From April 29th to May 4th, 2024
This week has been particularly eventful in the world of cryptocurrencies, with significant hacks felt throughout the community. From his second breach in just a few days by Pike Finance to traders' unfortunate losses due to phishing scams, the state of cryptocurrency security is once again in the spotlight.
There is still much to learn from this unfortunate situation. Here's what happened:
detailed summary
1. Pike Finance is under double attack
Pike Finance, a prominent DeFi lending platform, faced a second exploit within a short period of three days, resulting in a significant loss of $1.68 million across the Ethereum, Arbitrum, and Optimism networks.
The attackers exploited a critical flaw in Pike Finance's smart contract to control the protocol's output addresses. This coordinated move resulted in the transfer of $1.4 million worth of ETH, $150,000 worth of OP, and over $100,000 of ARB.
Interestingly, this incident comes on the heels of another breach on April 26th that cost Pike Finance $300,000 and demonstrated weaknesses in its security measures.
2. Yield Protocol: Vulnerabilities and Exploits!
As a warning, defunct DeFi lending platform Yield Protocol has fallen victim to hackers who exploited vulnerabilities in the Arbitrum blockchain. Despite going offline in December 2023, Yield Protocol suffered the theft of approximately $181,000 in crypto assets due to manipulation within its smart contract.
Investigations revealed that attackers used flash loan assets to exploit anomalies in pooled tokens, highlighting the importance of robust security measures. Unfortunately, support for Yield Protocol ended several months ago, so attempts to recover stolen assets were futile.
3. A costly mistake
To complicate matters further, this cryptocurrency user accidentally sent 1,155 WBTC wrapped Bitcoins to the bad guy's wallet and lost $68 million. His wallet has consumed more than 97% of his total assets. The rest of the contents have since been deleted, leaving only his $13.56 worth of ETH.
The vulnerability was based on mimicking an ETH transfer of 0.05 ETH and forcing the victim to send a large amount of WBTC in return. The victim's money transfer history was compromised and the victim was forced to send money to the address of the real exploiter, who presented his address as legitimate.
This method of dealing with poisoning has been confirmed by reputable blockchain security companies such as: Certificationproves how seriously cryptocurrency holders need to protect their transactions from sophisticated phishing attacks.
See also: Attacker steals $71 million in highly sophisticated phishing attack that fooled investors
These examples should serve as a wake-up call to all cryptocurrency users, regardless of experience. As technology evolves, so do the tactics of those who seek to exploit it. By staying informed about the latest threats, implementing strong security measures, and maintaining a skeptical attitude, users can easily navigate the cryptocurrency market.
