Crypto Hack Weekly Report: DeFi Double Trouble & A $70M Phishing Attack

The post Crypto Hack Weekly Report: DeFi Double Trouble & A $70M Phishing Attack appeared first on Coinpedia Fintech News

29th April to 4th May 2024

This week has been particularly eventful in the crypto world, marked by significant hacks that have been felt throughout the community. From Pike Finance’s second breach in just a few days to a trader’s unfortunate loss due to a phishing scam, the landscape of crypto security has once again come into focus.

There’s still a lot to be learned from an unfortunate situation. Here’s what went down.

A Detailed Recap

1. Pike Finance Suffers Double Attack

Pike Finance, a notable DeFi lending platform, faced its second exploit within a short span of three days, resulting in a substantial loss of $1.68 million across Ethereum, Arbitrum, and Optimism networks.

The attacker exploited critical flaws in Pike Finance’s smart contracts, gaining control over the protocol’s output address. This orchestrated move led to the transfer of $1.4 million worth of ETH, $150 thousand of OP, and over $100 thousand of ARB.

Interestingly, this incident occurred shortly after another breach on April 26th, where Pike Finance lost $300,000, indicating vulnerabilities in its security measures.

2. Yield Protocol: Vulnerable and Exploited!

In a cautionary tale, the defunct DeFi lending platform, Yield Protocol, fell victim to hackers who exploited vulnerabilities on the Arbitrum blockchain. Despite going offline in December 2023, Yield Protocol suffered a theft of approximately $181,000 in crypto assets due to manipulations within its smart contracts.

Hi @yield, you may want to a look (w/ $181K) pic.twitter.com/wbzVgrvyyy

— PeckShield Inc. (@peckshield) April 30, 2024

Investigations revealed that the attacker exploited anomalies in pool tokens using flash loan assets, highlighting the importance of robust security measures. Unfortunately, attempts to recover the stolen assets were futile as support for Yield Protocol had ceased months prior.

3. A Costly Mistake

More complex is a case when this crypto user mistakenly sent his 1,155 WBTC Wrapped Bitcoin to a bad actor’s wallet losing $68 million. His wallet was drained of over 97% of its total assets. The rest of its contents have since been removed, leaving them with just $13.56 worth of ETH. 

The vulnerability was based on imitating an ETH transfer of 0.05 ETH and causing the victim to send a large number of WBTCs instead. The transfer history of the victim was breached and the victim was made to send the money to the address belonging to the real exploiter who presented his address as legitimate. 

This method of address poisoning confirmed by reputable blockchain security firms such as CertiK, proves how seriously cryptocurrency owners should safeguard their transactions from sophisticated phishing attacks.

#CertiKInsight

Our system has detected a transfer of 1,155 WBTC (~$69.3m) to an address linked to address poisoning

EOA 0xd9A1 mimicked a transfer of 0.05 ETH which led the victim to send the funds to the wrong address

Stolen funds are here https://t.co/m2xpJW0QIZ pic.twitter.com/PWFhEsEN2G

— CertiK Alert (@CertiKAlert) May 3, 2024

Also Check Out: Attacker Steals $71 Million in an Extremely Sophisticated Phishing Attack That Fooled the Investor

These examples should serve as a wake-up call to all crypto users, regardless of experience. As technology evolves, so do the tactics of those seeking to exploit it. By staying informed about the latest threats, implementing robust security measures, and exercising skepticism, users can navigate the crypto markets with ease.