Analysis Crypto by Thebittimes.Com

Private keys getting compromised took over $204 million across 14 security incidents in the third quarter of 2023. The third quarter of 2023 has been the “most financially damaging” quarter of the year, taking almost $700 million in digital assets across various security incidents, according to the quarterly report of blockchain security firm CertiK.  Within the report, CertiK highlighted that there was a total of 184 security incidents that happened in July, August and September 2023. The report highlighted that over $699 million in crypto assets were lost in the quarter , surpassing the first- quarter losses of $320 million and the second- quarter losses of $313 million. Within the types of exploits that led to the losses, private key compromises have been listed as the most damaging, taking over $204 million across 14 incidents. According to the report, the Multichain incident, where private keys were under the exclusive control of the project’s CEO, led to a loss of $125 mil...

The total value locked in DeFi protocols remained below $50 billion after another week of exploits. Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you the most significant developments from the past week. The past week in DeFi was dominated by exploits and hacks, with three DeFi platforms losing nearly $39 million. Alphapo’s hot wallets were exploited for over $32 million, Era Lend was drained for $3.4 million, and the decentralized finance protocol Conic Finance was exploited for almost $3.5 million. In better news, the DeFi ecosystem was buzzing with development s in zero-knowledge- proof (ZK- proof ) scaling solutions as the layer-2 sector heats up despite the bear market. The exploits and bearish market condition took their toll on DeFi protocols, with the total value locked in DeFi protocols seeing a significant drop over the past week. Alphapo hot wallets hacked for over $31 million Crypto payme...

USB keystroke injection devices like the Diabolic Drive still pose a threat to unsuspecting users by installing malware to take over systems. The Diabolic Drive’s name sounds as ominous as its potential payload. The recently developed USB wireless keystroke injection tool is intended to stress test networks, but could it potentially be used as a means to steal crypto currency from unwitting users ? The new gadget is set to be used by cybersecurity experts to test networks and business infrastructure against threat s. As recent reviews highlight, the 64GB drive is Wi-Fi enabled once plugged into a system, allowing a user to access the connected device remotely. According to a hardware review by Geeky-gadgets, the Diabolic Drive can fire a payload of a hypothetical malicious script remotely and can even be pre-programmed to execute commands as soon as it is plugged into a device. These devices are impressive and scary. Amazing what can be built so easily and dangerous for those who are...

Hackers continue to create fake Web3-enabled websites to fleece unsuspecting victims’ browser-based wallets, with ETHDenver being the latest victim. A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether (ETH). The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. According to Blockfence, which identified the fraudulent website, the smart contract has accessed more than 2,800 wallets and stolen over $300,000 over the past six months. Another day, another scam. This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam contract was marked as "High Risk" by our ML algorithm and our partners at @GoplusSecurity pic.twitter.com/Jdtoz2Bgu4 — Blockfence (@blockfence_io) February 20, 2023 ETHDenver also issued a not...

After amassing $120 million in tokens through an infinite minting glitch, hackers reportedly only cashed out around $1 million due to a lack of liquidity on BonqDAO. According to Blockchain security firm CertiK, the damage caused to decentralized protocol BonqDAO on Feb. 1 may have been much less than initially thought.  As told by CertiK, the attacker first borrowed 100 million BEUR, a euro stablecoin, with less than $1,000 in collateral due to a lack of controls on the collateralization ratio. If users set the parameter to zero, then the platform defaults to returning the "maximum value of uint256," allowing an astronomical sum of loans to be issued. However, CertiK said that despite the attacker borrowing 100 million BEUR (around $120 million at the time of attack), the hacker only managed to withdraw around $1 million due to a lack of liquidity on the platform. Previously, blockchain security firms such as PeckSheild stated that around $120 million was lost during the ...

A cartoon version of Dr. Adam Back recounts stories of hacking coded doors at university and the inception of Hash Cash in the latest of Cointelegraph Crypto Stories. It’s been a life of hacks for Dr. Adam Back, the CEO and co-founder of Blockstream. One of the few people quoted on the Bitcoin Whitepaper, hacking highlights of Back’s life are brought to life in the latest animated Crypto Story from Cointelegraph’s video team.  Over a game of Jenga in a park, Back told Cointelegraph that he’s always had a “kind of security mindset.” From his days as a student, he tinkered with door codes, pin pads and locks, testing out code and gaining access to places he “wasn’t supposed to have access to.” Back talks through the creation of Hash Cash, one of the early attempts at digital money. He uses the “Birthday collision” as an allegory for hash functions, demonstrating his aptitude to breaking down complex functions into intelligible language: “If you have a room full of people at a party or...

The attacker made close to $6.9 million in profits and left users with a pile of bad debt. According to a post-mortem analysis provided by CertiK of the $5.8 million Lodestar Finance exploit that occurred on Dec. 10,  5. The hacker burned a little over 3 million in GLP, their profit on this exploit was the stolen funds on Lodestar - minus the GLP they burned. 6. 2.8 Million of the GLP is recoverable, which is worth about $2.4 million. We are going to reach out to the hacker and... — Lodestar Finance (,) (@LodestarFinance) December 10, 2022 In a similar instance, CertiK said that Lodestar Finance hackers "artificially pumped the price of an illiquid collateral asset which they then borrow against, leaving the protocol with irretrievable debt." "Despite some of the losses being potentially recoverable, the protocol is functionally insolvent right now, and users are being urged not to repay any loans they have taken out." The attack occurred through a vulnerability...

The main vulnerability behind the attack was within GLP oracle and how it conducts its price. Arbitrum-based lending protocol Lodestar Finance was exploit ed in a flash loan attack on Dec. 10. According to Lodestar, the attack er manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attack er supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation of the plvGLP." Following the hack, "several plvGLP holders also took advantage of the opportunity and also cashed out at 1.83 glp per plvGLP." The hacker was able to burn a little over 3 million in GLP, m...

The decentralized-finance protocol said it is working with exchanges to immediately halt trading of its BNB staking rewards token, aBNBc. BNB Chain-based decentralized finance (DeFi) protocol Ankr has confirmed it has been hit by a multi-million dollar exploit on Dec. 1. The attack appeared to be first discovered by on-chain security analyst PeckShield at approximately 12:35 am UTC on Dec. 2.  Within an hour of the attack, Ankr confirmed on Twitter that the aBNB token has been exploited and that they’re working with exchanges to immediately halt trading of the compromised token. Our aBNB token has been exploit ed, and we are currently working with exchanges to immediately halt trading . — Ankr (@ankr) December 2, 2022 The attacker was purportedly able to mint 20 trillion Ankr Reward Bearing Staked BNB (aBNBc), a reward-bearing token for BNB staked on the protocol. According to a Twitter post from on-chain Analysis firm Lookonchain, the exploit er has since used services such a...