• Crypto wallet provider MetaMask warned its investors against ongoing phishing attempts.
• Namecheap confirmed on Twitter that it was successful in stopping the fraudulent emails.

Crypto wallet provider MetaMask put out a warning to its investors against ongoing phishing attempts by scammers attempting to contact users through Namecheap’s third-party upstream system for emails.

It was yesterday (12 February) that the web hosting company Namecheap discovered misuse of one of its third-party services. The service was being used to send some unauthorized emails that were specifically aimed at MetaMask users. The incident was described by Namecheap as an email gateway problem.

“We have evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients. It was stopped immediately. We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure,” Namecheap informed on Twitter.

MetaMask immediately reminded its million followers that it does not gather Know Your Customer (KYC) information and will never communicate with them via email about account details.

The hacker’s phishing emails include a link to a fake MetaMask website that requests a secret recovery phrase to keep customer wallets secure.

The wallet provider advised investors to avoid sharing seed phrases because it gives the hacker complete control of the user’s funds.

Services not compromised; Investigation underway

NameCheap also confirmed that its services were not compromised and that no customer data was leaked as a result of the hack. Within two hours of receiving the initial notification, Namecheap confirmed that mail delivery had been restored and that all communications would now come from the official source.

However, the main issue of unsolicited email distribution is still being investigated. When dealing with MetaMask and Namecheap communications, investors should double-check website links, email addresses, and points of contact.

Namecheap confirmed on Twitter that it was successful in stopping the fraudulent emails and contacted their upstream provider to resolve the issue.

• $46 million of stolen Wormhole funds has just been transferred from the hacker’s wallet.
• Wormhole’s token bridge was exploited in February 2022.

The stolen crypto from one of the industry’s largest exploits is on the move once more, with on-chain data revealing that another $46 million in stolen funds has just been transferred from the hacker’s wallet.

Wormhole’s token bridge was exploited in February 2022, resulting in the third-largest crypto hack last year. Wrapped ETH (wETH) worth approximately $321 million was stolen in the attack.

According to blockchain security firm PeckShield, the hacker’s associated wallet has again gotten active, transferring $46 million in cryptocurrency.

This consisted of approximately 24,400 Lido Finance-wrapped Ethereum staking token (wstETH) worth around $41.4 million and 3,000 Rocket Pool Ethereum staking token (rETH) worth around $5 million that was transferred to MakerDAO.

The analysis

According to PeckShield, the hacker appears to be looking for yield or arbitrage opportunities on their stolen loot, as the assets were exchanged for 16.6 million DAI.

The MakerDAO stablecoin was then used to purchase 9,750 ETH and 1,000 stETH, then wrapped into 9,700 wstETH.

Last week, an on-chain sleuth noticed the hacker “buying the dip.” Over the last few hours, the price of Ethereum has, however, fallen below those levels. According to CoinMarketCap, the Ethereum token was trading down 2.6% on the day at $1,505 at the time of writing.

stETH prices depegged from Ethereum and climbed as high as $1,570 at the time of the transfers. At $1,541, they are currently trading 2.4% higher than ETH. Besides, wstETH has depegged and is now worth $1,676, or 11.3% more than the underlying asset.

The latest transfer of these hacked funds comes just a few weeks after the hacker sent another $155 million in Ethereum to a decentralized exchange last month.

95,630 ETH was sent to the OpenOcean DEX and then converted into ETH-pegged assets such as Lido’s stETH and wstETH.

• Immunefi has given more than $65 million to white hat hackers in 2022
• Smart contract bugs accounted for a majority of payouts

Since its establishment in 2020, Immunefi, a prominent site for bug bounties in the cryptocurrency sector, distributed $65 million to white hat hackers.

These “ethical hackers” look for weaknesses in blockchain and smart contract projects and are compensated for reporting them to Immunefi. This aids in protecting users’ assets and deters criminals from stealing money.

With 728 submissions, 58.3% of the paid reports were for smart contract vulnerabilities, according to Immunefi. Websites and applications cases received 488 submissions, accounting for 39.1% of the total, and Distributed Ledger Technology/Blockchain cases received 32 submissions or 2.6%.

Smart contracts and their bugs…

The second-highest number of submissions came from websites and applications. However, they only received 2.9% of the awards; instead, smart contract bugs received 89.6% of the money.

More bounties have been awarded to some projects than others. In 2021, bounty programs from Aurora, Wormhole, Optimism, Polygon, and an unknown company offered $30.2 million in payouts. The average payout stood to be $52,800 and a median payout of $2,000 per program.

Due to the rise in crypto breaches that cost over $3 billion in assets, Immunefi enabled over $52 million in rewards to white hat hackers in 2022.

The Wormhole decentralized communications protocol vulnerability received a $10 million payout for the year’s top bounty. Furthermore, a $6 million reward was granted for a flaw in the Aurora Ethereum-compatible layer-two scaling solution. Both of these were the subject of bug bounties.

Due to the substantial sums of money stored in smart contracts, Web3 bug bounties are typically higher than those for Web2. The site explained,

As Immunefi explains, “A $5,000 bounty payout for a critical vulnerability may work in the web2 world, but it does not work in the web3 world. If the direct loss of funds for a web3 vulnerability could be up to $50 million, then it makes sense to offer a much larger bounty size to incentivize good behavior.”

It’s interesting to note that the total value of the Wormhole bounty exceeds the $8.7 million awarded by Google’s Vulnerability Reward Programs in the previous calendar year.

Bear Market- A help for the Hackers

With billions of dollars taken from the crypto protocols, hackers profited greatly from the bear market. Hackers made nearly $3 billion this year as per data from DefiLlama. Finally, they made use of the DeFi protocol to steal almost $718 million in October, making it the biggest month of the biggest year for cryptocurrency hacking activity.

This year, white-hat hackers significantly contributed to the effort to safeguard customer funds. Cybercriminals known as “black-hat” hackers have the potential to take advantage of smart contracts’ flaws and steal consumers’ money. To gain access to victims’ money, they employ several strategies, such as phishing attempts.

Additionally, the Crypto Drainers contract is a strategy that has recently made headlines. They are phishing pages that pretend to be the websites of well-known projects and are used by con artists to steal digital assets. They use deception to get their victims to link their wallets to the minting website, after which they take their digital assets.