It has been reported that Bankol has been attacked and CoW’s legal impersonation Cointelegraph

It has been reported that Bankol has been attacked and CoW's legal impersonation Cointelegraph


Voted by Amazon Polly.

DeFi Exploitation: Bankroll reportedly $230,000

In a September 23 X post from blockchain security platform TenArmor, a hacker attacked the decentralized financial protocol Bankroll Network on September 22 and withdrew $230,000 from it.

TenArmor released footage of the attack's transactions. It shows multiple BNB transfers from the BankrollNetworkStack contract to itself, each worth $9,679,645.51.

Two other transfers are for $9,435,877.94, one from the PancakeSwap exchange pool and sent to an account ending in “47D7”, and the other from the “47D7” account and sent to the BankrollNetworkStack contract.

bybit

The difference between the automatic transfers and the transfers to the account is $243,767.57, which is approximately equal to the $235,000 declared as a loss.

Based on this information, the attacker may have used flash loans to make an initial deposit, exploiting a vulnerability that allows them to withdraw more than they deposit.

Bankroll attack transactions have been reportedBankroll attack transactions have been reported
Bank Network Attack Transactions. (TenArmorAlert)

Blockchain data confirms that the transfers took place on September 22 at 4:50 PM UTC. Cointelegraph contacted the bank's network team via Telegram and did not receive a response by the time of publication.

DeFi exploits are a frequent cause of losses for Web3 users. Users should carefully check the security of the protocol before using it. Protocols that have been audited by reputable smart contract security organizations are more likely to be secure, although this cannot be 100% guaranteed to be free of vulnerabilities.

Bankroll Network has not confirmed that this transaction was an exploit, and security researchers may report new information about it as their investigation continues. This is a developing story and may be updated over time.

Fish of the Week: Fisher moved $250,000 in CoW

In the year On August 28, a phisher who had previously drained $55.4 million worth of CryptoWale wallet attempted to clean the stolen assets using a portion of the CoW decentralized financial protocol.

In the process, the attacker converted the stolen DAI stablecoin into ETH. The platform discovered the transaction on September 14 when the attacker transferred the ETH to a new address.

Tweet from Peckshield about whalingTweet from Peckshield about whaling
(Peak Shield)

When viewed on Etherscan, the suspected counterfeit transaction appears as “MoooZ1089603480” in a list of 33 individual trades that are part of the call to action. An account tagged “Fake_Phishing442897” sent $260,000 worth of DAI stablecoin to CoW and received 106.29 ETH in exchange.

Whaling money transfer transactions on EtherscanWhaling money transfer transactions on Etherscan
A phisher makes an illegal transaction. (etherscan)

The function is called by what appears to be a third-party paying account or sender. By invoking the function to a third party, the attacker may be hoping to trick the analytics systems and prevent the funds from being traced. However, the strategy failed.

The attacker received $3,000 worth of DAI the previous day, which they earned by exchanging ETH for CoW.

In retrospect, they first received a certain amount of ETH on August 20. At that time, they received 3,879.58 ETH (approximately $10,000,000 based on the current ETH price) from CoW. is it. The ETH was then sent through several intermediate addresses before reaching the address obtained by the PeckShield system.

Read more

Features

Thailand's Crypto Islands: Working in Paradise, Part 1

Features

Blockchain startups think justice can be decentralized, but the verdict is still out.

According to PeckShield, the funds could ultimately be traced back to a $55.4 million phishing attack on one large account, or “whale.”

A phishing attack is a form of fraud that involves tricking someone into giving up sensitive information or doing something the fraudster wants. In the context of cryptocurrency, it usually involves tricking a user into giving token credentials. Once the victim approves these tokens, the attacker uses them to drain the victim's wallet.

Crypto users should carefully check the addresses they connect to. If a user accidentally approves a malicious contract to transfer their tokens, they can easily lose their funds to an attacker. In a seemingly endless attempt to evade analysis programs, the funds of these victims are being distributed among various wallets and exchanged for other tokens. If the attacker manages to confuse the programs enough, they may be able to safely transfer the money to a centralized exchange and cash, at which point the money is lost forever.

Fortunately, security firms have been able to track the funds so far, and there is still hope that authorities will eventually be able to recover them.

Malware Corner: D-Link Reveals Telnet Vulnerabilities

Network equipment maker D-Link disclosed five vulnerabilities in some of its router models on September 16, according to the Cyber ​​Risk Alliance, a cybersecurity organization. These vulnerabilities allow attackers to gain access to a user's home network and possibly devices that hold their wallet.

The first two vulnerabilities, designated CVE-2024-45695 and CVE-2024-45694, allow attackers to use “stack-based overflow” to gain access to a router. According to a report by the cyber security organization Cyber ​​Risk Alliance. The first vulnerability affects only the DIR-X4860 and DIR-X5460 router models, while the second affects only the DIR-X5460.

The three other vulnerabilities affect the aforementioned DIR-X4860 and the discontinued COVR-X1870. These tools allow the use of hardcoded credentials as long as Telnet is enabled.

Under normal circumstances, an attacker should not be able to enable Telnet on the device. However, the vulnerability, described as “CVE-2024-45697,” could allow an attacker to enable Telnet services on the device whenever an Internet or WAN port is plugged into the modem. This means that the attacker gets in and starts executing operating system (OS) commands.

The last two vulnerabilities, CVE-2024-45696 and CVE-2024-45698, also allow an attacker to use Telnet to execute operating system commands. With CVE-2024-45696, an attacker could “force” certain packets to be sent to Telnet to be enabled, although this particular vulnerability could only be exploited by someone using the WiFi network on which the device is running. With CVE-2024-45698, an attacker could bypass user input authentication via a Telnet service, allowing them to inject operating system commands.

D-Link urges its users to upgrade their devices to the latest firmware to protect themselves from any attacks resulting from these vulnerabilities.

Crypto wallet users should take extra care to ensure that their home network is not vulnerable to attack. Cybercriminals can use a home network breach to monitor a crypto user's online behavior, which can be used to plan further attacks that will ultimately result in the loss of crypto funds.

Christopher Roark

Christopher Roark

Some say he's a white-hat hacker who lives in the dark mining hills of Dakota and pretends to be a baby crossing guard to throw the NSA off his scent. All we know is that Christopher Roark has a pathological interest in hunting down fraudsters and hackers.

Pin It on Pinterest