Security and Risk

25 Dec - Defrost Finance suffered another attack

DeFi Defrost Finance was investigating on another attack after compensating victims of 23 Dec attack on V2 protocol. The team noted that the same attacker managed to obtain the private key and performed exploitation on V1 protocol. [more][more-Defrost]

• The attacker added fake collateral tokens and used a malicious price oracle to liquidate current users. The loss was estimated to be $12 million.

• While the company proactively announced the hack, the community suspects a rug-pull situation at play.

26 Dec - Multichain crypto wallet BitKeep installer hijacked

BitKeep team confirmed that some APK package downloads have been hijacked by attackers and embeded with malicious codes after users indicated unauthorised transactions from their wallets. The team urged its users to transfer their funds to a wallet that came from official sources like Google Play and the Apple App Store, not from any third party site. [more]

• Apart from this, the team also asked community members to use newly created wallet addresses as their previous addresses may already be “leaked to hackers.”

26 Dec - DeFi Rubic compromised

Rubic team indicated that a whitelisted USDC address used to interact with its contracts was compromised and resulted in its users’ USDC tokens being stolen.[more]

• The team expressed its commitment to compensate all users and had distributed its first trench of conpensating tokens.

30 Dec - 3Commas API keys leak

FBI started investigating 3Commas after an anonymous person leaked 100,000 API keys connected to the crypto trading service. [more][more-2]

• API keys leaker indicated that the 3Commas keys had been sold by someone from within the company. This was repeatedly denied by 3Commas CEO Yuriy Sorokin.

Crypto Scams

• Kevin O’Leary’s Twitter account suspected hacked after it started promoting crypto giveaways. [more]

• Californian regulators have issued consumer warnings against crypto broker scams, with one victim losing $14,000 to a fake Uniswap venture. [more]

Other Crypto and Tech Reads

1. Turkey - Turkey’s central bank completed first CBDC test and aimed to push for more test in 2023. [more]

2. China - A provincial secretary from the Chinese Communist Party pled guilty to charges of power abuse and bribery involving crypto miners. Cases like this have highlighted the difficulty faced by the Communist Party in enforcing last year's crypto ban. [more]

3. Ethereum decentralized finance (DeFi) hard, as the total value locked in the sector has declined by 76%, at around $23.1 billion. [more]

4. From Timbuktu to Ukraine, Theresa Kennedy, founder of Black History DAO, said that with blockchain technology, data can be stored in many different places, making it harder for it to be destroyed. [more]

5. Ari Redbord, who was a former prosecutor for the Department of Justice, indicated that “bad guys are getting better, and their tactics are becoming more sophisticated”. He noted that roughly $3 billion was drained from DeFi platforms in 2022 as many of these DeFi platforms were new and had not developed robust cybersecurity tools yet. [more]

6. FTX event

   1. Sam Bankman-Fried was suspected moving $684,000 worth of crypto assets from his and Alameda’s wallet to new wallets. [more]

   2. The Securities Commission of The Bahamas has confirmed it still holds $3.5 billion worth of FTX’s assets, which it took possession of in early November, soon after the failed crypto exchange filed for bankruptcy. [more]

   3. FTX Japanese indicated that customer withdrawal will resume from February 2023 via Liquid Japan. [more]