• A cyberattack targeted about 40 French tourist spots, including the Grand Palais, an Olympics venue.
• Hackers demanded a ransom in cryptocurrency, threatening to leak financial data.
• The attack affected data processing systems of museum shops but did not impact Olympic Games programming.
• The French Anti-Cybercrime Brigade (BL2C) is investigating the incident.
• France’s national systems security agency (ANSSI) stated the attack does not affect systems involved in running the Olympics.

A cyberattack has targeted approximately 40 French tourist spots, including the Grand Palais, a venue for the Paris 2024 Olympics. The incident, which occurred over the weekend of August 3-4, 2024, has raised concerns about cybersecurity during the ongoing Olympic Games.

The hackers exploited data processing systems of museum shops and boutiques across France, gaining access to sensitive financial information. The Grand Palais, which is hosting fencing and martial arts events for the Olympics, confirmed it was among the victims of the attack.

According to French newspaper Le Parisien, the director of information systems for the Grand Palais discovered the breach on August 3. The attackers have demanded a ransom to be paid in cryptocurrency, threatening to leak the collected financial data within 48 hours if their demands are not met.

The exact amount of the ransom and the specific cryptocurrency requested remain undisclosed. It’s also unclear whether any of the affected institutions plan to comply with the ransom demands.

In response to the incident, French authorities have taken action. The French Anti-Cybercrime Brigade (BL2C) has opened an investigation into what they describe as an “attack on an automated data processing system, organized extortion, and criminal association with a view to committing a crime or offense punishable by five years’ imprisonment.”

The French National Agency for Information Systems Security (ANSSI) was promptly alerted to the situation. ANSSI has reassured the public that the cyberattack does not affect the information systems crucial to the operation of the Olympic and Paralympic Games. “This incident does not affect information systems involved in the running of the Olympic and Paralympic Games,” an ANSSI spokesperson stated.

Despite the attack, museum shops targeted in the incident remain operational as of the time of reporting. The Louvre Museum, initially reported to have been impacted, has since denied any involvement in the breach.

This cyberattack is not an isolated incident in the context of the Paris Olympics. French Prime Minister Gabriel Attal had announced in late July, just days after the start of the Games, that nearly 70 cyberattacks linked to the Olympics had already been thwarted.

In recent years, similar attacks have affected various sectors of the tourism and entertainment industry. Last fall, Las Vegas-based casino operator Caesars reportedly paid about $15 million to hackers following a ransomware attack.

In January, several prominent museums in the United States, including the Museum of Fine Arts in Boston, experienced outages due to cyberattacks on their software systems.

The post Hackers Demand Crypto Ransom from Paris Olympics Venue & French Museums appeared first on Blockonomi.

• WazirX, an Indian cryptocurrency exchange, lost $230 million (45% of customer funds) in a hack on July 18, 2024.
• The exchange is considering various options for fund recovery, including reaching out to other exchanges and projects for help.
• WazirX proposed a controversial plan to distribute the loss impact among all users, even those not directly affected by the hack.
• Custody provider Liminal denies its infrastructure was compromised in the hack, contradicting WazirX’s claims.
• WazirX did not have insurance for customer funds, citing a lack of viable options.

Indian cryptocurrency exchange WazirX is grappling with the aftermath of a significant security breach that occurred on July 18, 2024.

The hack resulted in the loss of $230 million, representing about 45% of customer funds held on the platform. As the exchange works to address the situation, it faces multiple challenges, including determining the best path forward for fund recovery and maintaining user trust.

WazirX co-founder Nischal Shetty told CoinDesk that the exchange is exploring all possible options to recover the stolen funds. This includes reaching out to other exchanges and cryptocurrency projects for assistance. Shetty emphasized that these outreach efforts “are going to be crucial” in the recovery process.

The exchange has proposed a controversial “socialized loss strategy” to distribute the impact of the hack across all users.

Under this plan, 55% of assets would be available for trading and withdrawals for all users, including those not directly affected by the hack. The remaining 45% would be locked, with the timeline for unlocking dependent on ongoing recovery efforts.

This proposal has faced criticism from customers and industry peers. Some argue that it unfairly impacts users whose funds were not stolen. WazirX maintains that the plan aims to provide a faster and more flexible solution compared to situations where users face years of uncertainty and limited fund access.

Adding to the complexity of the situation, there is a dispute between WazirX and its custody service provider, Liminal. WazirX’s internal investigation claims that the hack involved Liminal’s infrastructure.

However, Liminal has pushed back against these accusations, stating that its systems were not compromised and that the affected wallet “originated from an external source.”

One factor contributing to the severity of the situation is the lack of insurance for customer funds.

Shetty confirmed that WazirX did not have insurance, citing a lack of viable options. This absence of insurance means that the exchange and its users must bear the full brunt of the losses, leading to the proposed socialized loss strategy.

WazirX has taken several steps in response to the hack. The exchange has paused trading and withdrawals, filed a police complaint in Mumbai, and reported the incident to the Indian Computer Emergency Response Team (CERT-In). Shetty also mentioned that various Indian and international authorities have reached out, though he did not disclose specific names.

The exchange is currently running two parallel phases: immediate revival to unlock collateralized assets for customers, and finding ways to fill the gap left by the stolen funds. WazirX has launched a bounty program and is exploring potential assistance from project teams and their emergency funds.

The exchange plans to make decisions based on community consensus, as evidenced by the opinion poll it conducted to gather user feedback on the proposed recovery plan. However, WazirX has emphasized that no unilateral decisions will be made without proper consent from its users.

As of July 31, 2024, WazirX has not announced a definitive timeline for resuming operations or implementing its recovery plan.

The exchange continues to investigate the hack and explore various options for fund recovery, leaving users in a state of uncertainty about the future of their assets on the platform.

The post WazirX Explores Recovery Options Following $230 Million Hack appeared first on Blockonomi.

• WazirX, an Indian crypto exchange, suffered a $235 million hack on July 18, 2024.
• WazirX’s investigation found no evidence of compromise in their own systems.
• The exchange suggests the breach likely originated from Liminal, their multi-party computation (MPC) wallet provider.
• Liminal denies any breach of its infrastructure and suggests the attack might have occurred by compromising WazirX devices.
• The incident highlights security risks associated with “blind signing” in hardware wallets.

On July 18, 2024, WazirX, a major Indian cryptocurrency exchange, fell victim to a sophisticated cyber attack resulting in a loss of $235 million.

This incident has sparked a heated debate between WazirX and its multi-party computation (MPC) wallet provider, Liminal, over the source of the security breach.

WazirX’s preliminary investigation, released on July 25, found no evidence that their infrastructure’s signer machines were compromised.

In light of the recent cyber attack on WazirX, our preliminary investigation reveals no evidence of compromise on our signers' machines. We are continuing to explore all possible sources of the breach.

For more details, please read this blog https://t.co/UQD7LVUy0v

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 25, 2024

Instead, the exchange pointed to Liminal as the likely origin of the breach. According to WazirX, the malicious transactions were processed through Liminal’s infrastructure, using three WazirX signatures and one Liminal signature.

The exchange highlighted several issues with Liminal’s security measures. The Liminal MPC wallet, designed to prevent withdrawals to non-whitelisted addresses, failed to do so during the attack.

Additionally, the malicious transaction included a contract upgrade that transferred control to the attacker, a process that Liminal’s interface is not supposed to allow.

WazirX’s investigation revealed that no new connection requests were sent to their hardware wallets, and all requests came from whitelisted addresses. The exchange argues that this evidence suggests a breach in Liminal’s system rather than their own.

However, Liminal has strongly denied these allegations. In a report released on July 19, Liminal maintained that its platform remains secure and fully operational.

In light of recent events, we want to clarify that Liminal's platform was not breached. Our platform continues to remain secure and fully operational for all our clients, including WazirX.

As part of our security process, we've conducted a comprehensive forensic analysis. Our…

— Liminal Custody (@liminalcustody) July 19, 2024

The wallet provider suggested that the attack might have occurred by compromising all three WazirX devices, a claim that WazirX’s investigation disputes.

The incident has brought attention to the security risks associated with “blind signing” in hardware wallets. This process, where transaction details are not displayed on the wallet’s LED screen, forces users to rely on a separate device or the custody provider’s interface for information. This practice is considered a security problem within the hardware wallet community.

The hack has raised concerns about the reliability of third-party infrastructure in securing digital assets. WazirX pointed out that other organizations, including the Central Bureau of Investigation (CBI), also use Liminal to store seized assets, questioning the trustworthiness of such custodians if their security measures can be bypassed.

As the investigation continues, WazirX has halted its operations and is working on a plan to resume services. The exchange’s co-founder, Nischal Shetty, has outlined steps to involve the community in deciding the platform’s reopening and recovery plans.

These steps include running a poll to help customers decide the approach to reopening the platform and exploring solutions to unlock tokens affected by the hack.

The post WazirX and Liminal Disagree on Source of $235 Million Hack appeared first on Blockonomi.

• Coinbase has filed a motion to compel the SEC to produce documents, including Gary Gensler’s private communications during his time as SEC Chair.
• The company argues these documents are critical for its defense against SEC allegations of operating as an unregistered securities exchange.
• Coinbase is seeking information on SEC conversations with other market participants and documents related to its 2021 public offering.
• The SEC has refused to search for documents outside its Enforcement Division, citing lack of relevance and undue burden.
• This motion is part of Coinbase’s ongoing legal battle with the SEC, which sued the company in June 2023.

Cryptocurrency exchange Coinbase has taken a new step in its legal fight against the U.S. Securities and Exchange Commission (SEC). The company has filed a motion to compel the SEC to produce documents it believes are crucial for its defense.

The motion, filed in the U.S. Southern District Court of New York, asks for several types of documents. These include private communications from SEC Chair Gary Gensler during his time at the SEC, which began in 2021.

Coinbase also wants information about conversations SEC staff had with other market participants, and documents related to Coinbase’s 2021 public offering.

This legal action is part of a larger conflict between Coinbase and the SEC. In June 2023, the SEC sued Coinbase. The regulator accused the company of operating as an unregistered securities exchange since 2019.

The SEC also claimed that Coinbase allowed illegal trading of unregistered securities on its platform.

Coinbase argues that the requested documents are important for its defense. The company believes these materials could show that the SEC didn’t previously consider Coinbase’s operations to be breaking securities laws. Coinbase also thinks the documents could support its claim that it didn’t receive fair warning about any violations.

Paul Grewal, Coinbase’s chief legal officer, explained the company’s position on social media. He said, “We’re entitled to know all the cards the other side has.” Grewal added that Coinbase isn’t trying to play “Texas Hold ‘Em with all the cards face down.”

Today we are asking the Court to order @SECGov to produce important documents in discovery, including documents related to the tokens the SEC included in its complaint against @coinbase, the SEC’s consideration of our public offering, and statements Chair Gensler has made in his…

— paulgrewal.eth (@iampaulgrewal) July 23, 2024

However, the SEC has pushed back against these requests. The regulator says it won’t search for documents outside of its Enforcement Division’s investigative files. The SEC claims these other documents aren’t relevant and that searching for them would be too much work.

Coinbase disagrees with the SEC’s stance. In its motion, the company called the SEC’s position “untenable.” Coinbase wants the court to make the SEC do thorough searches and either produce the requested documents or explain why they can’t be shared.

This latest move by Coinbase is a narrowed version of an earlier request. In April, the company had asked for Gensler’s private communications from before he became SEC Chair. After some pushback, Coinbase has now limited its request to Gensler’s communications during his time as Chair.

The conflict between Coinbase and the SEC is part of a broader debate about how cryptocurrencies should be regulated. Coinbase argues that the SEC doesn’t have the authority from Congress to regulate digital assets. The company also says it didn’t get fair notice that it might be breaking any rules.

The post Coinbase Requests Regulatory Documents in SEC Lawsuit appeared first on Blockonomi.

• Cybercriminals are targeting players of the popular game Hamster Kombat with phishing scams.
• Scammers use fake airdrop claims, token conversion promises, and fraudulent websites to trick users.
• The attacks coincide with Hamster Kombat’s rapid growth and plans to launch a cryptocurrency token.
• Phishing attacks have increased significantly in 2024, with $314 million lost in the first six months.
• Cybersecurity experts warn that these scams may spread to other regions where the game is popular.

The popular mobile game Hamster Kombat has become a target for cybercriminals, who are using various phishing tactics to trick players into revealing sensitive information. As the game’s user base grows rapidly, so do the risks for its millions of players.

Hamster Kombat, a Telegram-based tap-to-earn game, has gained over 239 million users in just 81 days. This explosive growth has caught the attention of scammers looking to exploit the game’s popularity.

Cybersecurity firm Kaspersky recently reported an increase in phishing attacks targeting Hamster Kombat players.

These attacks use several methods to lure unsuspecting gamers. One common tactic involves sending phishing links that promise to convert in-game tokens into real money, particularly Russian rubles.

When users click these links and enter their login information, hackers gain access to their accounts. This access allows criminals to steal data, send fraudulent messages, and even blackmail victims.

Another popular scheme involves fake airdrop claims. Scammers create websites or send messages promising free cryptocurrency related to Hamster Kombat. These fake airdrops aim to trick users into providing access to their crypto wallets, potentially leading to theft of digital assets.

The timing of these attacks is not coincidental. Hamster Kombat recently announced plans to launch its own cryptocurrency token, HMSTR, which is already listed for pre-trading on some exchanges. This news has created buzz among players and likely contributed to the increase in scam attempts.

Olga Svistunova, a security expert at Kaspersky, warned that while many of these scams currently target Russian users, they could soon spread to other regions where the game is popular, such as the Philippines and Nigeria.

The rise in Hamster Kombat-related phishing is part of a larger trend in cryptocurrency scams. According to data from ScamSniffer, victims lost $314 million to phishing attacks across all EVM chains in the first six months of 2024 alone. This amount already surpasses the total losses for all of 2023.

Cybersecurity experts advise Hamster Kombat players to be cautious of any messages or links promising free tokens, discounted cryptocurrency, or easy ways to convert in-game currency to real money. They should avoid clicking on suspicious links and never share their login credentials or wallet information.

The post Hamster Kombat Players Targeted in Phishing Attacks: What You Need to Know appeared first on Blockonomi.

• LI.FI, a cross-chain blockchain protocol, suffered a $11.6 million hack affecting 153 wallets
• The exploit was caused by a vulnerability in a newly deployed smart contract facet
• The company attributed the breach to “human error” in overseeing the deployment process
• Assets stolen included USDC, USDT, and DAI stablecoins
• LI.FI is working with law enforcement and security firms to recover funds and plans to compensate affected users

LI.FI, a popular cross-chain blockchain protocol, lost approximately $11.6 million in cryptocurrencies. The incident, which affected 153 wallets across the Ethereum and Arbitrum networks, has been attributed to human error during a smart contract update process.

LI.FI, which allows users to trade across various blockchains, published an incident report on Thursday detailing the exploit.

According to the report, the vulnerability stemmed from a newly deployed smart contract facet that lacked proper validation checks. This oversight allowed attackers to make arbitrary calls to any contract, effectively bypassing security measures.

The company stated, “Upon detecting the security breach, our team immediately activated the incident response plan, successfully disabling the vulnerable facet across all chains. This action contained the threat and prevented any further unauthorized access.”

Post-mortem and next steps for @lifiprotocol partners and community:https://t.co/H4EEiLAHEc pic.twitter.com/TZmx0VtLxo

— LI.FI (@lifiprotocol) July 18, 2024

The exploit primarily affected wallets that had set infinite token approvals, a practice that allows protocols to interact with user funds without requiring repeated permissions.

Assets drained in the attack included popular stablecoins such as USDC, USDT, and DAI. LI.FI emphasized that wallets using finite approvals, which is the default setting in their API, SDK, and widget, were not impacted by this vulnerability.

In their post-mortem report, LI.FI explained that the root cause of the exploit was “an individual human error in overseeing the deployment process.” The new smart contract facet lacked crucial validation steps that were present in other parts of the protocol. This oversight allowed malicious actors to exploit the vulnerability and access user funds.

The incident has raised concerns about the security practices in the decentralized finance (DeFi) sector. It follows a troubling trend of increasing security breaches in the space, with over $1 billion in digital assets lost due to various security incidents in the first half of 2024 alone.

In response to the breach, LI.FI has taken several immediate actions. They have advised users to revoke approvals for the compromised contract addresses and are collaborating with law enforcement authorities and web3 security firms to trace and potentially recover the stolen funds.

“If you are an affected wallet holder, please complete the following form so that we can get in touch with you directly. Your cooperation is greatly appreciated,” the team wrote in their report.

LI.FI has stated that its primary concern is assisting in the recovery of user funds. The company, with backing from its major investors, is exploring options to fully compensate affected users as soon as possible. This move aims to mitigate the impact on users and maintain trust in the protocol.

To prevent similar incidents in the future, LI.FI has outlined several additional security measures.

These include multiple audits, maintaining an auditing firm on retainer, backend infrastructure and API penetration testing, bug bounties, an incident response framework, and extensive security assessments of integrated third-party systems. These steps align with the National Institute of Standards and Technology (NIST) guidelines.

The post “Human Error” LI.FI Protocol Reports $11.6 Million Loss & Will Compensate Users appeared first on Blockonomi.

• Indian cryptocurrency exchange WazirX lost approximately $230-235 million in a cyberattack.
• The attack targeted one of WazirX’s multisig wallets that uses Liminal’s digital asset custody infrastructure.
• Funds were moved to a new address and some have been swapped for Ether.
• WazirX has temporarily suspended withdrawals while investigating the incident.
• Some experts suggest the attack may be linked to North Korean hackers.

WazirX, one of the country’s leading crypto exchanges, has fallen victim to a significant cyberattack. The breach, which occurred on July 18, 2024, resulted in the loss of approximately $230-235 million in digital assets.

The attack targeted one of WazirX’s multi-signature wallets that utilized the services of Liminal, a digital asset custody and wallet infrastructure provider.

According to WazirX’s preliminary report, the cyberattack stemmed from a discrepancy between the information displayed on Liminal’s interface and the actual contents of the transaction.

ALERTHey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network.

A total of $234.9M of your funds have been moved to a new address. Each transaction's caller is funded by @TornadoCash.

The suspicious… pic.twitter.com/4sajAwd4Hb

— Cyvers Alerts (@CyversAlerts) July 18, 2024

“During the cyberattack, there was a mismatch between the information displayed on Liminal’s interface and what was actually signed,” WazirX stated in their report. “We suspect the payload was replaced to transfer wallet control to an attacker.”

The compromised wallet employed a system of six signatories for transaction verification, typically requiring approval from three WazirX signatories and one Liminal signatory. Despite these security measures and the whitelisting of destination addresses, the attackers managed to bypass these safeguards.

Liminal, for its part, has stated that its platform was not breached and that its infrastructure, wallets, and assets remain secure. The company clarified that the compromised wallet was created outside of the Liminal ecosystem and that all WazirX wallets created on the Liminal platform continue to be secure.

At WazirX, our commitment to transparency and community welfare is paramount. There was a cyber attack on one of our multisig wallets. Below are the preliminary findings to clarify the situation:

» Incident Overview: A cyber attack occurred in one of our multisig wallets…

— WazirX: India Ka Bitcoin Exchange (@WazirXIndia) July 18, 2024

Web3 security firm Cyvers detected multiple suspicious transactions involving WazirX’s Safe Multisig wallet on Ethereum.

They reported that $234.9 million of funds were moved to a new address, with each transaction’s caller funded by Tornado Cash, a decentralized protocol for private transactions.

Crypto sleuth ZachXBT reported that the suspected primary attacker address still has over $104 million to offload. The stolen funds include a mix of various cryptocurrencies, with the largest portions being approximately $100 million in Shiba Inu, $52 million in Ether, and $11 million in Polygon.

In response to the security breach, WazirX has temporarily suspended withdrawals of both cryptocurrencies and Indian rupees on its platform.

The exchange assured users that it is “actively investigating the incident” and will provide updates as the situation unfolds.

Some experts in the field have suggested that this attack bears similarities to those carried out by North Korean threat actors. Blockchain analytics firm Elliptic stated that the attack “has all the hallmarks of North Korean threat actors,” noting that the attackers have taken steps to swap the crypto assets for Ether using various decentralized services.

The attack on WazirX comes at a time when the regulatory environment for cryptocurrencies in India remains uncertain.

The country’s government has been discussing potential regulations for almost four years, but a clear framework has yet to emerge.

As investigations continue, the crypto community will be watching closely to see how WazirX handles the aftermath of this significant breach and what measures will be implemented to prevent similar incidents in the future.

The post WazirX Crypto Exchange Loses $230 Million in Major Security Breach appeared first on Blockonomi.

• Blockchain identity platform Fractal ID suffered a data breach on July 14, 2024.
• Approximately 0.5% of Fractal ID’s user base (about 50,000 users) was affected.
• The breach exposed sensitive personal information including names, email addresses, wallet addresses, and images of uploaded documents.
• Gnosis Pay was among the affected protocols and alerted its users about the breach.
• The attacker gained access through an operator’s account, potentially using a password obtained from other hacks.

Fractal ID, a blockchain-based digital identity verification service, has reported a data breach that occurred on July 14, 2024. The incident has raised concerns about the security of personal information in the rapidly evolving Web3 ecosystem.

According to Fractal ID’s notice, an unauthorized third party gained access to an operator’s account and ran an API script that extracted users’ personal data. The breach lasted for approximately two hours and 14 minutes, from 05:14 AM to 07:29 AM UTC, before the team detected the intrusion and logged the attacker out of the system.

Wonder what data leaks when one of the hundreds of KYC service providers out there suffers a data breach

Well let's see what @Fractal_ID says about their leaked data

NAMES, EMAILS, PHONE NUMBERS, PHYSICAL ADDRESSES, CRYPTO WALLETS, SCANS OF ALL PHYSICAL DOCUMENTS(passport etc) pic.twitter.com/twFDjV8Err

— Lefteris Karapetsas | Hiring for @rotkiapp (@LefterisJP) July 17, 2024

While Fractal ID stated that only about 0.5% of its user base was affected, this still amounts to roughly 50,000 users, given the company’s claimed user base of around 1 million.

The compromised data potentially includes names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents such as passports and driving licenses.

Julian Leitloff, co-founder of Fractal ID, confirmed the breach to The Block, stating,

“A single operator account got breached and as a result, we noticed suspicious activity on Sunday morning. We immediately stopped access and could identify the cause which was later verified with external support.”

Leitloff suggested that the attacker might have gained entry using a “siphoned password gained from other hacks.”

The incident has affected several Web3 projects that use Fractal ID for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance. Gnosis Pay, a decentralized payment network, was among the first to alert its users about the breach. In an email to customers, Gnosis Pay stated that it was made aware of the breach by Fractal ID on July 15, 2024.

Other potentially affected projects include Polygon ID, Ripple, XRP Ledger, Avalanche, Near, Aurora, Acala, Polymath, BNB Chain, Lukso, Aleph Zero, and Arbitrum Foundation. However, the full extent of the impact on these platforms remains unclear.

The breach has drawn criticism from members of the crypto community. Blockchain investigator ZachXBT questioned Fractal ID’s ability to secure user data and suggested that teams using their product should consider alternatives.

I hope all of these teams move away from using your product.

Your team had one job of securing user data and could not even do that properly.

Why should anyone ever continue to do business with you? https://t.co/9jlZzzZpqJ pic.twitter.com/RhfTmie0ja

— ZachXBT (@zachxbt) July 18, 2024

This incident highlights the ongoing challenges of data security in the blockchain and cryptocurrency space, particularly for services that handle sensitive personal information.

While blockchain technology often promises enhanced security and user control over data, this breach demonstrates that centralized points of failure can still exist in Web3 infrastructure.

Fractal ID has stated that it has taken immediate action to mitigate the breach’s impact and implemented additional security measures. The company has also reported the incident to relevant data protection authorities and the cybercrime police division.

Users affected by this breach are advised to remain vigilant, monitor their accounts closely, and consider updating their security measures across various online services to mitigate potential risks.

The compromised data could potentially be used for phishing attacks, identity theft, or other malicious activities.

The post Web3 KYC Provider Fractal ID Compromised, Exposing 50k User’s Data appeared first on Blockonomi.

• DeFi protocol Li.Fi was hacked for approximately $11 million in Ethereum and stablecoins.
• The exploit targeted users who had manually set infinite approvals on their accounts.
• Li.Fi has contained the exploit and says users are no longer at risk.
• The attack may have exploited a vulnerability in the Li.Fi bridge.
• This is not the first security issue for Li.Fi, which lost $600,000 in a 2022 incident.

On July 16, 2024, the cross-chain decentralized finance (DeFi) protocol Li.Fi suffered a significant security breach. Hackers managed to exploit a vulnerability in the system, resulting in the loss of approximately $11 million worth of cryptocurrencies.

The stolen funds primarily consisted of Ethereum (ETH) and various stablecoins, including USDC, USDT, and DAI. Blockchain security firm CertiK initially reported the loss at nearly $9 million, but Li.Fi later confirmed to Decrypt that the total amount stolen was closer to $11 million.

ALERT@lifiprotocol, Our system has raised suspicious transactions involving your https://t.co/3LzbDK99Ed

We recommend users to revoke their approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae

More than $8M have been drained so far from users and mostly stablecoins!… pic.twitter.com/zsj9DZWnpU

— Cyvers Alerts (@CyversAlerts) July 16, 2024

Li.Fi, which allows users to trade across different blockchains, venues, and bridges, quickly responded to the incident. The protocol’s team announced on social media platform X (formerly Twitter) that they were investigating a potential exploit and urged users not to interact with any Li.Fi-powered applications until further notice.

According to Li.Fi, the exploit appears to have targeted users who had manually adjusted their account settings to allow “infinite approvals.” This setting essentially gives a smart contract unlimited access to a user’s funds, which can be risky if the contract is compromised.

A smart contract exploit earlier today has been contained and the affected smart contract facet disabled.

There is currently no further risk to users.

The only wallets affected were set to infinite approvals, and represented only a very small number of users.

We are engaging…

— LI.FI (@lifiprotocol) July 16, 2024

Crypto security firm Decurity suggested that the root cause of the exploit was likely a vulnerability in the Li.Fi bridge. They pointed to a specific function in a smart contract that was deployed just five days before the attack, which allowed for “arbitrary call with user-controlled data.”

https://t.co/k9LgVmliv7 bridge was exploited for ~8M USD.

The root cause is a possibility of an arbitrary call with user controlled data via `depositToGasZipERC20()` in GasZipFacet which was deployed 5 days ago!

One of hack txs: https://t.co/ILPFpZnJH8 pic.twitter.com/qpTmyFnCx8

— Decurity (@DecurityHQ) July 16, 2024

Li.Fi has since contained the exploit and disabled the affected smart contract facet. The protocol assured users that there is currently no further risk, emphasizing that only a small number of users who had set infinite approvals were affected.

In response to the incident, Li.Fi advised users to immediately use their “secluded revoke website” and provided a list of specific addresses that should be revoked. They also recommended that users visit scan.li.fi to check if their accounts have been compromised.

This is not the first time Li.Fi has faced security issues. In 2022, a bug in the protocol’s swapping feature resulted in losses of $600,000 in cryptocurrency. The recurring nature of these incidents highlights the ongoing security challenges faced by DeFi protocols.

The Li.Fi hack contributes to a growing tally of crypto thefts in 2024. According to a report by blockchain intelligence firm TRM Labs, hackers stole more than twice as much cryptocurrency in the first half of 2024 compared to the same period in 2023.

The total value of crypto thefts reached $1.38 billion by June 24, 2024, nearly matching the $1.7 billion stolen across all of 2023.

Li.Fi’s team stated that they are engaging with law enforcement authorities and relevant third parties, including industry security teams, to trace the stolen funds. They have promised to issue a more detailed post-mortem analysis of the incident as soon as possible.

The post DeFi Protocol Li.Fi Falls Victim to $11 Million Hack due to Smart Contract Exploit appeared first on Blockonomi.

• Multiple DeFi protocols, including Compound Finance and Celer Network, were targeted in a DNS hijacking attack.
• The attack appears to be targeting domains registered through Squarespace.
• Over 220 DeFi protocol front ends may still be at risk.
• The attackers are believed to be using the Inferno Drainer wallet kit to steal funds.
• Some security measures, like requiring wallet signatures for DNS updates, have been suggested to prevent future attacks.

On July 11, 2024, several decentralized finance (DeFi) protocols were hit by a DNS hijacking attack. The incident affected major players in the crypto space, including Compound Finance and Celer Network.

Security experts believe the attack is targeting domains registered through Squarespace, a popular website builder and hosting platform.

The attack was first noticed when users reported that the Compound Finance website (compound.finance) was redirecting to a malicious page.

This fake page contained a “drainer” app designed to steal users’ cryptocurrency tokens. Shortly after, Celer Network announced that it had also been targeted, but its domain monitoring system caught the attack before it could succeed.

Blockchain security firm Blockaid has been closely monitoring the situation. According to Ido Ben-Natan, co-founder and CEO of Blockaid, the attackers targeted DNS records hosted on Squarespace. These records were redirected to IP addresses known for malicious activities.

Developing situation – Multiple DeFi front ends are at risk of hijacking, with a few incidents already taking place, with projects like @compoundfinance and @CelerNetwork getting hacked over the past 24 hours.

We will update this thread with details as we go. pic.twitter.com/iWQR0ByIgB

— Blockaid (@blockaid_) July 11, 2024

Ben-Natan stated that while the full extent of the hijack is not yet known, approximately 228 DeFi protocol front ends could still be at risk.

The attack is believed to be the work of a group known as Inferno Drainer. This group has been active for some time, targeting various DeFi protocols and exploiting different vulnerabilities.

Their wallet kit allows cybercriminals to trick users into signing malicious transactions, giving the attackers control over their digital assets.

Security researchers have identified shared infrastructure used by the Inferno Drainer group, making it easier to track and identify related attacks.

Blockaid has been working closely with the crypto community to maintain an open channel for reporting compromised sites.

The incident has sparked discussions about improving security measures for DeFi protocols. Matthew Gould, founder of Web3 domain provider Unstoppable Domains, suggested creating verified on-chain records for domains. This would add an extra layer of protection for browsers and other systems to check, helping to reduce the risk of DNS attacks.

Gould also proposed a new feature where DNS updates would require a signature from the user’s wallet. This would make it much harder for hackers, as they would need to compromise both the registrar and the user’s wallet separately.

In response to the attack, several crypto projects and platforms have taken action. MetaMask, a popular Web3 wallet, announced that it is working to warn users of potentially compromised apps associated with the attack.

Users attempting to transact on any known site involved in the current attack will see a warning provided by Blockaid.

For those of you using MetaMask, you’ll see a warning provided by @blockaid_ if you attempt to transact on any known site that’s involved in this current attack. #mmsecurity https://t.co/Fk0sAjaeit

— MetaMask ???????? (@MetaMask) July 11, 2024

The crypto community has rallied to spread awareness and minimize potential damage. DefiLlama developer 0xngmi shared a list of over 100 DeFi protocols that may be affected by the attack, including well-known names like Pendle Finance, dYdX, Polymarket, and LooksRare.

The post DNS Hijacking Attack Targets Multiple DeFi Protocols appeared first on Blockonomi.