March Crypto Crimes Report is Here!
March was an eventful month, to say the least! With $261.5 million lost to crypto crimes, this year’s total has crossed the half-billion-dollar mark with $578.6 million lost in Q1. Still, this is only a third of what was lost in Q1 2022!
The most memorable hack of the month was, without a doubt, the Euler Finance flash loan attack! Not only was it the largest hack of 2023, with $197 million lost, but it is also embroiled in North Korean shenanigans!
According to on-chain data initially identified by Lookonchain, the Euler Finance protocol hacker transferred 100 ether to a wallet linked to the North Korean state-sponsored hacking group, Lazarus, which is notorious for its involvement in the $624 million hack of the Ronin network.
The immediate conclusion was, “Here we go again, North Korea is behind the 6th crypto hack of all time, who is surprised?”
But wait, the plot thickens!
On March 20th, the hacker sent an on-chain message to Euler claiming that:
“We want to make this easy on all those affected. No intention of keeping what is not ours. Setting up secure communication. Let us come to an agreement.”
Lazarus Group has never negotiated sending any funds back until then. Moreover, why would they ever send funds to a flagged address that could trace back to them?
Well, maybe because they were not behind this hack!
And probably because they were dragged into this mess by the hacker without their permission, they attempted to get right back at him and jumped with their two feets in the middle of the Euler Saga!
The day following the Euler hacker’s peace offering, Polygon’s CISO Mudit Gupta reported that a wallet connected to the Lazarus sent 2 Ethereum, worth $3,586 to the Euler Finance hacker, with a message urging him to decrypt an encrypted message!
Encrypted message that was nothing more than a phishing attempt to get the Euler exploiter’s private key and screw him over!
Well, that’s quite the convoluted story, to say the least.
Since then, the Euler hacker has shown himself to be true to his words and sent back $138 million to the protocol as of now.
Speaking of shenanigans, the mayhem around the Arbitrum airdrops was also memorable! Between Twitter and Discord hacks, as well as private key exploits due to Profanity vanity address vulnerabilities, at least 6.5 million were lost by retail investors (people like you and me). But it’s probably much more than that since at least more than 10,000 people were reported being phished using these schemes! 10,000!
This month also saw another cautionary tale for web3 actors in charge of people’s funds: stop “cutting expenses” when it comes to securing these very same funds! Yet another hack, worth $8.9 million, was made possible because Safemoon’s team thought it was a good idea to deploy an upgraded version of a smart contract without auditing it. Of course, a hacker was ready to exploit this very basic vulnerability that any security firm worth their salt would have screened and rolled their eyes at!
It’s April 2023.
Why is it still necessary to remind web3 actors to take their security responsibilities seriously?
