Cyvers in the News

Crypto investor loses $2.6M in stablecoins in double phishing scam

According to data shared on May 26 by crypto compliance firm Cyvers, the victim sent 843,000 worth of USDt USDT$1.00, followed by another 1.75 million USDt around three hours later. Cyvers said the scam used a method known as a zero-value transfer, a sophisticated form of onchain phishing.

“The attacker exploited vulnerabilities in Cetus Protocol’s smart contracts by deploying spoof tokens to manipulate price curves and reserve calculations,” said Deddy Lavid, CEO of blockchain security firm Cyvers. “This allowed them to extract real assets from multiple liquidity pools, including the SUI/USDC pool.”

SUI LP provider Cetus DEX exploited as SUI pools drained in hack

According to Cyvers, the attack used flawed oracle pricing via spoof tokens, allowing the hacker to drain 46 liquidity pools. The total losses were estimated at $260M, split among four addresses. Up to $160M of the funds were frozen by other platforms during the laundering attempt.