In the recent days we have seen a rise in major security hacks in the cryptocurrency industry, pointing out prevailing vulnerabilities in the area of digital finance. This blog points to and describes some of the most significant hacks affecting major crypto protocols, underlining their methods and impacts.
Within a span of ten days, five major crypto hacks occurred, exposing weaknesses in some key high-end platforms.
1. Fractal ID: Data Breach
Date: 14 July 2024
Fractal ID was breached, a Know Your Customer (KYC) services provider. Sensitive personal data of some of its users was compromised, this hack incident underlines the data security risks in financial services.
The incident potentially exposed names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents for a small fraction of 0.5% of Fractal’s user base.
According to the notice, a third party had unauthorized access to one of the operators’ accounts in Fractal ID. The attacker executed an API script at 05:14 am UTC to reach users’ personal data. However, the breach was detected, and the attacker was logged off by 07:29 am UTC.
2. Li.Fi: $10 Million Drained
Date: July 16th, 2024
Li.Fi, the API for Ethereum Virtual Machine and Solana swaps and bridging, was hacked on 16 July 2024, with more than $10 million lost.
According to Cyvers, approximately $10 million worth of cryptocurrency holdings had been drained, hitting the Arbitrum blockchain as well.
The attacker simply used a specific contract address to exploit the users who had set infinite approvals. This allows the hacker to drain assets not just stored in the smart contracts but also funds in the wallets that are connected through them.
On noticing the attack, Li.Fi disable the affected smart contract facet in order to prevent the exploit further.
3. WazirX: $235 Million Hack
Date: July 18, 2024
Yet another hack of great proportion hit Indian cryptocurrency exchange WazirX on July 18, 2024, causing a loss worth $235 million in various cryptocurrencies.
Among the funds stolen were USDT, PEPE, and GALA. Curiously enough, all of the above funds were then changed into Ether to help muddy their trails. Notably, huge amounts of SHIB, ETH, and MATIC tokens were held in the wallet.
WazirX uses a multisig wallet that requires four signatures to execute a transaction, wherein the final signature is provided by Liminal, and a whitelist policy regarding which addresses can receive funds. The attacker used addresses funded through Tornado Cash—one to start the transaction, the other to receive the stolen funds—to exploit this setup.
It seems that the attacker could have logged into WazirX’s systems or computers, and then set up a fake user interface to later dupe WazirX into approving fraudulent transactions. Further on, using a malicious contract, the attacker was able to manipulate the multisig wallet and get past the need for real sigs from WazirX and Liminal.
4. Rho Markets: $7.6 Million Exploit
Date: 19 July 2024
On the 19th of July 2024, Rho Markets, yet another lending protocol operating on the Scroll network was drained for over $7.6 million in cryptocurrency.
In what seemed to be a perfect heist, the hacker managed to drain large amounts of stablecoin from Rho Markets, most of the funds taken were USD Coin and Tether worth $7.6M.
The attack was perpetuated after a suspicious actor gained unauthorized access to the protocol’s blockchain oracle. It offered them control over the oracle, which is a vital component responsible for providing the required data to the protocol. With this, the attacker could manipulate the data and run fraudulent transactions that caused the immense loss.
After noticing this, Rho Markets paused their platform in order to stem further damage.
5. dYdX v3 DNS Attack
Date: 23rd July 2024
dYdX, a decentralized exchange and DeFi protocol developer, had its v3.0 version compromised. The dYdX platform offers trading in cryptocurrencies and perpetual futures contracts.
The dYdX hack was basically a domain hijacking attack where the attackers hijacked the domain of the dYdX v3 and created a fake clone site. Users were then asked to grant approval of transactions via PERMIT2(a smart contract that users need to give an unlimited approval to) after connecting their wallets to this fake site. In this way, the attackers could drain valued tokens from the wallet.
While a fix has been applied, it may take some time for the resolution to propagate for all of the users since DNS caching could be at play.
Conclusion
These recent breaches only spell out a heightened need for security measures across the cryptocurrency and Web3 space. From the multisig wallet exploits to DNS attacks, there are vulnerabilities exposed that underline vigilance and robust security protocols at place for the protection of digital assets and sensitive information. It will require continual improvement in security practices as the industry evolves to guard against future threats.
Be informed, be proactive in protecting your digital assets!
