DeFi

This week’s big crypto hack: a record address poisoning attack

Published

9 months ago

on


April 29 to May 4, 2024

This week has been particularly eventful in the crypto world, marked by significant hacks that have been felt throughout the community. From the second Pike Finance breach in just a few days to the unfortunate loss of a trader due to a phishing scam, the crypto security landscape is once again in focus.

There is still a lot to learn from an unfortunate situation. Here is what happened.

A detailed summary

1. Pike Finance suffers a double attack

Pike Financea notable DeFi lending platform, faced its second exploit in a span of three days, resulting in a substantial loss of $1.68 million across Ethereum, Arbitrum, and Optimism networks.

The attacker exploited critical flaws in Pike Finance smart contracts, taking control of the protocol’s output address. This orchestrated move led to the transfer of $1.4 million in ETH, $150,000 in OP, and over $100,000 in ARB.

Interestingly, this incident occurred shortly after another breach on April 26, in which Pike Finance lost $300,000, indicating vulnerabilities in its security measures.

2. Yield Protocol: Vulnerable and Exploited!

In a cautionary tale, defunct DeFi lending platform Yield Protocol fell victim to hackers who exploited vulnerabilities on the Arbitrage Blockchain. Despite going offline in December 2023, Yield Protocol suffered the theft of approximately $181,000 in crypto assets due to manipulations within its smart contracts.

Investigations revealed that the attacker exploited anomalies in pool tokens using flash loan assets, highlighting the importance of robust security measures. Unfortunately, attempts to recover the stolen assets were unsuccessful as support for the Yield Protocol had ceased months before.

3. A costly mistake

More complex is the case where this crypto user mistakenly sent his 1,155 WBTC-wrapped Bitcoins to a bad actor’s wallet, losing $68 million. His wallet was drained by more than 97% of its total assets. The rest of its content has since been removed, leaving them with just $13.56 worth of ETH.

The vulnerability was based on the imitation of a ETH transfer of 0.05 ETH and forcing the victim to send a large number of WBTC instead. The victim’s transfer history was breached and the victim was forced to send the money to the address belonging to the real exploiter who presented his address as legitimate.

This address poisoning method confirmed by reputable blockchain security companies such as Certifiedproves how seriously cryptocurrency owners must protect their transactions against sophisticated phishing attacks.

Also discover: Attacker Steals $71 Million in Highly Sophisticated Phishing Attack That Deceived Investor

These examples should serve as a wake-up call to all crypto users, regardless of experience. As technology evolves, so do the tactics of those who seek to exploit it. By staying informed about the latest threats, implementing robust security measures, and exercising skepticism, users can navigate the crypto markets with ease.



Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version