Connect with us

Hacks

Solana hot wallets reportedly being drained of to unknown address “Htp9MGP” – totalling over $6M

Published

on

Solana hot wallets reportedly being drained of to unknown address “Htp9MGP” – totalling over $6M

Solana hot wallets reportedly being drained of to unknown address “Htp9MGP” – totalling over $6M Liam ‘Akiba’ Wright · 13 hours ago · 2 min read

Uncertainty is creating true fear, uncertainty, and doubt in real terms for wallet owners on the Solana blockchain at present.

2 min read

Updated: August 3, 2022 at 10:08 am

Advertisement

Cover art/illustration via CryptoSlate

Up to $6 million in crypto has been drained from Solana wallets within the last 10 minutes, according to CryptoSlate sources. Users are reporting that entire wallets have been drained of funds, with little currently known as to the source of the issue.

Massive exploit/drain going on with Solana seeing it live in Taiyo tons of people losing their whole balance out of no where.

Move everything to a ledger NOW.

Two wallets reported:

#1 https://t.co/wfzoemsyzN

Advertisement

#2: https://t.co/MrScbi9hf1

— Tom 《TYR》 (@SolportTom) August 2, 2022

Comments on just this post alone include many users claiming also to have had their wallets drained. No trend or source of the exploit has currently been identified.

Crypto trader Bilal Ahmed suggested to CryptoSlate that it may be related to an NFT mint by Rakkudo. Ahmed is aware of over 500 SOL being stolen from within his personal network of traders. Theorizing the cause of the event, Ahmed suggested,

“Rakkudo minted today, currently, it seems to be wallets linked to wallets that tried to mint. But it’s really odd as it’s also draining main wallets, not just burners.”

There has been no official statement from the Rakkudo team on its official Twitter account at this point.

Advertisement

Another Twitter user accused SolaLand of being responsible for the exploit resulting in the project posting the following tweet.

This is false information from a fake profile. It has only 20 followers, don’t spread false infos. https://t.co/blRnB9bVS3 pic.twitter.com/QxyLTNqAFN

— SolaLand ▲ (@SolaLandHQ) August 2, 2022

Uncertainty is creating true fear, uncertainty, and doubt in real terms for wallet owners on the Solana blockchain at present.

Although the cause of the exploit is yet unknown, Oone wallet, in particular, has been mentioned throughout the reports. “Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV” currently has a balance of $6 million, with the majority being stablecoins. The wallet received hundreds of transactions from unique addresses at 23:22:57 PM +UTC on Tuesday, August 2.

Youness Kasmi, founder of Private Foxes, also identified 2 other wallets draining users’ funds.

Advertisement

Drainer wallets:
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

— Youness KASMI ($c1f3) (@kasmiyouness1) August 3, 2022

This is a developing story, and the article will be updated with further news. 

UPDATE: Magic Eden is now also telling users to revoke permissions to dApps.

🚨🚨🚨There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem

Here’s what you can do right now to best protect yourself
1. Go to>Settings on your @phantom wallet
2.>Trusted Apps
3.>Revoke Permissions for any suspicious links

💜

Advertisement

— Magic Ethen 🪄 (@MagicEden) August 3, 2022

UPDATE August 3, 10 AM BST: Reports suggest the exploit is related to Phantom wallets as seemingly no hardware wallets have been affected at this point. The project tweeted that it is working with “other teams” but believes it is not a “Phantom-specific issue.”

We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.

As soon as we gather more information, we will issue an update.

— Phantom (@phantom) August 3, 2022

Foobar is now declaring that the issue may be related to the compromised private keys of the affected wallets. The assumption is founded on the fact that tokens such as USDC have been sent as direct transfers to another wallet instead of interacting with a smart contract that requires approvals. Token transfers are signed by the users themselves, thus pointing toward private keys being compromised.

Advertisement

🚨 Widespread Solana private key compromise 🚨

– attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
– affecting wallets that have been inactive for>6 months
– both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q

— foobar (@0xfoobar) August 3, 2022

Hacks

Binance recovers $450K stolen from Curve DNS Hack

Published

on

Binance recovers $450K stolen from Curve DNS Hack

Binance recovers $450K stolen from Curve DNS Hack Christian Nwobodo · 2 hours ago · 1 min read

Binance has identified and frozen 83% of the funds stolen from Curve Finance and is working with law enforcement to return the money to users.

1 min read

Updated: August 12, 2022 at 11:25 am

Advertisement

Cover art/illustration via CryptoSlate

Binance CEO Changpeng Zhao tweeted on August 12 that the exchange has identified and frozen 83% of the funds stolen from Curve Finance after the hacker attempted to launder it through Binance.

Binance froze/recovered $450k of the Curve stolen funds, representing 83%+ of the hack. We are working with LE to return the funds to the users. The hacker kept on sending the funds to Binance in different ways, thinking we can’t catch it. 😂#SAFU https://t.co/Ekea9moeAw

— CZ 🔶 Binance (@cz_binance) August 12, 2022

Binance is currently working with the appropriate law enforcement agents to return the funds to the users.

Timeline of the DNS Exploit

Curve Finance lost over $570,000 to hackers who hijacked their DNS on August 9. Through DNS spoofing, the Curve website was cloned and made the DNS route to their IP where the cloned website is deployed and added approval requests to a malicious contract.

Advertisement

🚨🚨🚨@CurveFinance frontend is compromised, do not use it until further notice!

— samczsun (@samczsun) August 9, 2022

A swift response from the Curve team resolved the issues, though there were initial constraints for users in certain regions. As of August 10, users can freely access the curve.fi website.

Finally, DNS settings for https://t.co/vOeMYOTq0l propagated everywhere, so it is safe to use in every location on Earth.https://t.co/UKYBuunAhY and chain-specific sites got updated much earlier.

— Curve Finance (@CurveFinance) August 10, 2022

Posted In: Binance, Hacks

Advertisement
Continue Reading

DeFi

Curve Finance DNS exploit resolved – how to check if it is safe to use

Published

on

Curve Finance DNS exploit resolved – how to check if it is safe to use

Curve Finance DNS exploit resolved – how to check if it is safe to use Liam ‘Akiba’ Wright · 2 hours ago · 2 min read

The front end exploit of Curve Finance has been resolved but not all DNS records have yet been propagated so caution is advised

2 min read

Updated: August 10, 2022 at 9:09 pm

Advertisement

Cover art/illustration via CryptoSlate

Over $530k was stolen from Curve Finance Tuesday after a hacker was able to take control of the nameserver to reroute the DNS to a malicious server. The front end of the Curve website was cloned to trick users into believing they were interacting with a legitimate site.

On the surface, the SSL certificate, domain name, and website content were identical to the real version of the site, giving users little chance to identify the exploit. The correct IP for Curve’s server has been released and information on how to check this can be found at the end of this article.

Don’t use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ

— Curve Finance (@CurveFinance) August 9, 2022

Within an hour, Curve had updated its Twitter account to pinpoint the malicious contract that should be revoked from all users’ wallets. The update followed a statement confirming that the platform had “found and reverted” the issue.

Advertisement

The issue has been found and reverted. If you have approved any contracts on Curve in the past few hours, please revoke immediately. Please use https://t.co/6ZFhcToWoJ for now until the propagation for https://t.co/vOeMYOTq0l reverts to normal

— Curve Finance (@CurveFinance) August 9, 2022

As of 7 PM GMT on August 10, Curve advises users to take additional precautions when interacting with its dApp. The issue has been resolved, but not all DNS records have been updated worldwide at this time. Users who understand how to verify an IP are safe to use the platform; others should use curve.exchange in the meantime.

We’ll tweet when we’re certain that ALL DNS records on all NS servers in the world are entirely up to date and the https://t.co/vOeMYOTq0l address is definitely safe to use https://t.co/kfODENPHFS

— Curve Finance (@CurveFinance) August 10, 2022

Tether’s CTO Paolo Ardoino commented on the hack Wednesday afternoon to state,

“This attack demonstrates once again that the ingenuity of hackers presents a near and ever-present danger to our industry… We applaud Curve for its ability to be able to pinpoint the source of the hack, and speedily act. This is exactly how a protocol should react during a time when customers’ funds are at risk.”

How to check if curve.fi resolves to the correct server

For those wishing to use Curve Finance the following methods can be used to check how the IP address resolves at your location.

Advertisement

Windows

  1. Press “Windows + R”
  2. In the Run dialogue box, type “cmd” and hit enter
  3. A window will open, and it in type “ping curve.fi”
  4. The result should return the IP address “76.76.21.21”
  5. If it does, then your current internet connection is resolving to the correct server for the domain

Mac

  1. Press “Cmd + Space”
  2. Type “terminal” and open the “Terminal” app
  3. A window will open, and it in type “ping curve.fi”
  4. The result should return the IP address “76.76.21.21”
  5. If it does, then your current internet connection is resolving to the correct server for the domain

However, in an abundance of caution, users are still advised to use curve.exchange until the Curve team releases a further update to confirm all DNS records have propagated.

Posted In: DeFi, Hacks, Outage

Continue Reading

Crime

Curve Finance front end UI compromised in DNS hack – users advised not to interact

Published

on

Curve Finance front end UI compromised in DNS hack – users advised not to interact

Curve Finance front end UI compromised in DNS hack – users advised not to interact Liam ‘Akiba’ Wright · 1 hour ago · 1 min read

Over $500k has been stolen from Curve finance as the front end is compromised through an attack taking control of its nameserver.

1 min read

Updated: August 9, 2022 at 10:13 pm

Advertisement

Cover art/illustration via CryptoSlate

Samczsun, a researcher at Paradigm, is reporting that the Curve Finance front end has been compromised, with over $500k stolen within a matter of minutes.

🚨🚨🚨@CurveFinance frontend is compromised, do not use it until further notice!

— samczsun (@samczsun) August 9, 2022

The official Curve Finance Twitter has confirmed the news stating:

Don’t use the frontend yet. Investigating! https://t.co/8kmtpGsLQQ

— Curve Finance (@CurveFinance) August 9, 2022

Advertisement

The founder of Rotkiapp, Lefteris Karapetsas, theorized that “It’s DNS spoofing. Cloned the site, made the DNS point to their ip where the cloned site is deployed and added approval requests to a malicious contract.” Curve retweeted the theory in apparent support before following up with a further announcement;

Don’t use https://t.co/vOeMYOTq0l site – nameserver is compromised. Investigation is ongoing: likely the NS itself has a problem

— Curve Finance (@CurveFinance) August 9, 2022

Posted In: Crime, DeFi, Hacks

Advertisement
Continue Reading

Top posts

․bit Raises $13M To Build Cross-Chain Decentralized Identity Protocol ․bit Raises $13M To Build Cross-Chain Decentralized Identity Protocol
BIT2 hours ago

․bit Raises $13M To Build Cross-Chain Decentralized Identity Protocol

sponsored .bit (did.id) has raised $13 million to build a cross-chain decentralized identity protocol. The Series A round, completed one...

What a complete yolk! Comparing Bitcoin to Eggs and why it matters What a complete yolk! Comparing Bitcoin to Eggs and why it matters
adoption3 hours ago

What a complete yolk! Comparing Bitcoin to Eggs and why it matters

What a complete yolk! Comparing Bitcoin to Eggs and why it matters Liam ‘Akiba’ Wright · 4 seconds ago ·...

Biggest Movers: SHIB Remains Near 3-Month High, Whilst LEO Hits 2-Week High  Biggest Movers: SHIB Remains Near 3-Month High, Whilst LEO Hits 2-Week High 
Analysis3 hours ago

Biggest Movers: SHIB Remains Near 3-Month High, Whilst LEO Hits 2-Week High 

Shiba inu remained close to a three-month high to start the week, after breaking out of a key resistance level...

Why Hashing Is Critical In Ensuring Sage Encryption In Cyber Security Why Hashing Is Critical In Ensuring Sage Encryption In Cyber Security
Cyber Security3 hours ago

Why Hashing Is Critical In Ensuring Sage Encryption In Cyber Security

Hashing is really important for integrated encryption in cyber security Assuming you work in the innovation or cyber security industry,...

Bitgert (BRISE) Marketcap To Explode Past Baby Doge And Safemoon (SFM) This Month Bitgert (BRISE) Marketcap To Explode Past Baby Doge And Safemoon (SFM) This Month
SafeMoon4 hours ago

Bitgert (BRISE) Marketcap To Explode Past Baby Doge And Safemoon (SFM) This Month

Bitgert’s massive developments that include adding disruptive products and projects to the Brise ecosystem are key skyrocketing Bitgert marketcap. The...

New Brazil bill wants to tokenize mined gold on blockchain New Brazil bill wants to tokenize mined gold on blockchain
adoption4 hours ago

New Brazil bill wants to tokenize mined gold on blockchain

New Brazil bill wants to tokenize mined gold on blockchain Oluwapelumi Adejumo · 60 mins ago · 1 min read...

Solana Price Climbs To $47 As SOL Bulls Outshine Pesky Bears Solana Price Climbs To $47 As SOL Bulls Outshine Pesky Bears
btcusd4 hours ago

Solana Price Climbs To $47 As SOL Bulls Outshine Pesky Bears

Solana (SOL) price has locked its sights on the goal from day one. Solana’s price is extremely bullish Price spiked...

President Of Central Bank Of Brazil Disagrees With ‘Heavy Hand’ Regulations For Cryptocurrencies President Of Central Bank Of Brazil Disagrees With ‘Heavy Hand’ Regulations For Cryptocurrencies
Brazil5 hours ago

President Of Central Bank Of Brazil Disagrees With ‘Heavy Hand’ Regulations For Cryptocurrencies

The president of the Central Bank of Brazil, Roberto Campos Neto, has defended the use of more moderate regulations in...

Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network
adoption5 hours ago

Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network

Interlay launches Bitcoin-backed stablecoin iBTC on Polkadot network Samuel Wan · 1 hour ago · 2 min read The new...

TA: Top 5 Crypto You Should Watch This Week – BTC, ETH, BNB, GMT TA: Top 5 Crypto You Should Watch This Week – BTC, ETH, BNB, GMT
Bitcoin5 hours ago

TA: Top 5 Crypto You Should Watch This Week – BTC, ETH, BNB, GMT

Top 5 Crypto You Should Watch This Week, with many crypto altcoins producing price gains of two or more digits....

Bitcoin, Ethereum Technical Analysis: BTC Lower, Following Brief Rally Above $25,000 Bitcoin, Ethereum Technical Analysis: BTC Lower, Following Brief Rally Above $25,000
Analysis5 hours ago

Bitcoin, Ethereum Technical Analysis: BTC Lower, Following Brief Rally Above $25,000

Bitcoin was trading lower to start the week, after the token briefly rose above $25,000 during Sunday’s session. As of...

Monero enhances privacy, security features with new upgrade Monero enhances privacy, security features with new upgrade
Monero7 hours ago

Monero enhances privacy, security features with new upgrade

Monero enhances privacy, security features with new upgrade Oluwapelumi Adejumo · 2 hours ago · 2 min read The Monero...

Report Shows Crypto Assets Record Steady Growth As Inflation Lowers Report Shows Crypto Assets Record Steady Growth As Inflation Lowers
BTC7 hours ago

Report Shows Crypto Assets Record Steady Growth As Inflation Lowers

The United States’ newest release on its inflation rate for July has created a celebration reason for many, especially the...

MANA’s network activity could bring forth a shorting opportunity here MANA’s network activity could bring forth a shorting opportunity here
Altcoins8 hours ago

MANA’s network activity could bring forth a shorting opportunity here

Every once in a while, cryptocurrencies go through a phase where volumes contract and prices are restricted within a narrow...

Monero (XMR) Climbs Over 7% Before Weekend Hard Fork Monero (XMR) Climbs Over 7% Before Weekend Hard Fork
btcusd9 hours ago

Monero (XMR) Climbs Over 7% Before Weekend Hard Fork

Monero (XMR) price has surged by as much as 7% in a matter of 24 hours before network upgrade or...

USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets
MIM9 hours ago

USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets

USDT supply up almost $2B over 30 days, USDC supply falls after blocking Tornado Cash linked wallets Oluwapelumi Adejumo ·...

GameFi as a major achievement of the Korean Wave (Hallyu) movement GameFi as a major achievement of the Korean Wave (Hallyu) movement
Company News10 hours ago

GameFi as a major achievement of the Korean Wave (Hallyu) movement

July 15th was a music milestone. Ten years ago in Summer 2012, the release of “Gangnam Style,” catapulted South Korean...

Ripple lawsuit: SEC receives another shock after latest court ruling Ripple lawsuit: SEC receives another shock after latest court ruling
News11 hours ago

Ripple lawsuit: SEC receives another shock after latest court ruling

American watchdog SEC took a recent hit as the battle against Ripple moved into an interesting phase this week. There...

Trending

Daily Bitcoin MiningEarn At least $50 daily with just your phone