October 2022: The Biggest Crypto Hacks Month So Far?
As the crypto industry has been developing, it has been constantly bombarded by hackers. And while in the beginning, it wasn’t that much of an issue, today, when cryptocurrency is a multi-billion business and tokens can be easily withdrawn or exchanged, hackers seem to take a very keen interest in the largest crypto exchanges, breaching their security and stealing millions of dollars. Read more about the latest crypto hacks in the new StealthEX article.
Crypto hacking is currently on the upswing. The crypto market is at its lowest point ever, however, this October seems to have become the worst-ever month for crypto-related crimes with over $718 million in overall losses. And that’s with two more weeks to go before the month ends.
Data from Chainalysis on Thursday noted the amount was stolen from several decentralized finance protocols across 11 different attacks. At the time of the report around $3 billion had been exploited through over 125 separate incidents across the crypto field since the start of the month.
The Chainalysis company also notes that 2022 may even surpass 2021 by the number of attacks and their scale. This indicates that crypto exchanges and other crypto-related projects need to pay more attention to their security as any breach may result in huge losses for their customers.
The Largest Crypto Hacks
Binance Hack: What Happened
This news comes just weeks after Binance, the world’s largest crypto exchange, has been hacked. At the beginning of October, Binance confirmed that hackers made off with at least $100 million, but that the figure could have been significantly more.
The Binance blockchain, also known as BNB Chain and Binance Smart Chain, took the rare step of suspending transactions and fund transfers after discovering a vulnerability affecting the BSC Token Hub cross-chain bridge. These bridges are designed to facilitate the transfer of assets from one independent blockchain to another.
Popular in the world of DeFi, bridges have become a hot target for criminals due to faults in their underlying code. The BNB Chain, originally known as Binance Chain, was first developed by Binance in 2019. Like other blockchains, it features a native token, called BNB, that can be traded or used in games and other applications.
The vulnerability in the BSC Token Hub bridge allowed the attacker to forge messages, enabling them to mint new BNB tokens. Since the stolen tokens were not pre-existing tokens taken from wallets, no user funds were impacted.
Later, the BNB Chain team confessed that a total of 2 million BNB (approximately $568 million) were initially withdrawn. However, the hacker managed to get away with only about $110 million: apparently, the BNB Chain was able to prevent around 80% to 90% of the targeted funds from being stolen.
Binance Hack: Aftermath
Binance CEO Changpeng Zhao tweeted that the company estimates the impact of the breach to be between $100 million and $110 million.
Just recently, he added that Binance is getting closer to figuring out the identity of the anonymous hacker that withdrew the stolen funds. According to Zhao, after getting some tips from law enforcement on who the hacker might be, Binance is now ‘narrowing down’ the person or persons behind the attack.
Subsequently, the network was forked in the upgrade v1.1.16 to address a software weakness that allowed the withdrawal to be made in the hacker attack. It does not replace the missing funds from the network, and Binance says BSC hard fork was successful.
FXT Hack: What Happened
On October 21, Chinese crypto trader Colin Wu lost over a million dollars after hackers accessed his FTX account by exploiting an API connected to the trading account.
The user first noticed that his account was trading DMG tokens more than 5,000 times, only to discover later that nearly $1.6 million in Bitcoin, FTX token, Ethereum, and other cryptocurrencies have left their account.
The reporter further confirmed that this was not an isolated incident as another FTX user Bruce also stated that he was a victim of the FTX exploit. He revealed that he lost $1.5 million to the incident which happened on October 21. On its part, FTX, a Bahamas-based centralized cryptocurrency exchange, claimed that the hack was due to leaks of the API keys for the trading platform 3Commas.
Just days before this incident occurred, FTX had announced its loss of over 81 ETH to hackers in the early hours of October 13, 2022. The exchange explained that the hacker exploited a loophole on FTX’s platform, enabling them to mint XEN tokens 17,000 times at zero costs.
According to a publication, the fraud was effected through a gas theft vulnerability. The hacker’s address obtained over 100 million XEN Tokens and, through DoDo, Uniswap, and DEXes, converted some XEN into 61 ETH and transferred to FTX and Binance. As of press time, the loss incurred by FTX amounted to $103,443, while the hacker made a profit of $77,618 by selling the freely minted XEN tokens.
FXT Hack: Aftermath
On October 24, Bankman-Fried tweeted that he’s prepared to remunerate up to $6 million for FTX users affected by an exploit in which attackers used 3Commas’ API to make trades on the exchange. Sam Bankman-Fried also added that the exchange won’t be ‘making a habit of compensating’ users that are ‘phished by fake versions of other companies.’
Crypto wallet provider BitKeep Wallet has also become a victim of the endless wave of crypto hacks in the industry. Blockchain security firm PeckShield first raised the alarm on Twitter on Monday, October 17, and BitKeep published an update on the incident in the early hours of Tuesday.
After alerting the public, BitKeep announced that its development team had stopped the hacker. After an attacker took over the swap/router, they were able to use approvals to drain value from users’ wallets. In total, over $1 million in tokens was stolen before the BitKeep team was able to freeze the swap functionality, blocking further attacks. Following the incident, the security firm asked users to follow some steps to ensure the safety of their funds. The wallet also suspended its swap service to prevent further attacks. Developers promised to cooperate with security agencies to track down the hacker and recover the stolen assets while promising to reward anyone who could help identify the thief.
The crypto wallet provider additionally noted that the exploit happened on the BNB Chain, the blockchain that was already exploited in the Binance hack earlier this month.
Another Minor Hack in OlympusDAO
OlympusDAO users were shaken after a hacker stole 30,000 OHM tokens, equivalent to $300K. The funds were later returned to the DAO’s customers. But the attacker either had a change of heart or was a white hat hacker all along, as they sent back the funds to the DAO hours later. The hacker exploited a flaw in the smart contract for the new OHM Bonds product. Following the attack, the blockchain security business stated that Bond Protocol wrote the problematic smart contract.
After discovering the vulnerability, the DAO informed members of the hack via the Discord channel. OlympusDAO said that the affected funds were restricted because of the staggered implementation. The sum stolen is a small fraction of the $3,300,000 bounty the hacker might have earned if they had disclosed the vulnerability. The DAO team stated at the time that it had shut down the problematic markets.
Freeway, a crypto-staking platform, announced that it had paused its services, citing volatility in the crypto and forex markets and sending its token into a free fall. Subsequently, their token FWT crashed roughly 80% in the hours since the announcement. Freeway was not a significant or well-known project, with a market cap of less than $70 million before the crash and now $10 million at current trading prices.
The notice further said that, while the above-stated process is ongoing, Freeway would be allocating capital to its underlying portfolio and that, ‘for a temporary time’ and ‘until our new strategies are implemented,’ it will not be buying Supercharger simulations. It is still unclear what these new strategies are.
Freeway promised its users annual rewards of up to 43% with its Supercharger product. It says that it is ‘virtual simulations of popular crypto and fiat currencies’ and can only be used within the platform. The project’s developers claimed they had $160 million in total value locked via a figure published on their website. On-chain data suggests that the majority of the largest of the 4,342 token holders received it during an airdrop and were otherwise idle. The largest whales on the platform lost just over $16,500.
As noted by a Twitter user called @FatManTerra, the administrator of the Freeway website is in the process of deleting team names. The Wayback Machine confirms the removal of the ‘Team Freeway’ section of the website, as the 8 executives it shows are no longer listed on the website. And neither is the ‘Our partners’ section. FatManTerra went on to expose the platform’s administration as frauds.
Shortly before that, he tweeted about the platform on Saturday, one day before withdrawals were paused, warning its users.
Interpol Steps In
Following a large number of heckling and phishing incidents, International police organization Interpol has formulated a dedicated squad in Singapore to assist countries fighting crimes related to cryptocurrencies.
At a press conference in New Delhi, the police organization made the announcement ahead of its 90th general assembly, which will be attended by prominent police officers among its 195 members.
Hacker attacks and scams destabilize the crypto industry, making life difficult not only for crypto enthusiasts, but also for the crypto platforms. It is a strong sign that crypto exchanges will need to strengthen their security and governments will need to take new measures against hackers and frauds as the world economic instability will undoubtedly make more criminals turn to crypto space in an attempt to exploit it.
If you’re looking for a place to buy crypto, you can do it privately and without the need to sign up via StealthEX. You can do wallet-to-wallet transfers instantly and problem-free, crypto collection has more than 600 different coins and tokens.
Just go to StealthEX and follow these easy steps:
- Choose the pair and the amount you want to exchange. For instance, XMR to BTC.
- Press the “Start exchange” button.
- Provide the recipient address to transfer your crypto to.
- Process the transaction.
- Receive your crypto coins.
Don’t forget to do your own research before buying any crypto. The views and opinions expressed in this article are solely those of the author.
Originally published at https://stealthex.io/blog/ 👈