Connect with us

Hacks

Over $86.6M worth of NFTs stolen since start of 2022

Published

on

Over $86.6M worth of NFTs stolen since start of 2022

Over $86.6M worth of NFTs stolen since start of 2022 Andjela Radmilac · 13 hours ago · 2 min read

Over $86.6 million worth of NFTs has been stolen in 166 thefts since 2020 and hackers show no sign of stopping.

2 min read

Updated: August 4, 2022 at 8:42 am

Advertisement

Cover art/illustration via CryptoSlate

Recent research from Comparitech shows that NFT thefts are becoming more frequent than ever— and more profitable.

The company has kept track of NFT thefts ever since the non-fungible token standard was first introduced and recorded the first stolen NFTs as early as 2020. Since then, over $86.6 million of tokens have been stolen. At today’s prices, these NFTs are worth over $896.5 million.

There has also been a significant increase in the overall number of NFT thefts in 2022, starkly contrasting the declining number of crypto hacks recorded by Comparitech. Out of the 166 total NFT thefts, 14 happened in 2021, and only two occurred in 2020. The remaining 150 took place, in 2022, with March being the worst month for NFT owners, with 31 thefts happening that month.

Chart showing NFT thefts from 2020 to 2022 (Source: Comparitech)

The largest theft based on the amount stolen at the time of the attack was Lympo. In January 2022, the sports-based NFT subsidiary of Animoca Brands lost 165.2 million LMT tokens in a hot wallet hack. At the time of the attack, the tokens were worth $18.7 million. In November 2021, WAX chain game Farmers World suffered a hack that resulted in $15.7 million worth of NFTs being stolen.

Advertisement

With $13.7 million stolen, BAYC is the third-largest NFT hack ever. In April 2022, BAYC’s Instagram account was hacked, and dozens of NFTs were stolen from users. The floor price for the stolen NFTs was nearly $14 million at the time of the attack.

In its research, Comparitech only focused on clear exploits from hackers and excluded rug pulls, employee thefts, phishing scams, and company errors. The study also included NFT attacks identified by security trackers such as PeckShield or CertiK.

Hacks

Binance recovers $450K stolen from Curve DNS Hack

Published

on

Binance recovers $450K stolen from Curve DNS Hack

Binance recovers $450K stolen from Curve DNS Hack Christian Nwobodo · 2 hours ago · 1 min read

Binance has identified and frozen 83% of the funds stolen from Curve Finance and is working with law enforcement to return the money to users.

1 min read

Updated: August 12, 2022 at 11:25 am

Advertisement

Cover art/illustration via CryptoSlate

Binance CEO Changpeng Zhao tweeted on August 12 that the exchange has identified and frozen 83% of the funds stolen from Curve Finance after the hacker attempted to launder it through Binance.

Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it. 😂#SAFU https://t.co/Ekea9moeAw

— CZ 🔶 Binance (@cz_binance) August 12, 2022

Binance is currently working with the appropriate law enforcement agents to return the funds to the users.

Timeline of the DNS Exploit

Curve Finance lost over $570,000 to hackers who hijacked their DNS on August 9. Through DNS spoofing, the Curve website was cloned and made the DNS route to their IP where the cloned website is deployed and added approval requests to a malicious contract.

Advertisement

🚨🚨🚨@CurveFinance frontend is compromised, do not use it until further notice!

— samczsun (@samczsun) August 9, 2022

A swift response from the Curve team resolved the issues, though there were initial constraints for users in certain regions. As of August 10, users can freely access the curve.fi website.

Finally, DNS settings for https://t.co/vOeMYOTq0l propagated everywhere, so it is safe to use in every location on Earth.https://t.co/UKYBuunAhY and chain-specific sites got updated much earlier.

— Curve Finance (@CurveFinance) August 10, 2022

Posted In: Binance, Hacks

Advertisement
Continue Reading

DeFi

Curve Finance DNS exploit resolved – how to check if it is safe to use

Published

on

Curve Finance DNS exploit resolved – how to check if it is safe to use

Curve Finance DNS exploit resolved – how to check if it is safe to use Liam ‘Akiba’ Wright · 2 hours ago · 2 min read

The front end exploit of Curve Finance has been resolved but not all DNS records have yet been propagated so caution is advised

2 min read

Updated: August 10, 2022 at 9:09 pm

Advertisement

Cover art/illustration via CryptoSlate

Over $530k was stolen from Curve Finance Tuesday after a hacker was able to take control of the nameserver to reroute the DNS to a malicious server. The front end of the Curve website was cloned to trick users into believing they were interacting with a legitimate site.

On the surface, the SSL certificate, domain name, and website content were identical to the real version of the site, giving users little chance to identify the exploit. The correct IP for Curve’s server has been released and information on how to check this can be found at the end of this article.

Don’t use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ

— Curve Finance (@CurveFinance) August 9, 2022

Within an hour, Curve had updated its Twitter account to pinpoint the malicious contract that should be revoked from all users’ wallets. The update followed a statement confirming that the platform had “found and reverted” the issue.

Advertisement

The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal

— Curve Finance (@CurveFinance) August 9, 2022

As of 7 PM GMT on August 10, Curve advises users to take additional precautions when interacting with its dApp. The issue has been resolved, but not all DNS records have been updated worldwide at this time. Users who understand how to verify an IP are safe to use the platform; others should use curve.exchange in the meantime.

We’ll tweet when we’re certain that ALL DNS records on all NS servers in the world are entirely up to date and the https://t.co/vOeMYOTq0l address is definitely safe to use https://t.co/kfODENPHFS

— Curve Finance (@CurveFinance) August 10, 2022

Tether’s CTO Paolo Ardoino commented on the hack Wednesday afternoon to state,

“This attack demonstrates once again that the ingenuity of hackers presents a near and ever-present danger to our industry… We applaud Curve for its ability to be able to pinpoint the source of the hack, and speedily act. This is exactly how a protocol should react during a time when customers’ funds are at risk.”

How to check if curve.fi resolves to the correct server

For those wishing to use Curve Finance the following methods can be used to check how the IP address resolves at your location.

Advertisement

Windows

  1. Press “Windows + R”
  2. In the Run dialogue box, type “cmd” and hit enter
  3. A window will open, and it in type “ping curve.fi”
  4. The result should return the IP address “76.76.21.21”
  5. If it does, then your current internet connection is resolving to the correct server for the domain

Mac

  1. Press “Cmd + Space”
  2. Type “terminal” and open the “Terminal” app
  3. A window will open, and it in type “ping curve.fi”
  4. The result should return the IP address “76.76.21.21”
  5. If it does, then your current internet connection is resolving to the correct server for the domain

However, in an abundance of caution, users are still advised to use curve.exchange until the Curve team releases a further update to confirm all DNS records have propagated.

Posted In: DeFi, Hacks, Outage

Continue Reading

Crime

Curve Finance front end UI compromised in DNS hack – users advised not to interact

Published

on

Curve Finance front end UI compromised in DNS hack – users advised not to interact

Curve Finance front end UI compromised in DNS hack – users advised not to interact Liam ‘Akiba’ Wright · 1 hour ago · 1 min read

Over $500k has been stolen from Curve finance as the front end is compromised through an attack taking control of its nameserver.

1 min read

Updated: August 9, 2022 at 10:13 pm

Advertisement

Cover art/illustration via CryptoSlate

Samczsun, a researcher at Paradigm, is reporting that the Curve Finance front end has been compromised, with over $500k stolen within a matter of minutes.

🚨🚨🚨@CurveFinance frontend is compromised, do not use it until further notice!

— samczsun (@samczsun) August 9, 2022

The official Curve Finance Twitter has confirmed the news stating:

Don’t use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ

— Curve Finance (@CurveFinance) August 9, 2022

Advertisement

The founder of Rotkiapp, Lefteris Karapetsas, theorized that “It’s DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.” Curve retweeted the theory in apparent support before following up with a further announcement;

Don’t use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem

— Curve Finance (@CurveFinance) August 9, 2022

Posted In: Crime, DeFi, Hacks

Advertisement
Continue Reading

Top posts

․bit Raises $13M To Build Cross-Chain Decentralized Identity Protocol ․bit Raises $13M To Build Cross-Chain Decentralized Identity Protocol
BIT3 hours ago

․bit Raises $13M To Build Cross-Chain Decentralized Identity Protocol

sponsored .bit (did.id) has raised $13 million to build a cross-chain decentralized identity protocol. The Series A round, completed one...

What a complete yolk! Comparing Bitcoin to Eggs and why it matters What a complete yolk! Comparing Bitcoin to Eggs and why it matters
adoption4 hours ago

What a complete yolk! Comparing Bitcoin to Eggs and why it matters

What a complete yolk! Comparing Bitcoin to Eggs and why it matters Liam ‘Akiba’ Wright · 4 seconds ago ·...

Biggest Movers: SHIB Remains Near 3-Month High, Whilst LEO Hits 2-Week High  Biggest Movers: SHIB Remains Near 3-Month High, Whilst LEO Hits 2-Week High 
Analysis4 hours ago

Biggest Movers: SHIB Remains Near 3-Month High, Whilst LEO Hits 2-Week High 

Shiba inu remained close to a three-month high to start the week, after breaking out of a key resistance level...

Why Hashing Is Critical In Ensuring Sage Encryption In Cyber Security Why Hashing Is Critical In Ensuring Sage Encryption In Cyber Security
Cyber Security4 hours ago

Why Hashing Is Critical In Ensuring Sage Encryption In Cyber Security

Hashing is really important for integrated encryption in cyber security Assuming you work in the innovation or cyber security industry,...

Bitgert (BRISE) Marketcap To Explode Past Baby Doge And Safemoon (SFM) This Month Bitgert (BRISE) Marketcap To Explode Past Baby Doge And Safemoon (SFM) This Month
SafeMoon5 hours ago

Bitgert (BRISE) Marketcap To Explode Past Baby Doge And Safemoon (SFM) This Month

Bitgert’s massive developments that include adding disruptive products and projects to the Brise ecosystem are key skyrocketing Bitgert marketcap. The...

New Brazil bill wants to tokenize mined gold on blockchain New Brazil bill wants to tokenize mined gold on blockchain
adoption5 hours ago

New Brazil bill wants to tokenize mined gold on blockchain

New Brazil bill wants to tokenize mined gold on blockchain Oluwapelumi Adejumo · 60 mins ago · 1 min read...

Solana Price Climbs To $47 As SOL Bulls Outshine Pesky Bears Solana Price Climbs To $47 As SOL Bulls Outshine Pesky Bears
btcusd5 hours ago

Solana Price Climbs To $47 As SOL Bulls Outshine Pesky Bears

Solana (SOL) price has locked its sights on the goal from day one. Solana’s price is extremely bullish Price spiked...

President Of Central Bank Of Brazil Disagrees With ‘Heavy Hand’ Regulations For Cryptocurrencies President Of Central Bank Of Brazil Disagrees With ‘Heavy Hand’ Regulations For Cryptocurrencies
Brazil6 hours ago

President Of Central Bank Of Brazil Disagrees With ‘Heavy Hand’ Regulations For Cryptocurrencies

The president of the Central Bank of Brazil, Roberto Campos Neto, has defended the use of more moderate regulations in...

Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network
adoption6 hours ago

Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network

Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network Samuel Wan · 1 hour ago · 2 min read The new...

TA: Top 5 Crypto You Should Watch This Week – BTC, ETH, BNB, GMT TA: Top 5 Crypto You Should Watch This Week – BTC, ETH, BNB, GMT
Bitcoin6 hours ago

TA: Top 5 Crypto You Should Watch This Week – BTC, ETH, BNB, GMT

Top 5 Crypto You Should Watch This Week, with many crypto altcoins producing price gains of two or more digits....

Bitcoin, Ethereum Technical Analysis: BTC Lower, Following Brief Rally Above $25,000 Bitcoin, Ethereum Technical Analysis: BTC Lower, Following Brief Rally Above $25,000
Analysis6 hours ago

Bitcoin, Ethereum Technical Analysis: BTC Lower, Following Brief Rally Above $25,000

Bitcoin was trading lower to start the week, after the token briefly rose above $25,000 during Sunday’s session. As of...

Monero enhances privacy, security features with new upgrade Monero enhances privacy, security features with new upgrade
Monero8 hours ago

Monero enhances privacy, security features with new upgrade

Monero enhances privacy, security features with new upgrade Oluwapelumi Adejumo · 2 hours ago · 2 min read The Monero...

Report Shows Crypto Assets Record Steady Growth As Inflation Lowers Report Shows Crypto Assets Record Steady Growth As Inflation Lowers
BTC8 hours ago

Report Shows Crypto Assets Record Steady Growth As Inflation Lowers

The United States’ newest release on its inflation rate for July has created a celebration reason for many, especially the...

MANA’s network activity could bring forth a shorting opportunity here MANA’s network activity could bring forth a shorting opportunity here
Altcoins9 hours ago

MANA’s network activity could bring forth a shorting opportunity here

Every once in a while, cryptocurrencies go through a phase where volumes contract and prices are restricted within a narrow...

Monero (XMR) Climbs Over 7% Before Weekend Hard Fork Monero (XMR) Climbs Over 7% Before Weekend Hard Fork
btcusd10 hours ago

Monero (XMR) Climbs Over 7% Before Weekend Hard Fork

Monero (XMR) price has surged by as much as 7% in a matter of 24 hours before network upgrade or...

USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets
MIM10 hours ago

USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets

USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets Oluwapelumi Adejumo ·...

GameFi as a major achievement of the Korean Wave (Hallyu) movement GameFi as a major achievement of the Korean Wave (Hallyu) movement
Company News11 hours ago

GameFi as a major achievement of the Korean Wave (Hallyu) movement

July 15th was a music milestone. Ten years ago in Summer 2012, the release of “Gangnam Style,” catapulted South Korean...

Ripple lawsuit: SEC receives another shock after latest court ruling Ripple lawsuit: SEC receives another shock after latest court ruling
News12 hours ago

Ripple lawsuit: SEC receives another shock after latest court ruling

American watchdog SEC took a recent hit as the battle against Ripple moved into an interesting phase this week. There...

Trending

Daily Bitcoin MiningEarn At least $50 daily with just your phone