report noted an exponential rise in 2021 and 2022 of “infostealers” — malicious programs that gather information such as logins.

Cryptojacking and phishing attacks have also increased in 2022 as cybercriminals employ social engineering to lure their victims.

Cryptojacking involves injecting malware into a system to steal or mine digital assets. Phishing is a technique using targeted emails or messages to lure a victim into revealing personal information or clicking a malicious link.