ReportWire

Tag: exploit

  • LastPass Hack Drains $4.4 Million From Users, Urgent Asset Migration Advised

    LastPass Hack Drains $4.4 Million From Users, Urgent Asset Migration Advised

    [ad_1]

    Users of the LastPass password manager application have now lost $4.4 million worth of crypto assets in a single day. This development comes a year after LastPass shared that hackers had gained access to its cloud storage keys and dual storage container decryption keys.

    LastPass Users Urged To Move Crypto Assets As 25 Fall Victim To Hack

    This latest asset loss by LastPass users was revealed by on-chain investigator ZachXBT via an X post on October 27. 

    Through a combined probe with a fellow investigator with X handle @tayvano_, it was discovered that approximately $4.4 million in digital assets were stolen from 85 distinct wallets belonging to 25 LastPass users.

    In a cautionary note in the same post, ZachXBT also warned all LastPass users to transfer their crypto assets to new wallet addresses in order to avoid future losses.

    For context, LastPass offers a password management service, helping users store the seed phrase in their crypto wallet. A seed phrase represents a set of words unique to each wallet, which grants access to the assets stored in the said wallet. 

    On August 8, 2022, a hacker gained access to the corporate laptop of a LastPass software engineer, allowing the bad actor to infiltrate the company’s system, stealing some source code, confidential technical documentation, and internal system secrets. 

    Using this data, the hacker extracted 14 of LastPass’s 200 source code repositories. 

    Over the next few days, the hacker initiated a larger attack, obtaining a copy of the LastPass customer database, which held information such as unencrypted account information, along with associated metadata and settings like multi-factor authentication options. 

    On August 25, 2022, the company’s CEO Karim Toubba claimed the hack had been contained and stated that the data comprised had occurred in its development section, which does not contain any personal user data.

    However, in a series of tweets in August 2023,  @tayvano_ claimed that over 1200 BTC, valued at $32 million, had been stolen from wallets linked to LastPass users in the last year following the security breach. 

    Such reports, in addition to the latest theft incident, have contributed to heightening calls for users to ditch wallet addresses linked to the password management services. 

    Crypto Hacks In 2023

    According to a July report by blockchain security firm Peckshield, crypto hacks still account for one of the major causes of asset loss in 2023.

    Peckshield stated that in H1 2023 alone, over 395 hacks occurred in the crypto space, culminating in losses valued at about $479.9 million. While these figures represent a massive decline from the $2.43 billion recorded in H1 2022, it can still be considered quite significant in terms of investors’ interest.

    At the time of writing, the total crypto market is valued at $1.26 trillion, with a 0.22% gain in the last day, based on data from CoinMarketCap.

    Total crypto market valued at $1.238 trillion on the daily chart | Source: TOTAL chart on Tradingview.com

    Featured image from iStock, chart from Tradingview

    [ad_2]

    Semilore Faleti

    Source link

  • Major Exploit Sees $6 Million In XRP Lost

    Major Exploit Sees $6 Million In XRP Lost

    [ad_1]

    Philippines-based crypto exchange Coins.ph is rumored to be the latest victim of an exploit that has potentially led to the loss of 12.2 million XRP ($6 million) for the firm. However, a part of these funds seem to have already been recovered. 

    Evidence Of The Alleged Exploit

    According to a report by The Block, the hack on the crypto exchange occurred on October 17, with the media outlet citing a source familiar with the matter. Coins is yet to release an official statement as to whether or not the incident truly occurred.

    However, on-chain data suggests that this exploit might have indeed occurred, as The Block noted. According to data on the blockchain explorer XRP scan, the crypto exchange experienced 13 outflows, with 999,999.999 XRP sent out from the exchange in each transaction to the same wallet, although the last batch seems not to have been processed.

    Following that, a further 200,000.999999 XRP was sent out of the exchange. It is worth mentioning that all these transactions occurred in the space of 32 minutes as they all occurred simultaneously. The total of these transactions (the ones processed) sums up to over 12.2 million XRP. 

    XRP market cap currently at $6.8 billion. Chart: TradingView.com

    Upon receipt of these funds, the alleged hacker then proceeded to send them to various destinations, including crypto exchanges OKX, Simple Swap, ChangeNOW, and WhiteBIT. The Block reported that a WhiteBIT spokesperson also seemed to confirm the exploit. 

    The representative stated that they blocked 445,000 as soon as they received a request from the Phillipines-based exchange Coins to flag down the address linked to the stolen tokens. WhiteBIT is also said to have reached out to blockchain analytics platforms Cristal and Chainalysis with a request to flag addresses related to the stolen XRP.  

    Increased Hacks On Crypto Entities 

    The attack on firms in the crypto industry has continued to increase from last year when the industry was reported to have lost over $2 billion from crypto hacks. In September, another crypto exchange, Huobi, was the victim of these exploiters as it lost almost $8 million

    Notably, a recent report reveals that South Korea’s Upbit cryptocurrency exchange faced a staggering 159,000 hacking attempts during the first half of 2023. What’s particularly striking is that this number was twice the amount of hacking attempts encountered by the exchange in the same period of 2022.

    The DeFi landscape has also not been left out, as several DeFi exchanges and platforms have also been victims of hacks and exploits this year. As of June, over $665 million had been reported to have been lost due to such occurrences.

    Featured image from InfoWorld

    [ad_2]

    Scott Matherson

    Source link

  • BH Token stolen funds funneled into Tornado Cash

    BH Token stolen funds funneled into Tornado Cash

    [ad_1]

    Funds stolen in a prior exploit have reportedly been channeled into Tornado Cash, totalling an estimated 1,500 BNB now within the mixer.

    Deposits into Tornado Cash

    According to an Oct. 11 from Certik, an exploit occurred on BH Token (BlackHole token), resulting in an exploiter (0xFDb) acquiring $1.2 million USDT, which was later converted to BNB and deposited into Tornado Cash, an Ethereum-based privacy tool.

    Now, in a follow-up development dated Oct. 19, the malicious actor responsible for the theft has channeled stolen funds into Tornado Cash, has deposited a total of 1,500 BNB into the mixing service so far. 

    A subject of another alert

    Unfortunately, this is not the first time that Tornado Cash has made headlines for being part of a malicious attack in recent weeks.

    On Sept. 11, another Certik alert went out about a wallet associated with over $24 million in stolen cryptocurrencies that had transferred 600 Ether (ETH) valued at approximately $936,000 into Tornado Cash.

    Earlier in August, Tornado Cash founders also faced charges for money laundering tied to North Korea.


    Follow Us on Google News

    [ad_2]

    Sarah Jansen

    Source link