Privacy protocol Railgun denies claims of North Korean hackers or sanctioned individuals using the platform, despite earlier claims from the FBI.
The assertions were initially fueled by a January 2023 statement from the FBI, which implicated North Korea’s Lazarus group in laundering over $60 million in Ethereum through Railgun. The funds were reportedly stolen in a June 2022 cyber attack.
Following the U.S. sanctions on popular crypto mixer Tornado Cash, there were speculations that Railgun was becoming a preferred alternative for such operations.
In a recent statement, Railgun clarified that there is no concrete evidence to support claims of the platform’s misuse by sanctioned individuals or groups, including North Korea.
RAILGUN protocol: “Any suggestion that sanctioned individuals, governments, or entities such as North Korea have used RAILGUN have no evidence & are based only on speculation.” From 2023, all RAILGUN transactions go through a Private Proofs of Innocence check which verifies that…
Railgun is recognized for implementing advanced Zero-Knowledge Privacy protocols that safeguard user transactions on dApps, thereby enhancing the privacy of defi transactions. The platform drew additional attention following a transaction by Ethereum co-founder Vitalik Buterin, who recently transferred 100 ETH, valued at about $325,000, to Railgun.
Arkham data shows Buterin has regularly interacted with the Railgun using small amounts of ETH over the past six months. He highlighted on social media that wanting privacy is normal, noting that measures used by Railgun significantly reduce the risk of malicious parties infiltrating privacy pools.
The ongoing debate over privacy in the crypto space has also seen contributions from prominent figures like Coinbase CLO Paul Grewal, who has been vocal about the necessity for the legal protection of privacy rights. Grewal has argued against sanctions on platforms like Tornado Cash, advocating for the support of open-source privacy software under clear legislative frameworks.
A former Amazon software engineer Shakeeb Ahmed was sentenced to three years in prison for exploiting smart contracts.
The breaches in 2022 resulted in the theft of over $12 million in different cryptocurrencies. The trial was the first-ever sentencing for a cyberattack on smart contracts.
Ahmed admitted in December 2023 to manipulating smart contracts. By inserting fraudulent pricing data into the platforms’ contracts, the engineer generated approximately $12 million in unearned profits, which he subsequently withdrew as cryptocurrency.
While the prosecutors chose not to disclose one of the affected platforms, evidence in the indictment suggests it was Crema Finance. The other platform involved was Nirvana Finance, which ceased operations following the hack in July 2022.
Before the incident, Ahmed had led Amazon’s bug bounty program, where he identified and fixed security loopholes in its software. The prosecution, highlighting the novelty of this case involving smart contract hacking, had recommended a four-year prison term.
They acknowledged Ahmed’s cooperation and his restitution of the majority of the stolen funds but emphasized the need for his imprisonment to serve as a deterrent and underscore the gravity of his offenses.
On the other hand, Ahmed’s defense argued for probation instead of prison time, citing his compromised mental health during the time of the hacks and the fact that the stolen funds were largely untouched except for covering a relative’s medical expenses. Ahmed, originally from Saudi Arabia, had his legal team plea for leniency based on the following factors.
Web3 security experts consider North Korea’s Lazarus Group the most prominent and sophisticated threat to the crypto industry in 2024.
Earlier this week, the infamous Lazarus Group reportedly funneled $12 million through crypto tumbler Tornado Cash. The funds were allegedly linked to last November’s HTX and Heco Bridge hack, which saw the platforms lose over $90 million.
However, this wasn’t the group’s only heist in 2023. Throughout the year, the North Korea-backed hackers compromised over $400 million worth of assets across various crypto platforms, including CoinEX, Poloniex, Stake.com, and Atomic Wallet. In 2022, the group was responsible for the biggest defi hack in history, as it compromised the Ronin Network to steal approximately $620 million.
Lazarus’s hacks occurred during a prolonged bear market in the crypto industry, reeling from the effects of FTX and Terra Luna’s collapse. In 2024, with the bull market running in full swing, significant tokens reaching all-time highs, and novel meme coins driving billions of dollars inflow into the market, Lazarus’s concerns are more prominent than ever.
Lazarus hacks in the second half of 2023
To understand how the industry should prepare for such risks, crypto.news reached out to web3 security provider Cyvers, which exclusively detected the Poloniex hack last year.
How does Lazarus carry out its million-dollar crypto heists?
According to Cyvers CEO Deddy Lavid, the Lazarus Group has shifted its cyberattack strategies significantly in 2023, targeting centralized entities with a refined and dynamic approach. Moving beyond traditional phishing and brute force methods, the group now employs AI-driven phishing campaigns and complex smart contract exploits.
Onchain Topologies used by Lazarus hackers | Image provided by Cyvers
Specifically, the attacks on Poloniex and HTX focused on stealing private keys and launching a series of small attacks in a short period. The group also used pre-programmed bots to run automated attacks. The bots tend to live in a system for a long time undetected before starting to exfiltrate the assets.
Lavid also mentioned that Lazarus Group’s operational methods resemble military precision, reflecting a rare level of professionalism among cybercriminal syndicates. Lavid outlines a recurring pattern in their attacks: initial infiltration through social engineering, remaining dormant within the target organization for months, and stealing private keys for a series of quick, well-orchestrated attacks involving dry runs and fast, anomalous transaction rates.
The preparatory phase is followed by dispersing the stolen assets across multiple blockchains, eventually funneling them through mixers or exchanges for laundering.
So, while the crypto bull run of 2024 offers an exhilarating prospect for investors and innovators alike, it also presents an urgent call to arms for the security sector.
“My analysis emphasizes the need for increased security measures in the cryptocurrency and blockchain space, urging a deeper recognition of information security’s importance, a call for more security professionals, and a focus on proactive attack prevention.”
– Deddy Lavid, CEO at Cyvers
In 2024, Lavid foresees a crypto market that outgrows its nascent vulnerabilities to adopt a more mature approach to security.
Crypto platforms need to allocate greater resources towards developing security expertise within companies and a holistic strategy that preempts attacks and comprehensively addresses potential fraud across the blockchain.
Explore the biggest crypto hacks of 2023 in our comprehensive review, including the roles of notorious hacking groups and their impact on the crypto industry.
Cryptocurrency hacks in 2023 have seen the industry lose over $1 billion, with the largest hacks occurring in the final quarters of the year. The recent bull market has marked the end of a prolonged crypto winter that started in 2022, driven by the Terra LUNA crash and the FTX collapse. However, this has also renewed hackers’ interest in the market, with more malicious threats targeting major defi protocols and crypto exchanges.
From the multi-million dollar heist at Mixin to the sophisticated phishing scams affecting individual investors, each hack provided a stark reminder of the ongoing battle between cybersecurity and cybercriminals in the digital age. So, what were the largest crypto hacks of 2023? Let’s find out.
Mixin breach ($200m): biggest crypto hack of 2023
September 2023 saw arguably the largest recent crypto hack, as the Mixin platform suffered a staggering loss of $200 million. This incident unfolded through a data breach of Mixin’s cloud service provider. The platform could not track down the attacker or recover the stolen funds. However, Mixin committed to compensating users for half of their lost holdings.
[Update] After statistical analysis, the affected assets in this incident were mainly ERC20-USDT, ETH, and BTC. Other assets were not affected. The specific compensation details are still under discussion. Please stay tuned for updates on the progress of this incident. In order… https://t.co/XHlNmJFbeZ
In March 2023, Euler Finance experienced a significant hack, losing nearly $200 million. The breach was initially identified by PeckShield, a blockchain security firm, which noticed unusual transaction activity on the platform. These transactions were later confirmed as the method through which $197 million in cryptocurrency was stolen.
However, in a rare occurrence, the stolen funds were unexpectedly returned to Euler Finance a few weeks after the hack. An apology note was included in one of the return transactions, as observed on Etherscan.
Poloniex hack (over $120m)
Popular crypto exchange Poloniex faced a security breach in November, leading to a loss exceeding $33 million, later revised to over $120 million. The unauthorized outflow of funds from its hot wallet affected multiple networks, including Ethereum (ETH) and Bitcoin (BTC). Justin Sun, the majority shareholder of Poloniex, reassured the community of the exchange’s financial stability and pledged full reimbursement for the lost assets.
To resolve the situation, Sun initially offered a $10 million bounty to the cryptocurrency hackers for returning a significant portion of the funds within a week and provided wallet addresses for potential reimbursement. However, as per the latest reports, the hackers did not respond. Poloniex continues its internal investigation and remains committed to compensating affected users.
HTX hack ($110 m)
Yet another exchange linked to Justin Sun experienced a major breach this year. HTX, formerly known as Huobi, experienced a significant security breach, leading to a net outflow of $250 million after resuming operations.
This outflow followed the November attack in which HTX lost around $110 million, according to Sun. The incident prompted a temporary suspension of withdrawals and deposits. Despite the substantial outflow, an HTX emphasized that user funds were safe.
MultiChain rug pull ($130m)
In July, MultiChain, a cross-chain protocol, reported suspicious withdrawals totaling $130 million, sparking concerns of a hack or rug pull. The series of transactions led to the Chinese authorities’ arrest of MultiChain’s CEO, Zhaojun, fueling speculation of insider involvement.
Zhaojun’s devices, including phones and hardware wallets, were confiscated. The incident led to MultiChain ceasing operations, as detailed in a post on social media. The closure of MultiChain followed these events, leaving many questions about the true nature of the incident.
Atomic Wallet hack ($100m)
In June, Atomic Wallet, a widely-used software crypto wallet, was hacked, leading to the loss of $100 million. The breach impacted over 5,000 user accounts, with some users experiencing partial thefts and others having their wallets completely emptied.
The initial suspicion pointed toward the Lazarus hacking group. The incident led to a class-action lawsuit from Russian investors against Atomic Wallet in August 2023. The latter claimed that the trace led to the Ukrainian group of hackers. However, there has been no proof of this statement since then.
The company’s response to the crypto hack and the legal repercussions are yet to be fully resolved.
CoinEx hack ($70m)
Crypto exchange CoinEx suffered a major security breach in September, resulting in the theft of $70 million. Crypto hackers accessed numerous private keys for user hot wallets, transferring substantial amounts of various cryptocurrencies, including nearly 5,000 ETH and 231 BTC.
Despite the significant loss, CoinEx’s cold wallets remained unaffected. The North Korean Lazarus group is suspected to be behind this attack.
KyberSwap hack ($47m)
The KyberSwap hack in November 2023 stands out for its complexity and the significant loss incurred. The multi-chain decentralized exchange aggregator fell victim to a smart contract reentrancy attack, leading to the theft of $47 million across various networks, including Ethereum, Polygon (MATIC), Arbitrum (ARB), and Optimism (OP).
This breach resulted in a drastic 90% drop in KyberSwap’s total value locked, falling from $84.9 million to just $8.28 million, showcasing the severe impact of smart contract vulnerabilities.
The hacker behind this attack made unusual demands, seeking total control over KyberSwap’s protocol, which included its governance mechanism and company assets. These demands, attached to a transaction on Etherscan, were unprecedented and highlighted a new level of boldness in crypto hacking.
The hacker sought to overhaul KyberSwap’s operational structure, including employee salaries and executive buyouts. This incident reflects the technical vulnerabilities of defi platforms and underscores the evolving challenges in securing defi ecosystems against increasingly sophisticated attacks.
Stake hack ($41m)
September was undoubtedly one of the costliest months this year, with the number of hacks exceeding all other months in 2023. Popular crypto gambling platform Stake also suffered a breach that month, leading to a theft of $41 million.
This hack specifically targeted users’ crypto hot wallets, and the assets stolen included Ethereum and Dai, among others. All funds were initially transferred to a single wallet, believed to belong to the hacker, and then dispersed to various other wallets. This dispersion tactic made tracking the stolen assets more challenging. The FBI’s investigation later confirmed the involvement of the North Korean Lazarus hacking group in this theft, although the stolen funds remain unrecovered.
North Korea’s Lazarus group: state-affiliated threat in crypto hacks
In 2023, the Lazarus Group, a North Korea-linked hacker organization, has been a prominent actor in the crypto hacking landscape. They have been responsible for over $300 million in crypto hacking incidents, accounting for approximately 17.6% of the total losses incurred in the crypto industry during the year. This contribution to the total losses highlights the group’s significant impact on the crypto space.
Historically, the Lazarus Group has been involved in some of the largest cyberattacks, dating back to their activities against Sony Pictures in 2014. Over the years, they have shifted their focus to crypto protocols, acquiring billions of dollars from these attacks. From 2021 to 2023, approximately $1.9 billion has been stolen from various crypto projects, showcasing the group’s persistence and evolving tactics.
In 2023, the Lazarus Group executed at least five attacks, including a notable $70 million theft from the Hong Kong-based crypto exchange CoinEx. Their strategy moved towards targeting centralized finance platforms and noncustodial crypto wallets, demonstrating keen adaptability to the changing landscape of the crypto industry.
Despite a global decline in the overall amount of money stolen in digital asset hacks, the threat posed by groups like Lazarus remains significant. Law enforcement agencies have been actively combating these activities by tracing stolen funds and disrupting crypto mixers, which obscure illicit funds’ origins. The U.S. Treasury Department has addressed these challenges by sanctioning popular mixing services like Tornado Cash and proposing stricter regulations for decentralized platforms.
Crypto hacks in 2024: prospects
The surge of crypto hacks in the latter half of 2023 reflects a concerning narrative for the industry heading into 2024. The upcoming year is poised to be a crucial time for crypto, with the expectations around the Bitcoin spot ETF launch in January and the Bitcoin halving event in April.
So, the industry is preparing for a busy 2024, and so will the hackers. Building industry-wide resilience would be the key to curbing these large-scale threats; otherwise, we might be in for a costlier new year.
FAQs
Can blockchain be hacked?
While blockchain technology is generally secure due to its decentralized and encrypted nature, it is not completely immune to hacking, especially through vulnerabilities in smart contracts or centralized points like exchanges.
Is Bitcoin hackable?
Bitcoin’s core blockchain protocol is highly secure, but Bitcoin exchanges and wallets can be vulnerable to hacking.
What is the world’s largest crypto exchange hack?
The world’s largest crypto exchange hack occurred at Coincheck in 2018. The company lost $534 million worth of NEM tokens.
What is the biggest hack in Bitcoin history?
The most significant Bitcoin hack was the Mt. Gox incident in 2014, where approximately 850,000 bitcoins were stolen, greatly impacting the Bitcoin community and market.
What are the latest crypto hacks?
Recent notable crypto hacks include the attacks on Ledger, HTX, KyberSwap, and Poloniex, with losses mounting over hundreds of millions.
Hardware wallet manufacturer Ledger has responded to a recent security breach resulting in the theft of $600,000 worth of user assets.
The company has pledged to enhance its security protocols by eliminating Blind Signing, a process where transactions are displayed in code rather than plain language, by June 2024.
Ledger Takes Responsibility For ConnectKit Attack
In a statement, Ledger emphasized its focus on addressing the recent security incident and preventing similar occurrences in the future.
The company acknowledged the approximately $600,000 in assets that were impacted by the ConnectKit attack, particularly affecting users blind signing on Ethereum Virtual Machine (EVM) decentralized applications (dApps).
Furthermore, Ledger pledged to make sure affected victims are fully compensated, including non-Ledger customers, with CEO & Chairman Pascal Gauthier personally overseeing the restitution process.
According to the statement, Ledger has already initiated contact with affected users and is actively working with them to resolve their specific cases.
In addition, by June 2024, blind signing will no longer be supported on Ledger devices, contributing to a “new standard of user protection” and advocating for “Clear Signing,” which refers to a process that allows users to verify transactions on their Ledger devices before signing them across dApps.
On this matter, Ledger’s CEO Pascal Gauthier stated:
My personal commitment: Ledger will dedicate as much internal and external resources as possible to help the affected individuals recover their assets.
Heightened dApp Security Measures
According to an incident report released by the hardware wallet manufacturer, the attack exploited the Ledger Connect Kit, injecting malicious code into dApps utilizing the kit.
This malicious code redirected assets to the attacker’s wallets, tricking EVM dApp users into “unknowingly signing transactions” that drained their wallets.
Ledger addressed the attack by deploying a genuine fix for the Connect Kit within 40 minutes of detection. The compromised code remained accessible for a limited time due to the nature of content delivery networks (CDNs) and caching mechanisms.
Ledger acknowledged the risks faced by the entire industry in safeguarding users and emphasized the need to continually raise the bar for security in dApps.
The company plans to strengthen its access controls, conduct audits of internal and external tools, reinforce code signing, and improve infrastructure monitoring and alerting systems.
Additionally, Ledger will educate users on the importance of Clear Signing and the potential risks associated with blind signing transactions without a secure display.
Notably, with Clear Signing, users are presented with a clear and readable representation of the transaction details, enabling them to review and validate the transaction before providing their signature.
This added layer of transparency and verification helps users mitigate the risks associated with front-end attacks or malicious code injected into decentralized applications
The 1-day chart shows the total crypto market cap’s valuation at $1.59 trillion. Source: TOTAL on TradingView.com
Featured image from Shutterstock, chart from TradingView.com
Disclaimer: The article is provided for educational purposes only. It does not represent the opinions of NewsBTC on whether to buy, sell or hold any investments and naturally investing carries risks. You are advised to conduct your own research before making any investment decisions. Use information provided on this website entirely at your own risk.
Nigerian authorities arrested Amb. Wilfred Bonse, a Nigerian politician, for alleged theft and money laundering in connection to a breach suffered by cryptocurrency trading company Patricia Technologies Ltd.
According to ACP Olumuyiwa Adejobi, a public relations officer with the Nigerian Police Force (NPF), the arrest was made following the force’s investigation into Patricia’s hack.
As stated by Adejobi, Bonse allegedly assisted in laundering 50 million naira ($62,368) out of 607 million naira ($757,151) fraudulently diverted from the platform to his account via a crypto wallet.
Before his arrest, Bonse contested for a gubernatorial seat in the Southern part of Nigeria. While investigations are still ongoing, other suspects remain at large, with the PRO stating that everyone involved in the criminal conspiracy case will be caught and punished.
Reacting to the arrest, Patricia CEO Hanu Fejiro Abgodje said the development vindicated the crypto platform, which came under criticism following the hacking incident.
“This is a big relief. We have finally been vindicated as not a few disbelieved us that our platform was hacked in the first place. But thanks to the diligence of the Nigerian Police and the unwavering commitment of my colleagues, we are delighted that our customers now have more reason to continue to trust us. The dark days are over”
Patricia CEO, Hanu Fejiro Agbodje
Patricia suffered a breach in May, resulting in the loss of customer deposits. In a recent blog post, the platform announced that it would move ahead with its repayment plan, which began Nov. 20, despite DLM Trust Company terminating a partnership deal with the crypto trading outfit.
Kronos Research, a Taipei-based market maker, trading firm, and venture capital fund, witnessed the withdrawal of significant amounts of crypto assets due to a breach of its security system.
Kronos Breach: Investigation Underway
On Sunday, November 19, Kronos Research disclosed – via a post on X (formerly Twitter) – a security incident that involved unauthorized access to its API keys. Consequently, the company lost a significant amount of crypto funds and has halted all trading operations in a bid to launch a full investigation into the incident.
In the interest of transparency Around 4 hours ago, we experienced unauthorized access of some of our API keys. We paused all trading while we conduct an investigation. Potential losses are not a significant portion of our equity and we aim to resume trading as soon as possible.
A map of funds outflow by on-chain sleuth ZachXBT summed Kronos’ losses to over $25 million in Ether. In a follow-up post on X, the company also confirmed that the losses are about $26 million in crypto assets.
Funds outflow from Kronos Wallet | Source: X/ZachXBT
In its initial announcement, Kronos revealed that the potential losses are not a significant portion of its equity. Meanwhile, the trading firm said in its latest update that all losses will be covered internally, and no partners will be affected.
Although Kronos has yet to provide an update on its resumption process, the company did say that it aims to resume trading as soon as possible.
This $26 million attack on Kronos Research represents the third most significant crypto theft in November 2023. Before this latest incident, data from blockchain security firm Certik revealed that about $173 million had been lost to crypto attacks in November, with Poloniex’s $113 million hack being the most notable yet.
How Did This Hack Affect WOO X?
Interestingly, Kronos is not the only one affected by this security incident, as WOO X is another cryptocurrency entity that has had to pause its operations momentarily. WOO X is an exchange on which Kronos functions as the market maker for its spot and perpetual futures markets.
In an address on the X platform, WOO X acknowledged Kronos’ security situation and announced a temporary pause on all trading to protect users’ positions from a lack of liquidity. The exchange, however, emphasized that all customer funds are safe.
As of this writing, WOO X has resumed trading in both the spot and perpetual futures markets. Meanwhile, the exchange claims that clients can now make withdrawals for all assets.
In a chilling development on Halloween Day, the crypto community was hit with disturbing news as PeckShield, a renowned blockchain security company, revealed a series of rug pulls over the past few hours.
Rug pulls, a form of cryptocurrency scam, involve sudden and deliberate value drops in specific tokens, accompanied by the perpetrators swapping the native tokens for Ethereum (ETH). The meme coins affected by the rug pulls were identified as MEME, MEMEPAD, and TITANX.
Multiple Rug Pulls Shake Crypto Market On Halloween
According to PeckShield’s X (formerly Twitter) post, the MEME token on the Ethereum blockchain experienced a jaw-dropping 100% drop in value. The address 0xBd72…5871 was responsible for swapping a staggering 4,854,740,126,240,000 MEME tokens for approximately 43.68 ETH.
It is important to note that the rug pull token shared the same name as the legitimate MEME token, adding to the confusion.
Similarly, the MEMEPAD token on Ethereum suffered an identical 100% value drop. The address 0xBd72…5871 conducted a swap of 4,854,740,126,240,000 MEMEPAD tokens for around 44.84 ETH.
Once again, the fraudulent crypto rug pull shared the same name as the genuine MEMEPAD token, compounding the deceitful nature of the scam.
Additionally, the TITANX token launched two days ago, October 28, on Ethereum experienced a staggering 100% value decline.
The address 0xBd72…5871 executed a swap of 4,854,740,126,240,000 TITANX tokens for approximately 46 ETH. Mirroring the previous instances, the rug pull token masqueraded under the same name as the legitimate TITANX crypto token.
Fantom Foundation Funds Vanish
In alarming events, the Fantom (FTM) Foundation finds itself entangled in a harrowing tale of fund drains and swift token swaps. PeckShield has reported two significant incidents involving the Fantom Foundation’s finances, leaving the organization with substantial losses.
The first incident occurred on October 17, 2023, when wallets associated with the Fantom Foundation were drained of approximately $7 million worth of cryptocurrencies, equivalent to around 4,500 ETH.
Additionally, on October 26, the Fantom Foundation faced another devastating event. An unidentified entity, the “Fantom Foundation Drainer,” executed a bold move by swapping a staggering 8,087,377.97 DAI for 4,560.52 ETH.
The gravity of the situation intensified when the Fantom Foundation Drainer swiftly executed another swap on October 30, converting the 4,560.52 ETH back into approximately 8.3 million DAI within a mere 30 minutes.
The Fantom Foundation is now faced with the daunting task of investigating the breaches, identifying the culprits, and fortifying its security infrastructure to prevent future incidents.
Despite recent developments, the native token of the Fantom protocol, FTM, is trading at $0.2388, reflecting a 1% increase in the past 24 hours.
Notably, the token has experienced a substantial surge across various time frames. Presently, it has maintained an upward trend, with gains of over 6% and 30% in the seven-day and fourteen-day periods, respectively.
Over the year-to-date period, the token has recorded a 5% increase. These figures indicate the token’s positive performance and growth trajectory.
Featured image from Shutterstock, chart from TradingView.com
