In brief ⚡
Security firms suspect a significant hack as more than $100 million ( worth $60M dollars ) in digital assets was transferred from a wallet linked to the cryptocurrency exchange Poloniex.
Australian Crypto Exchange Coinspot Hot wallet rekt for over $2M worth of ETH
TrustPad’s Staking Contract suffered a hack for $155k.
TheStandard.io was hacked due to lack of slippage protection for over $280k
Hacks and Scams⚠️
Poloniex Exchange
Amount of Loss: ~ $60M
Analysis
Poloniex, a digital asset exchange, faced a suspected breach in its crypto wallet, with over $100 million drained by attackers on Nov. 10.
Blockchain security firm suggests a "private key compromise" as the likely cause, with funds already moved to four external accounts, some converted into Ether.
Initial estimates of the losses were around $60 million, but the actual amount taken was later determined to be over $100 million.
In response, Poloniex disabled the affected wallet, yet no official statement has been released by the exchange regarding the hack.
Justin Sun, who acquired Poloniex in 2019, announced on social media that they are investigating the incident and pledged full reimbursement to affected users, emphasizing the exchange's strong financial position.
Sun also offered a 5% white-hat bounty to the hacker, providing a seven-day window for the return of funds before involving law enforcement authorities.
Coinspot Hot Wallet
Amount of Loss: ~ $2M
Analysis
Melbourne-based cryptocurrency exchange, CoinSpot, has experienced a hack resulting in the loss of over $2 million from accounts.
Despite the relatively small amount, the breach suggests a compromise in Australia's largest crypto exchange.
CoinSpot claims that "no customers" were affected but provides no further details regarding the security incident.
Approximately $2.3 million worth of Ethereum (ETH) was transferred from two CoinSpot wallets, utilizing bridging services like THORChain and Wan Bridge.
Security analysts believe the "mixing strategy" used indicates a compromise of private keys, suggesting a strong likelihood of stolen funds.
CoinSpot, founded in 2014, is among Australia's largest crypto exchanges, with over 2.5 million customers and a profitable track record, but this is its first reported hack.
TrustPad
Amount of Loss: ~ $155k
Analysis
TrustPad, a Social Token Platform on the Avalanche Chain, was attacked, resulting in a loss of approximately $155k.
The vulnerability originated from the receiveUpPool function within TrustPad's Staking Contract. The flaw allowed the attacker to manipulate newlockstartTime by not verifying msg.sender.
The assailant exploited the vulnerability by repeatedly calling receiveUpPool() and withdraw() functions. This enabled them to collect rewards, convert them into staking amounts through stakePendingRewards, and ultimately withdraw the rewards using withdraw().
The security breach occurred on the 7th of November 2023.
TheStandard.io
Amount of Loss: ~ $280k
Analysis
Attacker used a tricky move to take advantage of a crypto platform, taking away about $280K.
They made a fake trade with low-value assets, like a game move, to mess with the platform's money system.
Attacker controlled the game by being the boss of the money pool, making it easy to do their trick.
They borrowed a lot of fake money and played with the prices to confuse everyone.
By doing this, they took away real money and made the platform's money system weak.
The platform tried to stop them and find the money, but the tricky move was too fast. Now, they're working hard to make everything safe again.
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Tweets
GitHub Repos
Articles
Protecting Against Crypto Drainers: The Importance of Web3 Antivirus
Unfolding Ancient Wisdom: How Ancient Stories Teach Modern Humans about Security and OpSec
Web3 Community Spotlight🔦
Note - all the respective links has been embedded in the image
This week we analyzed one of the recent hack happened with TrustPad.
It’s been a significant year for Account Abstraction(AA) with the introduction of the ERC-4337 Ethereum standard, signalling new possibilities for
Over the past three quarters in 2023, the web3 losses totalling a whopping $1.4 billion. These losses were caused by
Thanks for reading HashingBits! Share a summary of our newsletter on your social media platforms, tag us, and use the #AwareToEarn hashtag, and you could win 10 USDT as a reward! Help us build a safer Web3 ecosystem and have a chance to earn rewards and support our work.