Autor Cointelegraph By Jesse Coghlan

Rare Bears Discord phishing attack nabs $800K in NFTs

Rare Bears Discord phishing attack nabs $800K in NFTs

Uverejnil používateľ | mar 18, 2022 |

Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project’s Discord channel, stealing nearly $800,000 in NFTs.Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse.According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer used to obfuscate the source of funds.A slate of similar phishing scams have occurred in recent months on Discord, suggesting some teams need to more carefully consider the security on admin accounts. Earlier today, the Rare Bears team posted that they had hired security consultant and auditor “Pandez” for a full security audit of its Discord.How the attack happenedAccording to an update posted by the Rare Bears team, the hacker gained access to the account of a Rare Bears Discord moderator known as “Zhodan”, posting an announcement within the group’s channel that a new mint of NFTs was taking place.It was a fake of course — a phishing link designed to steal funds from a users’ wallet. Warning @BearsRareDiscord has unfortunately been compromised. Please DO NOT click any links, connect your wallet and block all incoming DMs in our discord. Our team are working on the situation as we speak — Rare Bears (@BearsRare) March 17, 2022The update from the security audit found that the head of the project’s Discord account was compromised. The attacker, using the compromised account, then banned other members, or removed their roles from the server, thereby removing their ability to delete the posted phishing link.The attacker then invited a bot which locked all channels on the server, removing the ability for others to publicly communicate that the posts and links were fake.Rare Bears said the team was able to regain control of the server, removing the compromised account and transferring ownership to a new one, and that the server is secure from another attack.Related: NCA wants regulation for coin mixers, but the crypto industry is already one step aheadSpeaking to Cointelegraph, security consultant Pandez said that users should look out for a few key signs that could mean a message is a scam.“Almost no serious project will ever do a stealth mint,” Pandez said, “never click any links which appear like this.”Pandez said other red flags are if channels are locked during a “drop” of a new NFT collection, if the link differs to those shared on Twitter or other official sources for the project, and if the link is continuously posted in the channel.Past attacks of a similar nature have happened on Discord. In December, Solana NFT project Monkey Kingdom announced that hackers made off with $1.3 million of the community’s crypto funds after a security breach. Attackers there also posting a phishing link which drained users’ wallets.Last November, members of the Discord of popular NFT artist Beeple were also scammed, with attackers gaining access to a moderators account to post a phishing link, similarly draining user funds.

Čítaj viac
‘Unlucky’: Agave and Hundred Finance DeFi protocols exploited for $11M

‘Unlucky’: Agave and Hundred Finance DeFi protocols exploited for $11M

Uverejnil používateľ | mar 16, 2022 |

A hacker has made off with approximately $11 million in Wrapped ETH, Wrapped BTC, Chainlink, USDC, Gnosis, and Wrapped XDAI after using a “re-entrancy” attack on DeFi lending protocol applications Agave and Hundred Finance.The attack comes within 24 hours of news breaking of the Deus Finance exploit, where hackers stole over $3 million in Dai and Ethereum from the lending contract platform.Agave’s token, AGVE, dropped by 20 per cent following the attack, according to data from CoinGecko. Hundred Finances’ token HND fell 3.5 per cent after it announced the exploit, however it’s since recovered to hit a 24-hour-high.“Agave is currently investigating an exploit on the agave finance protocol”, Agave tweeted on Tuesday 15th at 1:30pm UTC, “We will update you as soon as we know more.” It noted that the contracts have been paused until the situation is resolved.The Hundred Finance team also tweeted it was exploited on Gnosis chain, and has paused its markets whilst it pursued investigations.According to on-chain analysis, the address associated with the attacker has sent over 2,100 ETH, worth over $5.5 million, to a crypto mixer in an attempt to launder the stolen tokens.Related:Deus Finance exploit: Hackers get away with $3M worth of DAI and EtherSolidity developer and creator of an NFT liquidity protocol app, Shegen (@shegenerates) tweeted that she lost $225,000 in the exploit, and that her investigations revealed the attack worked by exploiting a wETH contract function on Gnosis Chain that allowed the attacker to continue borrowing crypto before the apps could calculate the debt, which would prevent further borrowing.The attacker ran this exploit, continually borrowing against the same collateral they were posting until the funds were drained from the protocols.Shegen told Cointelegraph that while the smart contract on Agave is essentially the same as Aave, which secures $18.4B, “every security researcher has audited it,” she said “so it’s reasonable to assume the contract is safe.”“I think this hack stands out more than some bigger ones,” Shegen said, noting that even if it’s a smaller hack compared to others that stole millions more, the similarity to Aave meant “it seems top tier safe, but wasn’t, and that break of trust hurts.”“It’s like you can’t even trust “safe” code.”Blockchain security researcher Mudit Gupta says the difference between Aave and Agave is that “Aave actively checks for re-entrancy before listing tokens on the main net to avoid similar attacks.”Shegen stated that she did not blame the Agave developers for failing to prevent the attack.“Agave was used in an unsafe way”, she said, “maybe the developer should not have allowed tokens with callbacks in them to be used in the platform, or added more re-entrancy guards.”“Curve, for example, was not hacked today, because it has extra re-entrancy guards, but I don’t really blame Luigy and the Agave team because it’s so unlikely that this would have happened, and slipped past many people.”Shegen also didn’t point the blame at Gnosis for creating tokens with a callback function which the hacker exploited, saying that the feature stops users from accidentally losing their crypto. “That’s actually a great feature for bridged tokens, it’s just a really unfortunate, and unlucky circumstance in my opinion.”

Čítaj viac
Instagram is adding NFTs soon says Mark Zuckerberg

Instagram is adding NFTs soon says Mark Zuckerberg

Uverejnil používateľ | mar 16, 2022 |

Meta CEO Mark Zuckerberg has revealed that its video and photo sharing app, Instagram, is preparing to add non-fungible tokens (NFTs) to the platform.“We’re working on bringing NFTs to Instagram in the near term,” Zuckerberg reportedly stated in an appearance at the South by Southwest conference in Austin, Texas. The Facebook founder did not provide specifics on when the implementation would happen.Casey Newton, writer for the Platformer newsletter, tweeted from the conference that Zuckerberg also said that he hopes in the coming months, Instagram users would be able to mint their own NFTs on the platform.At #SXSW, Mark Zuckerberg just said that “hopefully” in the coming months you’ll be able to mint NFTs within Instagram— Casey Newton (@CaseyNewton) March 15, 2022Meta did not immediately respond to Cointelegraph on when NFT functionality would be live.Last October, Meta famously changed its name from Facebook to focus on its Metaverse related projects. Company reports from the last quarter of 2021 revealed for the first time the financial details of its virtual and augmented reality research and development business, Reality Labs, showing losses at over $10 billion. To be fair though, as Meta’s corner of the metaverse is not yet live, it’d be hard to turn a profit from it.This isn’t Meta’s first attempt at a crypto related project. In 2019 the company signaled plans to create “Libra” (later rebranded to “Diem”), a USD-pegged stablecoin which flunked due to a lack of regulatory approval and community pushback. The project was purchased by Silvergate Capital, although some ex-Meta employees are now looking to revive the open-source stablecoin through building a network of their own.Related: Vale Diem: How Facebook’s ambitious stablecoin project came to an endSocial media companies have been looking to implement cryptocurrencies and NFTs into their platforms following Twitter’s famous decision to add support for NFT profile pictures in January. Reddit implemented NFT avatars from its own collection, and adult site OnlyFans enabled NFT profile pictures in December 2020.It’s not only social media giants looking to get in on the action that crypto offers. Traditional finance companies are showing their interest in the space, with major credit card company, American Express, hinting at its expansion into the Metaverse according to trademark filings.Applications to the U.S. Patent and Trademark Office this week showed American Express primed to offer virtual banking and exchange services, cryptocurrency services, and enabling the use of its credit cards at an NFT marketplace.

Čítaj viac

Získaj BONUS 8 € v Bitcoinoch

nakup bitcoin z karty

Registrácia Binance

Burza Binance

Aktuálne kurzy