The 4 biggest exploits of August and how they got access

0

Hack Life: Unfortunately, hacks have become so commonplace that they are considered part of everyday life. So much so that we now do monthly reviews of it.

According to a recent report by data analysis platform Chainanalysis, vulnerabilities in cross-chain bridge protocols pose the top security threat in the crypto industry; They now account for two-thirds of all hacks.

$263 million and counting

According to a blockchain security firm Hacked SlowMistusers lost around $263 million worth of cryptocurrencies to hacks in August.

Hacked SlowMist

SlowMist Hacked statistics show that the top 5 types of attacks were contract vulnerabilities, rug pulls, discord hacks, frontend attacks, and BGP hijacking.

This August began with one of the most devastating attacks the industry has ever seen – the Nomad exploit.

Hack 1: Nomad
Assets stolen: $200 million

The Nomad Bridge exploit is a devastating attack that resulted in $200 million worth of cryptocurrency being stolen from user accounts on August 1st. What drew even more attention to the hack was the number of attackers involved in the incident – 300 unique addresses. Some of the hackers even tried to pose as Nomad employees to get more money.

The exploit was made possible by a recent smart contract Update. “It turns out that during a routine upgrade, the Nomad team initialized the trusted root to 0x00. Unfortunately, in this case, it had the tiny side effect that every message was automatically checked,” one of the security analysts said written down.

The platform later set up a 10% bounty program, offering the hackers to return 90% of the stolen funds and leave the 10% to their own devices.

Only $36 million has been returned so far, while one of the wallets linked to the exploit recently transferred $7.5 million worth of cryptocurrency to an unknown wallet address.

Hack 2: Acala network
Assets stolen: $52 million

On August 14, a Twitter user 0xTaysama noticed suspicious activity on a polkadot (DOT)-based DeFi platform Acala, suggesting that there could be a hack. They also identified a possible reason for the attack, “a flaw in the iBTC/AUSD pool.”

The hacker managed to exploit the flaw to mint 1.2 billion aUSD, the Acala network’s native token. This led to a 99% drop in the token price and a consequent depegging, falling to $0.60 and hovering around $0.90.

The platform’s developers said the error was due to the misconfiguration of the iBTC/aUSD liquidity pool. The liquidity pool went live earlier the same day. Acala suspended the protocol shortly after the attack and disabled the transfer of the stolen assets.

On-chain analysts pointed out that the other users could have used the flaw and attack to steal thousands of dollars in DOT.

Hack 3: Solana
Assets stolen: $5.8 million

Around 8,000 hot mobile wallets fell victim to the attack, which drained $5.8 million to SOL, USDC and others on August 2-3. The wallets connected to the Solana (SOL). Ecosystem included TrustWallet, Phantom and Slope.

The attackers appeared to have gained access to users’ signatures, which could indicate that some third-party services were compromised through a supply chain attack.

Solana developers believe the hack was initiated in software popular among network users.

A vulnerability in a Solana mobile wallet slope appeared to be the reason for the hack. According to the official Solana Status Twitter“This exploit has been isolated to a wallet on Solana and hardware wallets used by Slope remain secure.”

The developers reminded users of the reliability and security advantages of cold wallets over hot wallets to avoid future security vulnerabilities.

Be[in]crypto has contacted Solana but has not received a response.

Hack 4: ZB.com
Assets stolen: $4.8 million

Ironically, a crypto exchange that positioned itself as “the safest digital exchange in the world” and manages over $1 billion in daily trades was hacked for $4.8 million on Aug. 2.

ZB.Com latest victim of hot wallet hack;  Here's what we know – beincrypto.com

The 20 digital assets, including USDT, MATIC, AAVE, and SHIB, were delisted and shortly after sold for Ethereum on various decentralized exchanges, PeckShield Data shows.

The exchange suspended withdrawals and deposits, describing it first as “temporary maintenance” and then as a “sudden failure of some core applications,” leading many in the community to believe it could be an exit scam.

basic protection

With so many attacks and exploits in the industry, it’s important to remember basic protections. These include choosing a cold wallet over a hot wallet that never reveals a recovery phrase and keeps it in paper form in various places, using two-factor authentication, being cautious and double checking the links and emails, before you click it.

Got something to say about hacks or something else? Join the discussion on our Telegram channel. You can also follow us on Tik Tok, Facebook or Twitter

Disclaimer

All information contained on our website is published to the best of our knowledge and for general information purposes only. Any actions taken by the reader based on the information contained on our website are entirely at your own risk.

Share.

About Author

Comments are closed.