Hack

1inch compromised by major hack in supply chain attack

November 2, 2024 1 min read

A recent security breach has hit the decentralized exchange aggregator 1inch and other platforms like TEN Finance, stemming from malicious code embedded in the Lottie Player animation library. This vulnerability affects versions 2.0.5 and later of Lottie Player, allowing unauthorized transactions that jeopardize users’ funds and personal information. Experts are urging users to steer clear of these platforms until the issues are fully addressed. The attack originated from compromised JSON

Indodax exchange loses $15 million in crypto to hackers

September 11, 2024 1 min read

Indonesian crypto exchange Indodax has incurred substantial financial losses up to $15 million due to a recent cyberattack. The site encountered a substantial capital outflow, amounting to around $15.7 million, distributed across other blockchain networks, such as Ethereum, Polygon, and Optimism. The misappropriated assets are currently stored in designated addresses throughout various networks, with Ethereum possessing approximately 5,204.3 ETH, Polygon holding 6,843,716.17 POL, and Optimism containing over 380 ETH. SpotonChain

Penpie DeFi protocol suffers a $27 million hack, causing its token to drop 40%

September 4, 2024 1 min read

Penpie, a decentralized finance (DeFi) protocol operating on Pendle’s platform, experienced a severe security breach on Wednesday, leading to a loss of $27 million in digital assets. Cyvers, a blockchain security firm, reported the hack after detecting unusual behavior associated with Penpie’s contracts. The hacker infiltrated Penpie’s system by exploiting a crypto mixing service, carrying out a malevolent transaction that enabled them to pilfer many tokens, such as staked Ethereum

Velocore DEX suffers a $10 million loss in a major hack

June 3, 2024 2 mins read

Velocore, a decentralized exchange (DEX) operating on the zkSync and Linea blockchains, has had a security breach, leading to a financial loss of around $10 million. The hackers conducted a transfer of more than 700 ETH to the Ethereum mainnet, therefore emphasizing the persistent security concerns within the crypto industry. The hack was first disclosed by a threat researcher as “Officer’s Notes,” who identified the security vulnerabilities inside the cryptocurrency

$20 million was lost due to an exploit that hit the decentralized lending protocol Sonne Finance 

May 15, 2024 1 min read

On Wednesday morning in Asia, Sonne Finance’s decentralized lending system was exploited, losing $20 million. The project’s post-mortem revealed an exploit in a Compound v2 branch. A known contribution exploit let the hacker to steal $20 million in WETH, Velo (VELO), soVELO, and Wrapped USDC. Sonne Finance said on X that it has stopped all Optimism markets over the attack, while Base markets continued. After PeckShield warned on X and

Mailer Lite loses $600,000 in phishing attack

January 24, 2024 1 min read

Mailer Lite, a digital marketing platform, was recently targeted by a phishing attack, resulting in a financial loss of more than $600,000. The attackers used a vulnerability in Mailer Lite’s system to impersonate Web3 organizations and send deceptive emails containing malicious links. Blockaid, a Web3 security and privacy firm, revealed the complex details of the attack. The perpetrators used a vulnerability in Mailer Lite’s infrastructure to create emails that appeared

North Korean Hackers Lazarus Group Launch Advanced Malware in Job Scams

October 5, 2023 1 min read

In a recent development, the Lazarus Group, a North Korean hacking collective, has introduced a highly advanced malware variant named LightlessCan in their deceptive job scams. This new malware poses a significant challenge to detection compared to its predecessor. ESET’s senior malware researcher, Peter Kálnai, unveiled these findings after analyzing a fake job attack on a Spanish aerospace firm that took place on September 29. The Lazarus Group typically operates