Crypto Security News Digest for February 2022

Category: Crypto

The world of crypto is getting increasingly complex, which poses safety threats. Here is the digest of crypto security related events from February 2022.

Gareth Southgate’s Name Used in Email Cryptocurrency Scam

Recently, thousands of email addresses have received a bogus email claiming the Three Lions gaffer made a killing using a crypto trading platform. Moreover, representatives of Southgate have contacted attorneys about taking legal action against the scammers.

A spokesperson for the 51-year-old has informed the Daily Mail that there is no truth to the content in this story and that his name was used without his authorization. Consequently, his management team is seeking legal advice on the matter.”

According to the email, Southgate apparently appeared on The Ellen DeGeneres Show to talk about his success in the crypto market. England reached its first major final since the 1966 World Cup at Wembley last summer under Southgate’s guidance.

It was a case of heartbreak for the valiant Three Lions after a 1-1 draw after a penalty shootout resulted in a 1-15 defeat.

The former defender and manager of Middlesborough said of the campaign: “I feel that this has been a remarkable year. Of course, there will always be some regret about being in a final but not winning. Nevertheless, if I take a logical look like a coach at the progress of our team, the last two qualifying campaigns have seen us ranking highest among European teams.”

According to him, they’ve been the most impressive defensive team in the world as well over the last year or so. This is an incredible performance by the players across those 19 matches across the calendar year.

In a big tournament at home, they dealt with the pressure.

“They qualified for the World Cup, which is not a given as a few other high-profile nations have done. They’ve used a lot of young players, and they’ve come out much stronger and much more experienced.”

Ripple’s SEC Lawsuit’s Potential Impact on Crypto

The startup that would become Ripple Labs launched nine years ago promised to offer financial institutions fast, low-cost clearing of cross-border payments. A network was created on which transactions could be sent across the globe in XRP, a cryptocurrency specifically created for this purpose.

Ripple, however, has found XRP to be a sort of time bomb with a very long fuse due to its subsequent popularity outside of its original application. Ripple, its current and former CEOs, were sued last year by the Securities and Exchange Commission, claiming that their sale of XRP constituted unregistered security, essentially an illegal IPO.

The dispute continues without clear resolution, reflecting the mismatch between laws largely drafted during the Great Depression and today’s burgeoning fintech ecosystem. Ripple’s legal woes serve as a metaphor for murky regulation surrounding digital currencies. Although there is debate in the industry regarding the legality of the SEC’s action against Ripple, nearly all agree on the core issue: the lack of clarity over how cryptocurrency can be regulated without sabotaging the industry or unfairly targeting companies and investors who may not have known they were violating the law. Since more than ten years ago, cryptocurrency has been around. However, we haven’t yet developed regulations for it, said Carol Goforth, a professor at the University of Arkansas School of Law who studies technology. This case is one of the most closely watched cases in the crypto space and what it means for the rest of the sector.

As a leading-edge alternative to SWIFT, the big banks-owned cross-border money-transfer network, Ripple, began in 2012 under the name NewCoin – later changing its name to OpenCoin before finally settling on its current name. SWIFT clearing can take as long as days, in part because multiple currencies need to be converted. XRP tokens, roughly Bitcoin-like, were created with software that allowed banks to convert funds almost instantly into XRP for transfer and then back into local currencies at the other end. XRP was created by one of Ripple’s two co-founders, not itself (Ripple denies creating it.)

Hacker Gray Hat Intends to Return Most of the Stolen Funds

Several years ago, the first DeFi protocol was exploited, and Multichain is the latest. In this instance, attackers gained access to accounts that had not revoked access to the platform, allowing them to steal funds. A hacker who stole about $200,000. The company is reimbursing most of the funds that were stolen by hackers. Approximately $1.5 million was stolen by hackers.

Hacker Wants To Return Money

In this case, the hacker could steal $200,000 from a user who hadn’t revoked access to the platform, which is now known as a grey hat hacker. By exploiting a protocol bug, the hackers could commit the attack. Additionally, several wallets have been traced behind the attacks, indicating that not one hacker may be responsible.

According to this case, the hacker offered to return 80% of the stolen money. In an attempt to appear as white hat hackers, hackers offer to return 80% of the Wrapped Ether to the user that lost it, and keep 20% for themselves. This hacker offered to return the funds to the user, asking them to send them the transaction where they lost their Wrapped Ether.

In response to the hacker’s request, “Whitehat here, send me the transaction you lost; I will refund 80% to you,” he replied. After that, he gave the hacker some tips on saving his money.

MultiChain Begs For Funds Back

Even though the hacker in question gave back almost all of the funds they stole, Not only did they exploit the block, but others did as well. The Multichain Protocol recently revealed that a total of $1.43 million in funds were stolen from a number of different accounts. Furthermore, there is some confusion about whether or not the hacker offering to return some funds came from the same person who sponsored all of the addresses.

Like most protocols exploited recently, Multichain sent a transaction to the hacker asking for the funds to be returned. Unfortunately, if they ever respond, the hacker has yet to respond to the message.

The hack happened on January 17, the same day, the protocol made news of the exploit public. In a report by The Block, it was noted that one user lost almost $1 million in the hack and, in exchange for their funds being returned, provided the hacker a $156,000 tip.

$325 Million In Stolen Crypto ‘Safe’ After One Of Solana’s Biggest Hacks Ever

As part of one of the biggest hacks ever to hit the booming — and largely unregulated — decentralized finance sector, digital assets firm Jump Crypto said Thursday it had replaced 325 million worth of tokens from its portfolio company Wormhole Portal. This company connects cryptocurrency between the Ethereum and Solana blockchains.

It has raised more than $700 million in capital but has not provided further details about its bailout. Jump Crypto, the cryptocurrency arm of quant trading firm Jump Trading, tweeted Thursday afternoon that it had “replaced” 120,000 stolen tokens “to make community members whole” and support Wormhole.

Jump’s tweet followed Wormhole’s confirmation on Twitter that funds involved in the hack had been “restored” on the platform, saying in a Telegram message that “all funds are safe” following the hack. Wormhole launched last August and held roughly $1 billion in deposited funds.

Wormhole had previously notified its users that it was looking into a potential attack via Twitter at around 4 p.m. ET on Wednesday, stating that its network was down for maintenance as it investigated the possibility of an attack.

Approximately one hour after that announcement, Wormhole announced that its network had been exploited through a backdoor. As a result, about 120,000 tokens of packaged ether, a cryptocurrency that tracks the value of the second-largest cryptocurrency in the world, ether, had been stolen-representing about $325 million in value.

The attack on Wormhole’s Ethereum network, says blockchain analytics firm Elliptic, which describes the Wednesday incident as the fourth largest cryptocurrency hack in history, presented the attacker with a $10 million bounty prize if they returned the funds.

No other centralized digital currency service has likely seen such a large hack in its entire history as Solana. As a result, blockchain security firm CertiK analyst Matt Shaffer commented, “it represents a very unfortunate reality” for the booming decentralized finance sector, which has increased in popularity among investors along with the cryptocurrency market during the past year, despite a growing number of similar hacks.

Wormhole Crypto Funds Safe After $314M Heist

Upon learning that 120,000 Ethereum (approximately $314 million) had been stolen from Wormhole, the web-based blockchain bridge said, “all funds are safe.”.

Since Wednesday’s attack, the popular bridge, which connects Ethereum (ETH) with the Solana blockchain (SOL) and others, has reportedly been trying to settle matters over the blockchain. Solana’s exploit was the biggest crypto-heist yet and the fourth-largest of all time. Furthermore, the exploit was reported as the largest crypto-heist ever.

Blockchain security and smart-auditing company CertiK shared a postmortem with Threatpost on Thursday. According to the report, initial analysis indicates that the attacker used the mint function to create 120,000 wETH that he used to claim ETH on the Ethereum side of the Wormhole bridge.

Regarding negotiations, CertiK said the Wormhole team sent a message to the attacker, saying, “We notice you were able to exploit the Solana VAA verification system and mint tokens.”. In the spirit of white-hat, we’d like to offer you a bug bounty of $10 million for details about the exploit, as well as return your ETH. You can reach them at [email protected].”

CertiK’s analysis of the heist shows that, plus $49,622 in SOL, and $4,141,600 in USD Coin (USDC), the attacker got away with $302,495,717.

In an attack on the Poly Network (ETH), an attacker stole about $602 million from the platform, and this is the second-largest hack of a decentralized finance platform (DeFi). However, the attacker went on to become Poly Network’s chief security advisor and paid it back.

Wormhole’s official Twitter account, published at the early hours of Thursday morning, confirmed that it had been hacked for 120,000 Ether but that the vulnerability has now been fixed.

Wormhole, the project behind its token bridge, reported shortly after 13:29 UTC that its portal was up and running again.

A ‘Rather Common’ Programming Error

Roger Grimes said the attack was a successful data-driven defense evangelist for KnowBe4 on Thursday. He said the run reached that point due to what he called a somewhat common programming error on the attacker’s part.

“The function within the multiple nested smart contracts that were supposed to verify the signature hadn’t been coded to ensure that the integrity check took place,” he explained via email. This meant that the integrity check was not guaranteed to occur. It is indeed a serious issue.”

Why So Popular?

Based on its popularity, CertiK found that the bridge was now the most popular base for wrapping Ethereum on Solana’s blockchain, “and as such was responsible for a large portion of all wrapped Ethereum.”

As CertiK explained in its postmortem document, the bridge maintained a 1:1 ratio of ETH to wETH, “essentially acting as an escrow service.” The crime, however, resulted in the loss of “at least 93,750 ETH held as collateral.”

According to the firm, Solana’s financial health was not looking good. According to its analysis, DeFi on Solana faced a “mass liquidation event” if the ratio hadn’t been regained.

The wETH collateralization on Solana has been restored, as Wormhole on Thursday disclosed that its backers – whoever they might be – had put up sufficient funds to return the peg to a 1:1 backing.

It’s great that investors are responding in a positive way to the massive heist, but still, gonads shrank in response: The price of Solana, which outpaced Bitcoin and Ethereum last year, fell sharply on Thursday. According to the latest trading figures, the stock was trading at $97.69 as of 12:50 ET, down 10 percent since the theft details were revealed. In November 2021, Solana reached a high of $260. In the same period, Ethereum also has investors scratching their heads. The price had dropped by about 5 percent.

According to CertiK, the full scope of this attack remains unclear at this point. However, as a result of this attack, the security firm said it could be a precursor to other attacks if, for example, Wormhole’s bridge to another cryptocurrency network – the Terra blockchain – had the same vulnerability as its Solana bridge.

Who Bailed Out Wormhole?

According to the Wormhole team, it’s unclear who used what must be seriously deep pockets to back-fill all that money. Immediately, Twitter users began hypothesizing. Among the most popular theories, Alameda Research was the source: a cryptocurrency quantitative trading firm and liquidity provider that reportedly trades about $1 billion per day across thousands of products, including all major coins and altcoins.

The two options were either to dilute the company’s equity to infinity with a $300 million bailout or to watch the entire Solana ecosystem crash and burn (costing Alameda more than $300 million in losses),” a Twitter user suggested.

In the case of Alameda, no public statement has been made. However, a detailed incident report will be made available as soon as possible by Wormhole.

Crypto’s Cutting Edge Gets a Nasty Cut

In a Threatpost interview on Thursday, co-founder and faculty member of CertiK, Professor Roonghui Gu, said that it is abundantly clear the Wormhole exploit is not the first, and it won’t be the last either.

Gu pointed out that the Qubit Finance incident, where $80 million was lost to an attack on a cross-chain bridge last week, is an example of how an exploit can be employed. Qubit Finance disclosed this attack on Thursday.

Reports indicate that the hackers used Qubit’s QBridge deposit functionality to steal 206,809 Binance coins, making it the seventh-largest hack against DeFi ever.

Considering the insatiable demand for technologies such as these, Gu said it is likely to see more of the same when it comes to bridging exploits in the future. According to the application development manager, we find ourselves at an awkward point where the demand for cross-chain infrastructure outpaces the industry’s ability to build services securely, which is why our analysts are out of ideas,” he told Threatpost via email.

Gu noted there was also the “because that’s where the money is” rationale, “Bridges are an attractive target for hackers: we’re dealing with millions of dollars of tokens which are essentially caught with escrow contracts, and by managing to operate across multiple chains, we’re multiplying our points of failure as well.”

The most exciting and newest ecosystems are often where threat actors follow the money because they are the ones who have the most money: “A lot of money goes to the newest, most exciting ecosystems.”. “The price our most adventurous DeFi explorers pay for these exploits of innovative but ultimately insecure platforms is a higher risk of falling victim to their crimes.”

A Need for Secure Development Lifecycle

There will inevitably be bugs in software. But, according to Grimes, the attack is a prime example of why SDL coding training is necessary. He explains that SDL trains developers about common exploitable bugs and avoid introducing them into their code. “It teaches how to use bug checking tools, as well as coding tools that automatically eliminate as many security bugs as possible.” “In general, it teaches security as part of the entire development cycle, whether it’s for a traditional program, smartphone app, or smart contract.”

The real problem is that most developers, and the people who create smart contracts, aren’t trained in Secure Development Language and have little knowledge of how to create them securely. In other words, these kinds of bugs will creep in, and bad actors will exploit them.”

It’s important to remember that cryptocurrencies contain trillions of dollars, but they are still in their infancy. According to Grimes, the industry is immature, and its code is too immature. So it moves as fast as it can, good security or not.

He said it’s getting much more difficult for bad actors and bug hunters to find really good exploits for Microsoft Windows, Macs, Linux, and Google ChromeOS, as these platforms are maturing, making it much more difficult for them to exploit them. In addition, coders, tools, and guard mechanisms in the operating systems themselves contribute to the system’s security.

In contrast, Grimes said, it’s the opposite when it comes to the world of cryptocurrencies.

He remarked that it is built on top of very secure protocols and algorithms, but it is built with lots of unreliable and buggy applications.

As he said, sometimes all a thief has to do is a glance at the potted plant in front of the door. Similarly, hackers using cryptocurrency exploit the same vulnerability. They are using their traditional bug hunting methods against immature cryptocurrency applications. So, voila, they have found many exploitable bugs.”

The problem is that once the money’s gone, it’s almost impossible to get it back once it’s gone. “I am constantly being attacked for money stealing exploits. It cannot track these exploits where they go and [identify them]. So they are almost impossible to reverse, even if you watch them in real-time,” Grimes says.

It was predicted by the economist that, after enduring billions of dollars in pain, the cryptocurrency world would mature, and it would become more difficult for hackers to harvest easy pickings.”

The lessons learned on previous platforms were painful, Grimes said: “You always hope that when the next cool digital thing comes out, we have better security lessons to apply. In practice, though, we tend to want more digital blood on the ground than is necessary. Learning the hard way is something we like to do repeatedly. We learn nothing with every new computing platform.”