 |
DeFi Exploit: $230K Reportedly Lost
According to a September 23 post from blockchain security platform TenArmor, hackers compromised decentralized finance protocol Bankroll Network on September 22, stealing $230,000.
TenArmor has published an image of the attack transaction, showing numerous BNB transfers from the BankrollNetworkStack contract to itself, each worth $9,679,645.51.
The other two transfers are for $9,435,877.94, one of which originates from the PancakeSwap exchange pool and goes to an account ending in “47D7”, and the other originates from the account “47D7” and goes to the BankrollNetworkStack contract.
The difference between the equity transfer and the account transfer amount is $243,767.57, which is almost the same as the $235,000 stated as the loss amount.
Based on this information, the attacker may have exploited a vulnerability that allowed them to withdraw more money than they deposited, possibly using a flash loan to make the initial deposit.
Blockchain data confirms that the transfer took place at 4:50 p.m. UTC on September 22. Cointelegraph reached out to the Bankroll Network team via Telegram, but did not receive a response by the time of publication.
DeFi exploits are a frequent source of loss for Web3 users. Users should carefully research the security of a protocol before using it. Protocols audited by reputable smart contract security firms are more likely to be secure, but there is no 100% guarantee that there are no vulnerabilities.
Bankroll Network has not confirmed that this transaction is an exploit, and security researchers may report new information about it as their investigation continues. This is an ongoing story and may be updated over time.
This Week in Phish: Phisher Moves $250K via CoW
According to blockchain security platform PeckShield, on August 28, phishing attackers who previously emptied a cryptocurrency whale’s $55.4 million wallet attempted to launder some of the stolen money by moving it through the CoW decentralized finance protocol.
During this process, the attacker converted the stolen DAI stablecoin to ETH. The platform detected the transaction on September 14, when the attacker transferred the ETH to a new address.
When displayed on Etherscan, the money laundering transactions show up in a list of 33 individual transactions made as part of the “MoooZ1089603480” function call. The account labeled “Fake_Phishing442897” sent $260,000 worth of DAI stablecoins to CoW and received approximately 106.29 ETH in return.
This function was called by what appeared to be a third-party payer account or intermediary. By having a third party call this function, the attacker may have been trying to fool the analytics system into not tracking the funds. However, this strategy failed.
The suspect received $3,000 worth of DAI the previous day by exchanging ETH via CoW.
Going back in time, they originally received some ETH on August 20th. At that time, they received 3,879.58 ETH from CoW (about $10,000,000 based on the ETH price at the time), which they traded for DAI. The ETH went through several intermediate addresses before arriving at the address detected by PeckShield’s system later.
Also read
characteristic
Thailand’s Cryptocurrency Island: Working in Paradise, Part 1
characteristic
Blockchain startups believe justice can be decentralized, but the verdict isn’t there yet.
According to PeckShield, the funds can ultimately be traced back to a $55.4 million phishing attack on large accounts, or “whales.”
Phishing is a type of fraud that tricks people into providing sensitive information or performing actions that the fraudster wants them to perform. In the context of cryptocurrency, this typically involves tricking users into approving tokens. Once the victim approves these tokens, the attacker uses them to empty the victim’s wallet.
Cryptocurrency users should be careful about the addresses they interact with. If a user accidentally approves a malicious contract and transfers tokens, they can easily lose their funds to the attacker. This particular victim’s funds are split across multiple wallets and exchanged for other tokens in an endless attempt to evade the analysis program. If the attacker is successful enough in confusing the program, they can safely transfer the funds to a centralized exchange and cash out, where the money is likely lost forever.
Fortunately, security companies have been able to track the funds so far, and there is still hope that authorities will eventually recover the funds.
Malware Corner: D-Link Discloses Telnet Vulnerability
According to cybersecurity firm CyberRisk Alliance, networking gear manufacturer D-Link disclosed five vulnerabilities in some of its router models on September 16 that could allow attackers to access users’ home networks and potentially devices containing cryptocurrency wallets.
According to a report from cybersecurity firm CyberRisk Alliance, the first two vulnerabilities, tracked as CVE-2024-45695 and CVE-2024-45694, allow an attacker to access the router using a “stack-based overflow,” at which point the attacker can “execute arbitrary code on the device.” The first vulnerability only affects the DIR-X4860 and DIR-X5460 router models, while the second vulnerability only affects the DIR-X5460.
The remaining three vulnerabilities affect the aforementioned DIR-X4860 and the discontinued COVR-X1870. These devices can be logged in using hardcoded credentials as long as Telnet is enabled.
Under normal circumstances, an attacker would not be able to enable Telnet on the device. However, the vulnerability identified as “CVE-2024-45697” allows an attacker to enable the Telnet service on the device whenever the Internet or WAN port is connected to the modem. This means that the attacker can log in and execute operating system (OS) commands.
The last two vulnerabilities, CVE-2024-45696 and CVE-2024-45698, also allow an attacker to log in using Telnet and execute OS commands. In the case of CVE-2024-45696, an attacker can “force” Telnet to be enabled by sending specific packets, but this particular vulnerability can only be exploited by someone who already has access to the WiFi network the device is operating on. In the case of CVE-2024-45698, an attacker can bypass user input validation in the Telnet service and inject OS commands.
D-Link has urged users to upgrade their devices to the latest firmware to protect themselves against any attacks that could exploit these vulnerabilities.
Crypto wallet users should be especially careful to ensure that their home network is not vulnerable to attacks. Cyber criminals can use a home network breach to monitor the online behavior of crypto users, and use this to plan additional attacks that ultimately result in the loss of crypto funds.
Subscribe
The most interesting articles on blockchain, delivered once a week.
Christopher Locke
Some say he is a white hat hacker living in the black mining hills of Dakota, pretending to be a children’s crossing guard to avoid the NSA’s eyes. What we do know is that Christopher Locke has a pathological desire to hunt scammers and hackers.