Over $2.3 Billion Stolen in Crypto Hacks and Frauds in 2024

^{According to Cyver s’ annual report, access control vulnerabilities stood out as a primary driver of losses}, responsible for 81% of the total stolen funds.

‍

“The surge in access control breaches and sophisticated scams like Pig Butchering underscores the importance of implementing AI-powered risk assessment, transaction validation, and anomaly detection tools. Security must evolve to stay ahead of increasingly complex and coordinated attack,” Cyvers told BeInCrypto.

Web3 Cyber Threats Surge in 2024: Cyvers Report

^{Web3 cyber threats surged in 2024, with losses exceeding $2.3 billion across 165 incidents, according to Cyvers.}

‍

In its report summarizing key security trends in 2024, ^{Cyvers said access control-related incidents (67) accounted for 81% of the $2.3 billion lost.} About 98 smart contract exploits caused losses totaling $456.3 million. The report noted that one address poisoning incident resulted in a loss exceeding $68 million.

Crypto thieves score big on centralized services, private keys in 2024

^{The centralized finance (CeFi) sector was hit particularly hard, “experiencing a nearly 1,000% year-over-year increase in incidents,”} Web3 cybersecurity firm Cyvers told Cointelegraph.

‍

Cyver s’ co-founder and chief technology officer, Meir Dolev, and the firm’s senior blockchain scientist, Hakan Unal, emphasized the importance of adopting advanced security strategies, such as real-time threat detection, crosschain monitoring and preemptive prevention measures to mitigate these rising risks. “

^{"Emerging threats like AI-driven attacks and quantum vulnerabilities highlight the need for proactive measures and stronger regulatory oversight to protect digital assets.”}

Cyvers revient sur les menaces web3 en 2024 : rapport sur près de $6 milliards dérobés

Les cyberattaques dans le web3 explosent en 2024, atteignant 6 milliards de dollars. ^{Cyvers répond avec des solutions innovantes pour sécuriser l’écosystème blockchain.}

Les cyberattaques dans le web3 ont atteint 6 milliards de dollars en 2024, une hausse de 40% par rapport à 2023, dominées par des violations de contrôle d’accès et des escroqueries pig butchering.

Ethereum est la blockchain la plus touchée, avec 1,2 milliard de dollars perdus en hacks et phishings, tandis que les contrats intelligents ont causé des pertes de 456,3 millions de dollars.

Des spécialistes de la cybersécurité comme Cyvers proposent des outils innovants, tels que la validation préemptive et l’analyse avancée des graphes, pour prévenir les attaques et renforcer la sécurité des actifs numériques.

M2 Exchange - Rekt

‍

^{Cyvers ' AI sentinels were the first to spot} the darkness spreading, as multiple suspicious transactions slithered across ETH, SOL, and BTC chains.

Crypto Exchange M2 Confirms $13.7 Million Breach, Says Issue Resolved Within 16 Minutes

‍

In a statement shared with Bitcoin.com News, ^{Cyvers said the latest security incident highlights the growing vulnerability of both centralized and decentralized finance} platforms to attacks. However, the security firm noted that centralized finance platforms appear more susceptible, citing a 1,000% surge in the number of incidents compared to a 25% drop in losses for decentralized finance platforms during the same period.

‍
^{Cyvers pointed to the $305 million DMM hack and the $235 million Wazirx heist as examples} of the risks facing cryptocurrency exchanges. The firm urged these entities to adopt better strategies to protect users.

UAE’s M2 crypto exchange hacked for $13.7M, assures full fund recovery

‍

^{Cyvers commented to CryptoSlate that this attack is part of a worrying trend of increasing security breaches in crypto.}

‍

^{Cyvers pointed out that centralized finance (CeFi) platforms have seen a nearly 1,000% spike in security incidents} year over year, while DeFi platforms reported a 25% decrease in losses. However, they remain at risk due to the complexities of smart contracts and protocols.

‍

Crypto Exchange M2 Reports $13.7 Million Hack in Security Breach

‍

^{The trouble was first noticed by Cyvers Alerts,} that found suspicious transactions involving M2 on three major networks: Ethereum (ETH), Solana (SOL), and Bitcoin (BTC).

‍

After spotting something unusual, ^{Cyvers tried reaching out to M2 but didn’t get a response at first.} M2 later confirmed that something was wrong and explained what happened.

^{According to Cyvers , the suspicious address collected about $3.7 million} in USDT, 97 million in SHIB, and 1,378 ETH. The hacker then swapped everything into Ethereum and left about $10 million on the Ethereum blockchain.

Cyvers even shared the address for those following the case on Etherscan.

Radiant Capital Hit By $50 Million Crypto Hack

‍

^{Cyvers Alerts reported that the Radiant platform appeared to have “suffered a private key compromise ,} leading to an ongoing attack. A malicious actor gained control of multi-sig wallets and has already drained over $50 million in user assets.

“Users are strongly advised to avoid interacting with the protocol at this time and revoke all data approval for the protocol. Please exercise caution until the situation is resolved.”

‍

‍

Radiant Capital Suffers $50 Million Hack; Second Major Attack in 2024

‍

^{Cyvers warned users to avoid all interactions} with Radiant until further notice.

‍

"^{It appears that the platform has suffered a private key compromise, leading to an ongoing attack.} A malicious actor gained control of multi-sig wallets and has already drained over $50 million in user assets by exploiting the transferFrom function,” said Cyvers ’ alert.

Radiant Capital Hit By $50 Million Crypto Hack

‍

^{Cyvers Alerts reported} that the Radiant platform appeared to have “suffered a private key compromise, leading to an ongoing attack. A malicious actor gained control of multi-sig wallets and has already drained over $50 million in user assets.

Radiant Capital Hit by $50M Loss in Second Attack

‍

^{According to Cyvers Alert} , Radiant Capital faced a private key compromise that impacted its activities on the BNB Smart Chain (BSC) and ARB chains, leading to a loss of about $50 million in money. ^{Cyvers , which is known for its on-chain investigation work,} offered a thorough examination of the incident.

Radiant Capital Loses $50M in its Second Attack This Year

‍

^{According to Cyvers Alert reports} , the platform witnessed a private key compromise in its BSC (BNB Smart Chain) and ARB chains that led to the loss of $50 million worth of funds.

‍

^{Cyvers, the on-chain detective, revealed a detailed analysis} of how the attack happened. Radiant Capital, similar to other leading cryptocurrency firms, uses a multi-signature wallet for security

Radiant Capital Suffers $50 Million Hack; Second Major Attack in 2024

‍

^{Cyvers Alerts first recognized this news,} detecting a series of suspicious transactions involving Radiant Capital on multiple chains.

^{Cyvers warned users} to avoid all interactions with Radiant until further notice.

‍

“It appears that the platform has suffered a private key compromise, leading to an ongoing attack. A malicious actor gained control of multi-sig wallets and has already drained over $50 million in user assets by exploiting the transferFrom function,” said Cyvers ’ alert.

Singapore Crypto Exchange BingX Suffers Hot Wallet Exploit, Over $52M Reportedly Stolen

‍

The attack affected several blockchains, with ^{Cyvers Alerts estimating a total loss of over $52 million.}

‍

^{Cyvers Alerts later updated the loss figure, indicating that the total now exceeds $52 million, with most of the stolen assets being swapped.} The affected chains include Ethereum, BNBChain, BASE, Optimism, Polygon, Arbitrum, and Avalanche.

Crypto Exchange BingX Hit by Hack That Drained at Least $27m (1)

‍

^{Cyvers , which provides security services for crypto firms}, estimated that some $52 million worth of crypto was lost to the hackers, after discovering additional wallets that have been compromised.

BingX ‘minor’ loss in suspected hack climbs to $52M

‍

“As more wallets are identified, the total loss grows. Initial estimates, like $13 million, were likely incomplete, but updates from forensics firms, now reporting figures like $43 million, show a clearer picture,”^{Hakan Unal, senior security operations lead at Cyvers Alerts, told Cointelegraph.}

Bingx Hit With $52 Million Hack, Lazarus Group Suspected

‍

Asian cryptocurrency exchange Bingx confirmed on Sept. 20 that a hacking attack forced them to suspend withdrawals. While the company claimed “minor asset loss,” ^{security firm Cyvers estimated total losses at approximately $52 million}

Explaining the higher loss estimate,^{Hakan Unal, Senior Security Operations Lead at Cyvers} , cited a more comprehensive analysis of the incident across all affected chains which led to a “more accurate estimate of the $52 million loss.”

Bitcoin ETFs are next major target for North Korean hackers — Cyvers

‍

Hackers could start shifting their attention to the US Bitcoin ETFs due to the sizable potential bounty, ^{according to Michael Pearl, vice president of GTM strategy at onchain security company Cyvers}

Pearl told Cointelegraph in an exclusive interview:

“Only recently the FBI has issued a warning that North Korean hackers are going to try to infiltrate and steal money from ETFs. So, all those ETFs […] are storing the base Bitcoin somewhere. And you can be certain that somebody is already planning and thinking of how they're going to steal it.”

Indonesian crypto exchange Indodax goes offline after suspected $22M hack

‍

^{Yosi Hammer, the head of AI at Cyvers} , suspects the involvement of North Korea’s infamous cryptocurrency hackers, the Lazarus group. He told BSCN:“The pattern and the characteristics of the (Indodax) attack highly resemble those of North Korea’s Lazarus Group.”

Indonesian crypto exchange Indodax suffers $22m hack: report

‍

^{Analysts at Cyvers  , another blockchain forensic firm}, say the hackers have already swapped the stolen tokens to Ethereum, with on-chain data showing altcoins have also been converted into TRON, Polygon, and Bitcoin.

Indonesian crypto exchange Indodax hacked, issues advisory

‍

^{Cyvers Alerts issued an alert to Indoda}x suggesting that its system detected multiple suspicious transactions involving the exchange’s wallets on different networks. It mentioned that a suspicious address was holding $14.4 million USD and was caught swapping the tokens for Ether.

‍

It later added that they detected more than 150 such transactions and the total loss had breached $18.2 billion.

Indonesia’s Largest Centralized Exchange Suffers $18 Million Exploit: Report

‍

On September 11, ^{Cyvers Alerts took to X to notify the exchange of suspicious transactions.}“Our system has detected multiple suspicious transactions involving your wallets on different networks,” the company stated.

Indonesian exchange Indodax faces $20 million loss from apparent exploit

‍

"We identified a significant security breach targeting Indodax's hot wallet, resulting in a loss of over $20.5 million across multiple chains, "^{said Yosi Hammer from blockchain security firm Cyvers}. "Our real-time monitoring systems flagged 160 critical red flags at the onset, beginning with a transfer of 660 ETH."

Indonesian Crypto Exchange Hit by $20.5M Hack, Lazarus Group Suspected

‍

^{According to Cyvers}, the attacker, believed by some observers to be the Lazarus Group, performed more than 150 transactions. The security firm believes the attack vector exploited by the attacker is related to an access control violation.

Penpie DeFi Platform Reportedly Hit With $27 Million Security Breach

‍

^{According to the real-time on-chain monitoring system Cyvers Alert}, the hack led to the loss of at least $26 million in various wrapped and synthetic crypto assets.

Penpie hacker launders 26% of $27M stolen funds in 12 hrs

‍

On Sept. 4,^{Web3 security firm Cyvers alerted} about the hacker transferring 26% of the hacked funds to a Tornado Cash address.

DeFi Protocol Penpie Loses $27 Million in Hack, PNP Token Sinks 40%

‍

^{Blockchain security firm Cyvers reported the incident}, detecting suspicious activity involving Penpie’s contract. Based on the report, the address funded by a crypto mixing service has executed a malicious transaction and got around $27 million worth of digital assets.

Penpie - Rekt

‍

It didn't take long for the blockchain sleuths to mobilize, within 20 minutes, ^{Cyvers confirmed the worst} as the damage had ballooned to a staggering $27 million.

Terra exploited for $6.8m due to reentrancy vulnerability: report

‍

^{According to Cyvers, hackers have stolen 60 million} ASTRO, 3.5 million USDC, 500,000 USDT and 2.7 Bitcoin BTC-0.93%Bitcoin from the Terra blockchain. The total amount of reported losses has reached roughly $6.8 million.

‍

^{Cyvers claims that this vulnerability was “revealed in April of this year.”}

Over 70% of hacked funds are lost to CeFi entities: ^Cyvers

‍

^{To improve these vulnerabilities, the industry needs a more holistic approach to Web3 security, according to Cyvers’ Lavid, who said:}

“Addressing these vulnerabilities requires a shift towards a more mature and conscious approach to security. Securing entire networks, not just individual projects, and focusing on both technological and human factors are essential steps in this direction, especially as L2 networks continue to grow."

WazirX Hit By ₹1,900 Cr Breach; North Korean Hacker Group Suspected Behind Cyber Attack

‍

^{The breach was first noticed by Cyvers}, a cryptocurrency cybersecurity firm based in Israel, who, after verifying it, immediately reached out to WazirX and also announced the breach on X.

^{Hakan Unal, Senior Security Operation Center Lead at Cyvers}, told the FPJ in an exclusive interview that the breach was detected almost as soon as it was executed, thanks to their advanced Artificial Intelligence-based monitoring systems.

WazirX $235 Million Hack: North Korean Hackers Suspected Behind Heist

‍

According to security platform ^{Cyvers, which flagged multiple suspicious transactions from the platform,} hackers moved over $234.9 million worth of funds from WazirX to a new address. The security firm noted that transactions from crypto mixing service Tornado Cash initiated the hack, highlighting potential concerns about the source of the funds.

‍

^{Cyvers reported that the address linked to the hackers} had begun converting PEPE, GALA, and USDT into Ethereum. The security firm confirmed active swapping of other assets as well.

WazirX Protocol - REKT

‍

^{Cyvers sounded the alarm shortly after the attack}, detecting multiple suspicious transactions being funded by Tornado Cash making moves on the platform.

Half Of Investors’ Funds Gone From WazirX In Massive Breach

‍

^{Cyvers Alerts reported unauthorized transactions} involving their Safe Multisig wallet in which funds were moved to a different wallet on the Ethereum network, suspecting a massive hack at WazirX.

‍

The transactions reportedly originated from accounts funded by TornadoCash, a cryptocurrency mixing service commonly used to obfuscate transaction trails, which made the experts at Cyvers suspicious.

‍

^{Cyvers alleged that the transferred funds were swiftly converted} from various digital assets like $PEPE, $GALA, and $USDT into Ethereum ($ETH) and further into other digital assets.

Breaking Indian Crypto Exchange WazirX Halts Withdrawals After a $234.9 Million Hack

‍

^{Cyvers expressed concerns that the WazirX Safe wallet} may have been compromised by a potentially malicious entity. After the transfer, the suspicious address began a series of cryptocurrency swaps.

‍

^{Deddy Lavid, CEO of Cyvers, shared insights with BeInCrypto:} “The use of TornadoCash to fund the transactions is indicative of methods used in previous high-profile attacks. While it is too early to definitively link this incident to the Lazarus Group, the similarities are concerning.

Cyvers is closely analyzing the situation,”.

North Korean Hackers Are Suspected in $235 Million Crypto Theft

‍

^{Blockchain security firm Cyvers said} $234.9 million of assets have been drained from the exchange and moved to a new address.

‍

^{Based on the Cyvers estimate} , the amount lost from the multiple-signature wallet on WazirX would be one of the biggest crypto thefts in recent years and comes just a month after Japanese crypto exchange DMM Bitcoin lost over $300 million in a hack, renewing concerns around the sector that has been vulnerable to similar exploits.

‍

Indian crypto exchange falls victim to $235M hack

‍

^{Web3 security firm Cyvers has detected “multiple suspicious transactions"} involving WazirX’s Safe Multisig wallet on Ethereum.

‍

According to an X post, it is believed that $234.9 million of funds in the Safe Multisig wallet of the Indian crypto exchange have been moved to a new address, with each transaction’s caller funded by Tornado Cash, the decentralized protocol for private transactions.

WazirX Halts Withdrawals after $235 Million Breach Linked to Tornado Cash

‍

^{Cyvers Alert announced the detection of multiple suspicious transactions} involving WazirX’s Safe Multisig wallet on Ethereum. The firm identified that $234.9 million in funds from the wallet were transferred to a new address.

LiFi Protocol loses over $8M in a cyberattack

Li​.Fi protocol attacked, $10M drained

‍

^{According to Cyvers,} approximately $10 million in cryptocurrency holdings were drained, which also affected the Arbitrum blockchain.

^{Dolev told} Cointelegraph that “this incident underscores the risks inherent in granting wallet approvals to smart contracts.”

‍

^{Cyvers reported on the incident}, explaining that the attacker funded the attack through the zero-knowledge protocol Railgun and swapped the stolen USD  for Ether (ETH).

LiFi Protocol exploited for $10 million, warns users to avoid platform

‍

On July 16, ^{Cyvers Alert reported suspicious transactions involving a LiFi smart contract.}

‍

^{Meir Dolev, co-founder and chief technology officer at Cyvers, told CryptoSlate:}

“The incident highlights the dangers of giving wallet approvals to smart contracts. It’s crucial for protocols to stay alert, as hackers can take advantage of these approvals to steal both assets in the contracts and funds in users’ connected wallets.”

LiFi Protocol Under Attack with Over $10 Million Drained

‍

^{According to reports from Cyvers Alerts}, the breach involved suspicious transactions targeting the Li.Fi protocol through a specific contract address.

‍

Meir Dolev, co-founder and Chief Technology Officer at Cyvers, emphasized the risk of such approvals, stating,

“Hackers can exploit these approvals to drain both assets stored in the contracts and funds in the connected wallets of users.”

Holograph hack leads to $7M loss, HLG token dives 80%

^{Blockchain security firm Cyvers tracked part of the stolen funds, revealing the hacker's strategy} involving USDT, ETH, and privacy protocols.

‍

Blockchain security platform ^{Cyvers reported that some of the stolen tokens were swapped for the USDT stablecoin}, which the attacker used to acquire 300 ETH. Subsequently, the hacker distributed the funds to several addresses, including those linked to privacy protocols like Tornado Cash and Railgun.

Sifu’s Uwu Lend hacked again by same attacker, loses $3.7M

Uwu Lend was hacked again on Thursday for $3.7 million, ^{according to the blockchain security firm Cyvers.}

‍

^{Cyvers revealed that the attacker hit them again 24 hours later.} The protocol came out of leading lending protocol Aave, particularly its so-called v2 codebase, allowing users to borrow, lend and stake a variety of crypto assets.

UK crypto exchange stops trading after $22m is lost in ‘security incident’

Most of the biggest hacks this year have been due to private key leakage ―^{a security problem identified by cybersecurity outfit Cyvers as a potential major concern for crypto companies.}

‍

Last year, ^{Cyvers’ research revealed} that 85% of the $900 million stolen from exchanges, bridges and DeFi protocols in the latter half of the year were due to private key leakage.

‍

^{Cyvers co-founder Meir Dolev} previously told DL News the problem could become more endemic to crypto if industry participants did not adopt safety measures.

DeFi Platform UwU Lend Undergoes Cyber Attack: $19.5 Million Lost

^{The Web3 security firm Cyvers identified and reported this alarming incident.}

‍

As of this writing, the platform is still under attack. In an interview with BeInCrypto,

Cyvers co-founder Meir Dolev shed light on the incident:

“The UwU lending contract was exploited by an attacker that executed 3 transactions in 6 minutes and drained approximately $20 million. Attacker was funded from Tornado cash 2 days ago,” Dolev told BeInCrypto

UwU Lend hit by $20M crypto hack

The ongoing exploit has already netted the attacker nearly $20 million in digital assets.

^{The $14 million exploit was first discovered by on-chain security firm Cyvers,} which wrote in a June 10 X post:

“Hey @UwU_Lend , you are being attacked! So far address got around $14M…”

‍

While the team is still investigating the incident, it is shaping up as a major cryptocurrency hack that affected multiple assets, according to ^{Meir Dolev, chief technology officer and co-founder of Cyvers.}

‍

Dolev told Cointelegraph:

“The attack is still ongoing, but we can already see that we’re talking about a major incident that has already passed the $20 million threshold. We’re talking about different assets (like WBTC and DAI) that are drained from the pools and being converted to ETH.”

‍

Shortly after the attack, Cyvers revealed that the attack was funded by the crypto mixing protocol Tornado Cash and executed three malicious transactions. According to Dolev:

“The UwU lending contract was exploited by an attacker that executed three transactions in six minutes and drained approximately $20 million. The attacker was funded from Tornado Cash two days ago.”

CoinGecko confirms email provider data breach, over 23,000 phishing emails sent

To safeguard from phishing emails, users should double-check the email’s authenticity and ensure they have two-factor authentication (2FA) on crypto platforms, ^{according to Hakan Unal, senior blockchain scientist at on-chain security firm Cyvers.} He told Cointelegraph:

“The immediate concern is the risk posed to individuals who might receive these compromised emails. To stay safe, users should verify the authenticity of such emails and enable multifactor authentication on all crypto accounts.”

Tether CEO warns of new wave crypto airdrop scam emails, CoinGecko potentially affected

To safeguard from phishing emails, users should double-check the authenticity of the email and make sure they have two-factor authentication (2FA) on crypto platforms, according to ^{Hakan Unal, senior blockchain scientist at on-chain security firm Cyvers. He told Cointelegraph:}

“The immediate concern is the risk posed to individuals who might receive these compromised emails. To stay safe, users should verify the authenticity of such emails and enable multifactor authentication on all crypto accounts.”

Real World Assets Need Real-Time Security: Cyvers CEO

Blockchain technology is causing a seismic shift in how we think about asset ownership and investment. The ability to “tokenize” real-world assets (RWAs) such as real estate, art, commodities, and intellectual property has tremendous disruptive potential.

‍

^{Deddy Lavid, CEO at AI Web3 security firm Cyvers}, told BeInCrypto that failing to implement robust safeguards could expose investors to undue risks and liabilities and curb the impressive growth of this booming market.

BNB Chain Hit by $80K Bitcoin Theft

A recent suspected exploit on the BNB Chain led to the theft of around $80,000 worth of Bitcoin (BTC) through several suspicious transactions. The identity of the token contract involved remains undisclosed, and speculation suggests that the perpetrator could be a white-hat hacker, ^{as noted by on-chain security firm Cyvers.}

^‍

^{According to on-chain security firm Cyvers}, the exploited token contract remains unidentified, but the attacker’s actions suggest they might be a white hat hacker.

In a May 28 post on X, Cyvers noted that the attacker received funding through the cryptocurrency mixing service Tornado Cash, commonly used by malicious actors to hide the origin of their funds.

BNB Chain exploited for $80K of fake BTC tokens

While the exploited token contract is still unknown, the attacker could be a white hat hacker, or ethical hacker, who uses his skills to find security vulnerabilities, ^{according to on-chain security firm Cyvers. The firm wrote in a May 28 X post:}

“The total loss is approximately $80K. The attacker received funding via TornadoCash and has also interacted with the Binance exchange, indicating a possible white hat action.”

Sonne Finance and BlockTower Capital Hacked: Combined Losses Exceed $20 Million

Sonne Finance, a decentralized liquidity market protocol operating on Optimism and Base, has been struck by a significant cyber attack.

^{Blockchain security firm Cyvers detected the attack on May 15} in the early morning of Asia.

Sonne Finance Suffers $20M Exploit, Hacker Flees

On May 14, around 10:30 pm UTC ,^{Web3 security firm Cyvers ddetected an ongoing attack on Sonne Finance}’s USD and Wrapped Ether (WETH) contracts ,^{at the time they had only stolen $3M in cryptocurrency.}

‍

^{However, Sonne Finance only Became aware of the issue 25 minutes later}. By that time, they had already been drained of $20 million of WETH, Velo (VELO), soVELO, and Wrapped USDC (USDC.e).

DeFi protocols Sonne Finance and ALEX Lab lose over $24 million in separate hacks

The crypto projects have offered their attackers a 10% bounty to return the stolen funds.

‍

Decentralized liquidity provider Sonne Finance fell victim to a $20 million exploit on its Optimism network-based USDC and Wrapped Ethereum (WETH) contracts ,^{according to blockchain security firm Cyvers}.

Reinventing Blockchain Security: Exclusive Interview With Cyvers CEO Deddy Lavid

From firewall to blockchain technology, the search for a definitive solution to cybersecurity challenges continues. Today, blockchain security, a $4 billion problem, has provoked an ongoing arms race between innovative security solutions and evolving cyber threats.

Crypto trader loses $70.5 million in address poisoning scam, highest recorded yet

^{Blockchain security firm Cyvers Alert reported} that an unnamed crypto trader lost 1,155 Wrapped Bitcoin (WBTC), equivalent to $70.5 million worth, to address poisoning.

‍

The modus operandi involves creating addresses strikingly similar to the target’s, employing identical starting and ending characters to deceive unsuspecting victims.

‍

Crypto user loses $69.3m to address poisoning scammer

On-chain investigator ZachXBT and crypto security provider Cyvers corroborated the news. ^{Cyvers CTO Meir Dolev said the case was “probably the highest value lost due to an address poisoning scam” to date.}

Exploiter Steals $68M Worth of Crypto Through Address Poisoning

A user unintentionally sent 1,155 wrapped bitcoin to an exploiter's wallet after being targeted by address poisoning.

‍

^{Security platform Cyvers and blockchain sleuth ZachXBT confirmed that $68 million had been lost} to an address poisoning scam.

Trader loses $68M in address poisoning scam

An unknown trader lost $68 million worth of Wrapped Bitcoin (WBTC) in a single transaction in an address-poisoning scam.

‍

^{The $68 million theft was first revealed by on-chain security firm Cyvers in a May 3 X post:}

^{“Are we mistaken, or has someone truly lost $68 million worth of $WBTC? Our system has detected another address falling victim to address poisoning, losing 1,155 $WBTC.”}

Pike Finance Suffers Double Attack in 3 Days, Loses $1.98M in Smart Contract Exploit

^{A recent report by Cyvers Alert, a blockchain security and analytics firm, revealed a troubling discovery}: the hacker managed to exploit vulnerabilities in smart contracts across three different chains – Ethereum, Arbitrum, and Optimism – all on April 30.

‍

The attacker gained control over the output address within Pike Finance’s smart contract, orchestrating a significant transfer of cryptocurrency to their own account. The damage totaled $1.4 million in Ether (ETH), $150 thousand in Optimism (OP) tokens, and over $100 thousand in Arbitrum (ARB) tokens.

Pike Finance Exploited Twice in Three Days, Over $1.6 Million Lost

On early Wednesday morning ^{,blockchain security firm Cyvers identified several anomalous transactions on the cross-chain lending protocol of Pike Finance}. Cyvers further revealed that this suspicious transaction resulted in a substantial financial loss of approximately $1.6 million.

Crypto Shock: ZKasino.io Disappears, Leaving Investors in the Lurch

^{It was Cyvers Alert, a beacon of vigilance in the ever-watchful cryptocurrency community, that first sounded the alarm}. With a single tweet, they set off a chain reaction of shock and scrutiny, revealing the dark underbelly of ZKasino.io ’s demise.

Hedgey Finance hacked for $44.7m on Arbitrum, Ethereum

According to alerts from security startup Cyvers, Hedgey Finance was hacked on April 19 across the Ethereum (ETH) and Arbitrutm (ARB) blockchains. ^{Cyvers reported that the first attack was deployed on ETH’s chain, and hackers stole around $1.9 million in crypto.}

Infrastructure Protocol Hedgey Incurs $45 Million Loss in Cyberattack

The attacker managed to maneuver through Hedgey Finance’s digital defenses by executing transactions that siphoned off assets totaling around $44.5 million. ^{Cyvers, a cybersecurity firm specializing in blockchain technology, initially detected this incident.}

DeFi platform Hedgey Finance hit by $44 million exploit

Hedgey suffered an exploit worth over $42.8 million Arbitrum (ARB) tokens on the Arbitrum network, ^{according to an April 19 X post by on-chain security firm Cyvers.}

DeFi Platform Hacked for at Least $1,900,000 and Possibly More on Ethereum and Arbitrum Blockchains

In a new announcement, ^{cybersecurity firm Cyvers says that DeFi platform Hedgey Finance has been breached} by bad actors who took at least $1.9 million worth of funds that were converted to the stablecoin Dai (DAI).

This DeFi Altcoin Is Under Heavy Attack: Price Resets!

^{Blockchain security firm Cyvers shared some explanations on the matter}. Accordingly, the hacker managed to access the wallet of the Grand Base distributor. Thus, it initiated asset transactions, leading to a dramatic sale of assets worth around $2 million. This action led to a loss of more than 99% in the GB token value of the DeFi altcoin project.

DeFi Protocol Grand Base Hacked: Over $2 Million Lost

^{Analysts at AI Web3 security firm Cyvers told BeInCrypto the criticality of the situation}. They noted that the attacker’s ability to mint new tokens magnified the financial damage and exposed severe security flaws.

‍

“The compromised deployer’s wallet losing access control raises concerns, emphasizing the urgency for heightened security protocols and vigilant monitoring to safeguard against such devastating losses in the future,” analysts at Cyvers emphasized.

No Country For Young Fintechs: The U.K.’s Debanking Of Crypto Blockchain And Web3

‍A survey of U.K. fintech and crypto firms found that 50 percent of the firms surveyed have been rejected from opening a bank account or had an account closed by a major U.K. bank. Only 14 percent managed to successfully apply for a bank account with one of "the CMA 9” - the nine biggest mainstream banks in the U.K. - without it being closed at a later date.

South Korea’s Upbit Refunds 8.5 Billion Won To Crypto Fraud VictimsCrypto safety received a major boost in South Korea after the largest crypto exchange, upbit.co.kr/, announced reimbursements of 380 victims who had been defrauded through voice phishing in the amount of 8.5 billion won ($6.07 million). It shows how the exchange has stepped up efforts in cooperation with law enforcement agencies to combat cyber fraud.

Uncertainty around the mandatory reimbursement cap for APP frauds – a new headache for FI firms and their insurers?New regulations coming on 7 October 2024 will require payment firms to reimburse victims of authorized push payment (APP) fraud up to a set limit. On 4 September 2024, the Payment Systems Regulator (PSR) announced a consultation proposing to set this limit at £85,000, vastly reduced from the previously proposed £415,000 cap.

WazirX halts trading after a $234 million hack

^{Web3 security firm Cyvers has detected} “multiple suspicious transactions” involving WazirX’s Safe Multisig wallet on Ethereum.

^{According to the Cyvers report}, “The suspicious address has already swapped PEPE, GALA, and USDT to ETH and continues to swap other digital assets.” 

🚨 JUST IN: Address poisoning scam claims $68M in Wrapped #Bitcoin from an unknown trader, per @CyversAlerts.

BREAKING: ~$68.3M WORTH OF $WBTC ON @ethereum SUSPECTED TO HAVE BEEN LOST IN ADDRESS-POISONING SCAMH/T: @CyversAlerts

Stellar is a decentralized, public blockchain that gives developers the tools to create experiences that are more like cash than crypto. The network is faster, cheaper, and far more energy-efficient than most blockchain-based systems. It’s designed so Stellar’s ecosystem can make a real-world, lasting impact.

Crypto Shock: ZKasino.io Disappears, Leaving Investors in the Lurch

^{‍It was Cyvers Alerts, a beacon of vigilance in the ever-watchful cryptocurrency community, that first sounded the alarm.} With a single tweet, they set off a chain reaction of shock and scrutiny, revealing the dark underbelly of ZKasino.io’s demise.

Teahouse Finance is a multi-strategy DeFi platform specializing in secure and transparent asset management. Much like a hedge fund, Teahouse aims to help enterprise and individual clients grow their crypto assets through its wide range of professional strategies that align with users’ risk tolerance and investment goals.

Velocore is the leading ve(3,3) dex on zkSyncEra & Linea. Through the revolutionized AMM and ve(3,3) system, Velocore provides a one-click compounding experience and vote/bribe in real time without caring about the epoch.

Defi platform on Base network experiences $2m hack

^{‍According to web3 security firm Cyvers, the breach occurred on Grand Base’s deployer wallet,} as the attacker gained full privileges to mint the defi protocol’s native token, GB. Following the breach, the price of Grand Base plummeted nearly 99%.

^{Cyvers Alert:} Abnormal transactions of Privago.ai’s native token PVGO occur, warning not to participate

^{Cyvers Alerts} monitored that its system detected abnormal trading behavior of the native token PVGO of the Privago.ai project and strongly warned not to participate in this project.

Unprecedented Cyber Theft Shakes Cryptocurrency Market: What You Need to Know

^{‍Leading the charge in combating these threats is Cyvers, an AI Web3 security firm at the forefront of innovation in real-time threat detection and proactive mitigation strategies.}

Teaming up with industry partners, Cyvers is dedicated to fortifying the resilience of digital assets against a myriad of cyber threats, ensuring the protection of investments and the orderly functioning of cryptocurrency markets.

KiroboFlow's Chief Operating Officer Michael Pearl Joins Cyvers as VP GTM Strategy

‍Michael Pearl, the Chief Operating Officer of the blockchain firm KiroboFlow, has moved to Cyvers as the VP for GTM Strategy. ^{Cyvers is a blockchain security company using machine learning to detect cryptocurrency attacks.}

^{$739.7 Million in Crypto Hacked in Q1 2024: Cyvers}

‍The first quarter of 2024 has unfolded as a pivotal chapter in the narrative of Web3 security, marked by both notable achievements in threat mitigation and profound challenges.

This report synthesizes key findings from AI Web3 security firm Cyvers’ comprehensive analysis of security incidents in Q1 2024, highlighting emerging threats and underscoring the importance of resilience within the ecosystem.

CYVERS ONBOARDS MICHAEL PEARL AS VP OF GTM STRATEGY

‍Fintech veteran Michael Pearl has joined blockchain security firm CyVers as vice president of GTM strategy. He leaves a tenure of three years at Tel Aviv-based Kirobo, a developer of decentralized solutions, where he had served as Chief Operating Officer since 2021.

Tether blocks $280k linked to the FixedFloat hack, analyst explains breach

‍FixedFloat faced its second hack since February, as an earlier exploit cost the exchange over $26 million.

In both incidents, unauthorized access to the hot wallet led to the withdrawal of $2.8 million and $26 million in several tokens, respectively. Blacklisted tokens like USDT and USDC were swiftly swapped to avoid being frozen, while DAI was directly deposited to eXch without conversion. ^{Cyvers analysts believe the pattern indicates a targeted exploitation of vulnerabilities within the system’s access controls.}

Crypto Exchange FixedFloat Suffers Second Security Breach With $2.80 Million Lost

‍The cryptocurrency exchange FixedFloat has fallen victim to a second security breach, resulting in a loss of $2.80 million.

‍

Blockchain forensics firm ^{Cyvers sounded the alarm, revealing that suspicious transactions were detected, leading to the withdrawal of funds from FixedFloat’s hot wallet on the Ethereum (ETH) blockchain.}

‍

‍“The security breach at FixedFloat suggests an access control issue, similar to a previous hack on February 16. In both incidents, unauthorized access to the hot wallet led to the withdrawal of significant funds. Notably, blacklisted tokens like USDT and USDC were swiftly swapped to avoid being frozen, while DAI was directly deposited to eXch without conversion. This pattern indicates a targeted exploitation of vulnerabilities within the system’s access controls,” analysts at Cyvers told BeInCrypto.

‍

FixedFloat reportedly suffers $2.8 million theft, Tether freezes $400,000 from attackers

‍Decentralized exchange FixedFloat’s Ethereum-based hot wallet saw several suspicious transactions that led to the withdrawals of $2.8 million during the past day, according to the Web3 security firm Cyvers.

^{According to Cyvers:}

^{“Approximately 14 hours ago, a staggering $2.8 million was withdrawn from [FixedFloat] hot wallet on the ETH chain.} The funds were directed to a suspicious address, which subsequently received various digital assets including ETH, USDT, WETH, DAI, and USDC.”

Fixed Float Exploited for $2.8 Million, Tether Freezes Hacker Addresses

‍FixedFloat, the fully automatic crypto exchange, has reportedly been a victim of yet another security breach. The hacker managed to take almost $2.8 million worth of crypto from the Ethereum chain hot wallet, with the platform’s access control issues to be blamed. ^{The hack reported by CyversAlerts has left the exchange’s users bewildered and wondering as they wait for the platform to be sorted.}

Decentralized Exchange FixedFloat Loses $3 Million to Second Hack in One Month

‍^{Cyvers Announces Second FixedFloat Hack}

^{‍Cyvers Alerts, an X account posting real-time security alerts, revealed the hack.} In an X post, Cyvers noted that hackers withdrew the funds from a hot wallet on the ETH chain and sent the assets to another address through several cryptos, including Ether (ETH), USDC, DAI, USDT, and Wrapped ETH (wETH). Reportedly, the hacker used eXch, a smart contract used to swap tokens. As of this writing, the DEX’s official website is unavailable due to “technical work.” Interestingly, FixedFloat has not confirmed or denied the hack.

Binance Labs-backed OpenLeverage suffers $236k exploit

^{‍According to CyversAlert, the attacker’s wallet for covering fees was funded by Tornado Cash}, an OFAC-sanctioned crypto mixing protocol, although the specifics of the attack remain unclear as of press time.

‍

FixedFloat Crypto Exchange Allegedly Exploited for $2.8M

‍The incident follows a previous security breach in February, suggesting vulnerabilities in access controls.

‍

^{‍"The security breach at FixedFloat suggests an access control issue, similar to a previous hack on February 16,” Cyvers Alerts told BSCN. “In both incidents, unauthorized access to the hot wallet led to the withdrawal of significant funds ($2.8M and $26M, respectively).”}

Prisma Finance exploited in $10 million breach

‍Decentralized finance (DeFi) protocol Prisma Finance was exploited for around $10 million worth of cryptocurrencies on March 28.

^{On-chain security alert provider Cyvers were the first to detect the anomaly}, according to a March 28 X post

Stablecoin protocol Prisma Finance hacked for over $11m

^{‍Security analysts at Cyvers first uncovered the attack} and crypto.news reached out to the security firm for exclusive details of the incident.

‍

‍“We have detected multiple attacks on Prisma Finance Trove Manager Contract. The attacker was funded by FixedFloat and 7 minutes later deployed a malicious contract that was detected by Cyvers as 2 min before the first exploit transaction. The exploit is ongoing, and we have already detected six exploit transactions with a total value lost of $9M. “

‍– Deddy Lavid, CEO at Cyvers

Prisma Finance Hacked: $11 Million Gone in DeFi Breach

‍An analyst from Cyvers detailed the attack’s mechanics. They explained to BeInCrypto how the perpetrators funded their operations through FixedFloat before deploying a malicious contract. ^{Cyvers identified this contract two minutes before the initial exploit transaction}, highlighting the attack’s rapid succession and execution.

‍

‍“It is more than $11 million now. It can go $20 million as there is still funds in the contract. We messaged Prisma Finance to pause their contract since it has pause function,” security researchers at Cyvers told BeInCrypto.

https://news.bitcoin.com/prisma-finance-suffers-11-6m-hack-in-liquid-staking-shockwave-moves-to-mitigate-fallout/#:~:text=Cyvers,-reported%20the%20intrusion

Prisma Finance Suffers $11.6M Hack in Liquid Staking Shockwave, Moves to Mitigate FalloutOn a recent Thursday, blockchain surveillance and safety squads from Peckshield and Cyvers reported the intrusion into Prisma Finance’s liquid staking mechanism. ^{Cyvers unveiled that their monitoring system identified a “malicious contract” a mere two minutes before the attack was executed.}

Hacker mints 1B tokens in $16M Curio smart contract exploit

‍Curio said it will conduct a fund compensation program for affected liquidity providers, which could potentially take up to one year to complete.

^{Web3 security firm Cyvers estimated that the losses from the exploit are about $16 million.} The security firm said the exploit involved a “permission access logic vulnerability.”

Curio Hit by $16 Million Exploit Due to Voting Power Vulnerability

‍Curio, a project focused on facilitating liquidity from real-world assets for firms, has fallen victim to a smart contract exploit related to a vulnerability in voting power privileges.

^{According to the Web3 security firm Cyvers, the hack most likely occurred due to a vulnerability in the permissioned access logic.} This vulnerability allowed the attacker to create an additional 1 billion CGT tokens, which in turn resulted in the hacker obtaining CGT tokens worth almost $16 million.

Hacker mints 1b CGT tokens worth $40m in Curio ecosystem

‍^{According to analysts at Cyvers Alerts, the hack most likely occurred due to a vulnerability in the permissioned access logic,} which allowed the attacker to create an additional 1 billion CGT tokens. As a result, the hacker took possession of CGT tokens worth almost $40 million.