Autor Martin Young

Secret Network bridge exploited for $4.7M with ‘infinite mint’ bug

An attacker has used an “infinite mint” bug in a vulnerable smart contract on the Secret Network to create unbacked, wrapped versions of Axelar-wrapped assets, resulting in a $4.67 million exploit. The exploit happened on June 10 but was discovered a week later on Wednesday, after a failed cross-chain transaction caused by an “insufficient funds” error in the drained account was detected, blockchain research firm Common Prefix reported on Friday.The attacker redeemed the Axelar-wrapped assets (saTokens) back over legitimate channels to drain the real Axelar-wrapped assets held in escrow because the smart contract did not verify the source of the inbound transfer before minting, so “deposits forged over an attacker-controlled channel minted genuine saTokens with no assets backing them,” Common Prefix said.It is the latest in a series of crypto protocol hacks and exploits this month, which now number at least 22, according to DeFiLlama. The Secret Network was one of the largest, behind the Humanity Protocol and Syscoin Bridge, which lost $32 million and $8 million, respectively, earlier this month.The Secret Network is a privacy-focused, layer-1 blockchain built on the Cosmos ecosystem, and Axelar is a decentralized interoperability network that connects different blockchain ecosystems.The Axelar-wrapped assets minted without backing in the exploit included saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB and sawstETH.Related: Aztec Connect’s abandoned smart contract exploited for $2.1MThe attacker moved the exploited assets to the Ethereum blockchain and converted them to Ether (ETH). They then split the haul between around 30 wallets, eventually depositing the funds into exchanges including KuCoin, ChangeNow, and HitBTC, according to Common Prefix.“If you hold Axelar-bridged saXXX tokens on Secret, please be aware their backing was affected, and your funds may be lost,” the Secret Network said on Saturday. Stolen funds split into multiple wallets for obfuscation. Source: Common PrefixThe Secret Network’s token, Secret (SCRT), was not impacted by the incident, but it remains down 99% from its 2021 all-time high, currently trading at $0.058. Axelar’s native token, Axelar (AXL), is in a similar state, trading at $0.045, down 98% from its 2024 peak. Axelar posted a confirmation on Saturday following “some confusion” around the incident.“Neither Axelar nor IBC [Inter-Blockchain Communication] was compromised. The exploited token smart contract was not developed, deployed, or maintained by Axelar. Axelar’s firewalling prevented the impact from spreading to other chains,” it said. Magazine: Bitcoin decouples from tech stocks, Ether eyes ‘selling wave’: Market Moves

Čítaj viac

Microsoft warns users of 'Crypto Clipper' malware spread via USB drives

Microsoft Threat Intelligence is warning Windows users about a cryptocurrency clipper strain of malware transmitted via USB drives. The malware, which has been affecting users since February, steals clipboard data to extract wallet credentials using “high-frequency clipboard theft, screenshot exfiltration, and wallet-address substitution,” Microsoft said Wednesday.The crypto clipper also hides legitimate files and replaces them with lookalike shortcuts, so victims unknowingly execute malware while a worm component propagates automatically to USB storage devices. This malware is insidious because it’s more than just an info stealer, it functions as a backdoor, meaning that attackers can push and execute arbitrary code on infected machines at any time, turning a simple crypto theft into a persistent foothold for ransomware. The execution of this clipper is also notable because it does not depend on a traditional installer or exposed IP-based infrastructure, the Microsoft researchers said.“This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking.”  Tor network used for obfuscation The malware deploys two obfuscated JavaScript payloads in the Windows Documents directory and creates scheduled tasks for both the worm and stealer components.The malware also secretly installs a copy of Tor on the victim’s computer but renames it ugate.exe to disguise it as something innocent. It then uses the anonymizing Tor network to connect to its malicious operators at hidden “onion” addresses.Related: ‘TrapDoor’ malware targets crypto dev tools in supply chain attack“The combination of Tor-routed C2, clipboard targeting, screenshot capture and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices,” Microsoft said. Crypto clipper execution flow. Source: MicrosoftPrivate keys and seed phrases targeted The crypto clipper focuses on “high-value financial artifacts” from the clipboard, including BIP39 mnemonic seed phrases and Bitcoin and Ethereum private keys. It also replaces copied wallet addresses with attacker-controlled ones across Bitcoin, Tron and Monero and takes screenshots every ten seconds for additional context. Microsoft Defender Antivirus detects the malware as Trojan:Win32/CryptoBandits.A.Microsoft recommended disabling autoplay on removable media, blocking .lnk execution from USB drives, and monitoring for proxy activity and spawned scripts. 2026 has seen a significant escalation in Windows-based crypto stealers. A new Windows malware strain called Lucid Stealer that targets browser extensions and crypto wallets was identified earlier this month by the Foresiet Threat Intel Team. Magazine: The end of anon? AI could unmask crypto’s hidden identities

Čítaj viac

US crypto ETFs are pulling Bitcoiners into TradFi: BlackRock's Jay Jacobs

BlackRock’s spot Bitcoin exchange-traded fund has been a gateway for new investors to enter the wider ETF market, according to Jay Jacobs, US head of equity ETFs at BlackRock. Around three-quarters of investors in BlackRock’s iShares Bitcoin Trust ETF have never owned an ETF before, Jacobs told Cointelegraph on the Chain Reaction podcast Thursday. “IBIT was a way for traditional investors to now get into digital assets. But we have seen a lot of people really kind of enter into IBIT, starting with digital asset ETPs,” he said. Bitcoin ETFs were heralded as a way to bring traditional investors into the world of digital assets. BlackRock’s Jacob suggests the shift has been two-way. The iShares Bitcoin Trust, launched in January 2024, is BlackRock’s flagship crypto product with $48 billion in assets under management. It holds 765,936 BTC and has been an on-ramp for many digital asset investors to engage with ETPs. However, Jacobs said that once investors get exposure to the Bitcoin product, many start buying other BlackRock funds, such as S&P 500 (IVV), artificial intelligence (BAI) and gold (IAU). “We absolutely see it as this is a way to engage with a different group of people than maybe we’ve engaged with in the past,” he said.The company launched a new product called the iShares Bitcoin Premium Income ETF (BITA) on Wednesday, which generates income by selling covered call options on Bitcoin holdings. The “Great Convergence” of TradFi and cryptoBitcoiners’ engagement with TradFi comes amid a growing overlap between crypto, decentralized finance and traditional finance, which BlackRock is calling the “Great Convergence,” according to Jacobs.“Historically, you’ve seen a lot of different assets held separately,” he said. “DeFi versus TradFi, actively managed funds versus index funds, private assets versus publicly listed assets… and what’s happening is people are looking for more solutions to manage their portfolios,” he said. “I think you’re gonna hear a lot less about versus, you know, TradFi versus DeFi, and I think you’re gonna see a lot more ampersands, it’s TradFi and DeFi.” Related: TradFi advisers want stablecoins, tokenization over Bitcoin: BitwiseA recent example could be seen during the high-profile SpaceX IPO earlier this month, with crypto traders given an opportunity to get a piece of the action through pre-IPO perpetual futures or tokenized stocks. Pre-IPO perps enable investors to get exposure to private companies before they start trading on TradFi exchanges. All major crypto exchanges are now offering pre-IPO perps, and trading volume has skyrocketed from around $1 billion in early May to about $22 billion, with Binance establishing itself as the largest venue, according to CryptoQuant. Pre-IPO perp volumes on crypto exchanges have surged over the past few weeks. Source: CryptoQuantMagazine: The end of anon? AI could unmask crypto’s hidden identities

Čítaj viac

Florida man pleads guilty for promoting $1.8B ‘HyperFund’ crypto fraud

A 56-year-old Florida resident has pleaded guilty in federal court to conspiracy to operate an unlicensed money-transmitting business in connection with a $1.8 billion fraudulent crypto platform.According to a statement from the United States Attorney’s Office for the District of Maryland, Rodney “Bitcoin Rodney” Burton conspired to provide unlicensed money transmitting services to promote HyperFund, a global wire-fraud scheme.Kelly O. Hayes, US Attorney for the District of Maryland and agents from the Washington Internal Revenue Service Criminal Investigation unit and Homeland Security Investigations, New York, announced Burton’s guilty plea on Wednesday.HyperFund is one of the largest crypto fraud schemes, which impacted thousands of investors worldwide. It compares to some of the bigger Ponzi-style collapses in the space, such as OneCoin, which took over $4 billion, and BitConnect, which is estimated to have caused over $2 billion in investor losses.Prosecutors said HyperFund falsely promised investors daily passive returns of 0.5% to 1%, claiming the payouts came from crypto-mining revenue it didn’t actually have.According to the plea agreement, from June 2020 to January 2022, Burton promoted HyperFund and used investors’ funds to enrich himself.  Related: Law enforcement freezes $41M connected to $150M crypto Ponzi collapseBurton also controlled several companies that purported to offer consulting services and personally received at least $7.8 million in proceeds from the operation, according to the announcement. Burton faces five yearsIn January 2024, federal prosecutors in Maryland announced charges against two other individuals for orchestrating the scheme. Co-conspirators Sam Lee, a 35-year-old Australian, and Brenda Chunga from Maryland, faced charges of conspiracy to commit securities fraud and wire fraud.Chunga’s sentencing has been delayed multiple times and is now scheduled for June 29, while Lee, the alleged co-founder of HyperFund, has not been found guilty of anything.HyperCapital was launched in January 2022 as a DeFi ecosystem, which was relaunched six months later as HyperFund. After several rebrands, the scheme collapsed in November 2022.Burton faces a maximum sentence of five years in federal prison for conspiracy to operate an unlicensed money transmitting business, and sentencing is scheduled for July 23.Magazine: The end of anon? AI could unmask crypto’s hidden identities

Čítaj viac

Dorsey’s Block says new AI tool handles 15% of code work

Jack Dorsey’s financial services firm Block rolled out a new suite of AI-native tools on Wednesday, which it says can execute around 15% of all production code changes across the company. The new AI tooling, Builderbot, is able to execute over 200,000 operations per day and merges approximately 1,500 pull requests per week, said the company. “The best way to think about Builderbot is as the missing layer between AI coding tools and how engineering actually works at scale,” said Brad Axen, head of AI capabilities at Block. “What used to take months now takes days,” the company added. The figures show that autonomous AI agents are now able to execute a measurable share of the actual work that ships to production. It is a scaling signal as basic AI coding assistants have evolved into AI software engineers capable of much more than churning out code. The AI tool also sheds new light on Block’s decision to lay off 40% of its staff in February, which Dorsey attributed to the rapid acceleration of AI at the company.Builderbot understands Block’s full codebaseBuilderbot is an orchestration layer that coordinates multiple AI agents across the company’s entire codebase. Unlike typical coding assistants limited to a single repo, Builderbot understands Block’s full codebase, every service, API and convention, allowing any engineer to make changes anywhere in the company’s systems.“An engineer working on Cash App can use it to make a change in a Square service they’ve never touched, because the system already knows how that service works,” the company said.This means that production can also be significantly scaled up with the AI handling the repetitive work, and engineers making the decisions that shape the product. “It means an idea can go from backlog to live in front of millions of customers in days instead of months,” added Axen. Related: AI agents with crypto could escape and become ‘unstoppable,’ experts warnBlock said it is sharing details of Builderbot because it believes the shift from AI-assisted coding to AI-native engineering is “one of the most important conversations happening in technology right now.”“The problems we’re solving aren’t unique to Block: orchestrating AI agents across a massive codebase, maintaining quality at speed, keeping humans focused on judgment and taste rather than scaffolding.”AI agents are doing more coding Block isn’t the only firm to use AI agents for its software development. Engineers at Spotify have been using a background coding agent called Honk, which runs a version of Claude via Anthropic’s Agent SDK.Co-CEO Gustav Söderström said in a February earnings call that Spotify’s best developers “have not written a single line of code since December.” Google CEO Sundar Pichai said in April that three-quarters of the company’s new code is AI-generated.Meanwhile, Microsoft CEO Satya Nadella revealed in 2025 that the company now uses AI to write between 20% and 30% of the code powering its software.Magazine: The end of anon? AI could unmask crypto’s hidden identities

Čítaj viac

Získaj BONUS 8 € v Bitcoinoch

nakup bitcoin z karty

Registrácia Binance

Burza Binance

Aktuálne kurzy