Cyvers in the News

SUI LP provider Cetus DEX exploited as SUI pools drained in hack

According to Cyvers, the attack used flawed oracle pricing via spoof tokens, allowing the hacker to drain 46 liquidity pools. The total losses were estimated at $260M, split among four addresses. Up to $160M of the funds were frozen by other platforms during the laundering attempt.

Meir Dolev, CEO of Israel-based crypto security company Cyvers, which detected the Dough hack as it happened,
said that looping-related code is what hackers exploited to break into Dough’s systems. “Their implementation of complex, high-risk strategies like looping and de-looping without sufficient safeguards suggests they took excessive risks," Dolev said via email.

Dough’s post-hack report acknowledges the same root cause of the theft as Cyvers. Dough added that it would take preventive measures including auditing its code and enhancing security through monitoring.

‍

UPCX Assures Users After Unauthorized Transfer of 18.4MTokens

Blockchain security firm Cyvers confirmed the incident, stating that it involved the transfer of 18.4 million UPC tokens valued at approximately $70 million from three separate management accounts

According to Cyvers, its security system determined that an unauthorized person had gained access to the address 0x4C….3583E and “upgraded the ProxyAdmin contract.” The individual then executed the “withdrawByAdmin” function, resulting in the unauthorized transfer of the UPC tokens.

‍