$11M Bittensor Phish, UwU Lend and Curve Fake News, $22M Lykke Hack
6 months ago Benito Santiago
Crypto-Sec is a bi-weekly collection of crypto and cyber security stories and tips.
Table of Contents
ToggleBiggest scam of the week: TAO owner loses $11.2 million.
In the largest phishing attack ever recorded in June, users of artificial intelligence platform Bittensor (TAO) lost more than 28,000 tokens worth $11.2 million at the time. The attack was reported by onchain sleuth ZachXBT on his Telegram channel.
The attacker distributed the funds to 18 different wallet accounts and merged them into 16 accounts, ZachXBT reported. After that, the 16 accounts connected to Ethereum from the TAO network and converted it to ETH and USDC stablecoin using three different decentralized exchanges.
Splitting funds into multiple wallets and combining them is a common tactic of fraudsters and is designed to bypass money detection methods on central exchanges. It is this fragmentation and recombination technique that led ZachXBT to conclude that this was a phishing attack.
A crypto phishing attack is a type of scam where the attacker creates a fake website that is part of a legitimate protocol, such as a decentralized exchange or lending application. But the site is actually malicious and not approved by the official protocol group. When the user allows their tokens to be used by a fraudulent application, the user steals them instead of doing what they expect.
Phishing scams are one of the most common ways crypto users lose their money from attacks.
White Hat Corner: Microsoft Fixes “Zero-Click” Vulnerability
According to Security Week, Microsoft has fixed a vulnerability that could allow attackers to execute code on Outlook users' devices without asking them to download or run a file. Cyber security firm Morphysec has reportedly discovered the flaw.
A potential attack simply requires the user to open a malicious email instead of downloading or running a file. Because of this, Morphysec refers to the bug as a “zero-click vulnerability.”
Morphisek reports that the flaw allows attackers to exfiltrate data, gain unauthorized access to systems, and perform other malicious activities.
Crypto software wallets use key vault files stored on the device to sign transactions, so these files can be stolen in this attack and lead to crypto losses.
Despite Microsoft's patch, some devices may still be running older versions of Outlook, so “[u]Cirrus is advised to update their Outlook clients as soon as possible,” the report said.
Microsoft lists the vulnerability as “important” but not “critical.” The flaw affected earlier versions of Outlook 2016, Office LTSC 2021, 365 Apps for Enterprise and Office 2019, but the most current versions of these apps are not vulnerable.
Also read
Main characteristics
Become a Bali Crypto Digital Nomad like me: Here's how
Main characteristics
‘Deflation' is a stupid way to approach tokenomics… and other sacred cows.
DeFi Exploit of the Week: UwU Credit is Exploited Twice
The DeFi protocol UwU loan on Ethereum was exploited twice by the same attacker in a three-day period. The first attack took place on June 10, and after withdrawing $20 million from the protocol, the second attack on June 13 took an additional $3.7 million, according to reports from blockchain security platforms PeckShield and Cybers.
In a June 12 post, the team acknowledged the initial attack, stating that the attacker used the Ethena Stacked Dollar (sUSDe) price oracle, but the team patched the vulnerability after it was discovered. “The team has now identified a vulnerability that is unique to the sUSDe market legend and has now been addressed,” he said.
According to blockchain security platform Peck Shield, the attacker used the sUSDe oracle used by the protocol to display a false value. This allowed some liquidity pools to lend $20 million. The attacker then pocketed these funds and never paid back the loan.
To explain in more detail: The sUSDe oracle of the protocol used the average value obtained from multiple liquidity pools. Using large flash loans, the attacker was able to change the prices in all four of these pools: FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD and GHOUSDe. This affected the price recorded by the sUSDe oracle, which in turn changed the loan requirements in the protocol. The attacker used these changed requirements to take out loans that were not adequately secured, allowing them to lose the loan and run away with the borrowed funds.
Related: What are Flash Loans in DeFi?
An estimated $14.4 million of the funds were transferred to an account ending in EB70, and another $4.6 million was transferred to an account ending in 5EB6. Since the attacker converted all other tokens to ETH after the attack, the stolen property is entirely Ether (ETH).
On June 12, the UU team announced that it had paid off bad debts for Tether (USDT), DAI and crvUSD, allowing markets to restart.
Related: UwU Credit Hit by $20m Hack
However, the day after this announcement, Syvers announced that the attacker carried out a second exploit against UwU Lend. This second attack targeted the uDAI, uWETH, uLUSD, uFRAX, uCRVUSD and uUSDT pools and extracted $3.7 million from them.
The UwU Lned exploit had a knock-on effect, with the Curve CRV token entering freefall and multi-tenant founder Michael Egorov being offered a $140 million stablecoin position.
This led to news reports that Egorov proposed to burn 10% of the CRV token supply worth $37 million to help stabilize the token's price.
Unfortunately, the burning story was a hoax Tweeted by Igorov in an attempt to lure fake users. The real Egorov told Cointelegraph:
“This information was tweeted by a fake (fake) account, with a scam link. Few journalists do not check the news properly and do not publish news about this matter.
Also read
Main characteristics
On… Why don't more law schools teach blockchain, DeFi and NFTs?
Main characteristics
Crypto Critics: Can FUD Ever Matter?
Deep Fake Scams: OKX User Loses $2M
According to a report from Chinese crypto media Wublockchain, an OKEX user lost more than $2 million to a deep fake scam powered by artificial intelligence (AI). The attackers were Leigh J.
The video allowed employees on the OKX platform to make changes to Chang's password, email address and Google Authenticator, bypassing all two-factor authentication controls. The attackers then transferred all of Chang's cryptocurrency to the wallet accounts they had seized.
According to the report, OKX is currently investigating the attack.
Related: AI-driven crypto crime is just getting started – Elliptical Report
CEXs: SomaXBT claims hack coverp on Lykke exchange
On June 9, blockchain researcher SomaXBT alleged that the Leek exchange hid $22 million in losses from a June 4 hack. The researcher began to investigate the issue after he noticed that many users of Lyke had complained about not being able to withdraw money. The exchange stated on Discord that the forum is undergoing maintenance.
But after investigating, SomaXBT discovered that more than $19 million in Bitcoin (BTC) and ETH had been transferred from multiple wallet accounts to a new address, suggesting the exchange may have been hacked, he said. “They are still trying to hide this fact,” Lykke said, as five days have passed without the exchange making an official statement.
The next day, Lyke acknowledged the attack and apologized to his users for not being able to log out. To do this, it promises to return all users, stating that it has “strong capital reserves and a diversified portfolio”.
RELATED: Lykke crypto exchange admits to hack after halting withdrawals
Subscribe
A very engaging read in Blockchain. It is given once a week.
Christopher Roark
Some say he's a white-hat hacker who lives in the dark mining hills of Dakota and pretends to be a baby crossing guard to throw the NSA off his scent. All we know is that Christopher Roark has a pathological interest in hunting down fraudsters and hackers.
