Latest Hackers News and Insights | Yellow.com

Ronin Network, the blockchain powering Axie Infinity, narrowly escaped disaster this week. A security breach led to a $9.8 million Ether (ETH) loss. But plot twist – it wasn't a hack. Initial panic gave way to relief. A white hat hacker accidentally triggered the exploit. They've now returned the funds. PeckShield first flagged the incident on August 6. They spotted unusual activity involving a maximal extractable value (MEV) bot. MEV bots hunt for arbitrage opportunities in decentralized finance (DeFi). They're common, but this one hit the jackpot. The bot, dubbed "0x4ab", snagged 3.9 ETH tokens. It then moved them to a wallet called "beaver build". Ronin Network confirmed the withdrawal. About 4,000 ETH and 2 million USDC vanished. That's the max for one transaction. The Axie Infinity team wasn't freaking out. They thanked the hacker for safeguarding user funds. A chat followed. Result? All ETH returned. USDC's on its way back too. In a twist that would make even the most seasoned crypto veterans raise an eyebrow, it seems the MEV bot accidentally front-ran an attack. Talk about being in the right place at the wrong time – or was it the wrong place at the right time? Either way, when the dust settled, over $10 million worth of ETH was safely back in Ronin's coffers. Etherscan data shows the MEV bot returned 3,991 ETH. They kept 5 ETH. Not bad for a day's work. Ronin's not stingy. They're giving the bot owner a $500K reward. Nice chunk of change for an oopsie. The team's digging into what went wrong. A recent bridge upgrade messed up. It botched the vote threshold for withdrawals. They're scrambling to fix it. Expect intense audits before the next upgrade. This isn't Ronin's first rodeo. Last year, they lost over $600 million in a massive hack. The crypto world's on edge. Hacks are up 42% from last year. July was brutal – $266 million stolen in 16 incidents. Ronin's close call is a wake-up call. Security's still a wild west in crypto. But sometimes, the good guys win.

A new study has uncovered a major weak spot in blockchain technology. Researchers at Imperial College London have found that circuit layer vulnerabilities pose the biggest threat to SNARK-based systems. The team examined 141 vulnerabilities. These came from 107 audit reports, 16 vulnerability disclosures, and various bug trackers. The findings were presented on August 7 at Columbia University. SNARKs are a type of zero-knowledge proof. They allow users to prove something without revealing any information about it. This technology is crucial for many blockchain applications. Stefanos Chaliasos, a PhD candidate at Imperial, identified three main types of vulnerabilities. These are under-constrained, over-constrained, and computational/hints errors. Chaliasos didn't beat around the bush: "The majority of vulnerabilities are in the circuit layer, and the majority is also soundness response, which is the worst part that can happen when you use Zkps because basically, in the context of a ZK-rollup, if there is such a bug and someone wants to exploit it, then all the funds could be drained from the circuit layer." The study found 95 issues affecting soundness and four affecting completeness. These are critical properties of SNARK systems. Developers face a tough challenge. They must adapt to a different level of abstraction and optimize circuits for efficiency. This directly impacts the cost of using SNARKs. The researchers identified several root causes for these vulnerabilities. These include distinguishing between assignments and constraints, missing input constraints, and unsafe reuse of circuits. In a related development, the Aptos team presented their new weighted VRF mechanism. This aims to enhance randomness in the consensus process. It's a big deal for blockchain security. Aptos deployed this mechanism on their mainnet in June. Alin Tomescu, head of cryptography at Aptos, boasted: "As far as you can tell, this is the first time you see a previously granular script that is unbiaseable, unpredictable, and operates as fast as the network." The system has already processed half a million calls. The distributed key generation takes about 20 seconds. Tomescu added: "Our randomness latency, which is the latency measured from the time a block is committed to the time the randomness for that block is available, was initially 160 milliseconds. But we were able to bring this down to 25 milliseconds using some optimizations." These developments highlight the ongoing challenges and innovations in blockchain technology. As the crypto world evolves, researchers and developers are racing to stay ahead of potential vulnerabilities. The stakes are high, with millions of dollars and the future of decentralized finance hanging in the balance. While SNARK systems offer powerful capabilities, this study serves as a wake-up call to the industry: security must remain at the forefront of blockchain development, or we risk undermining the very foundations of trust that these systems are built upon.

Nexera, a blockchain protocol, got hacked. They lost $1.5 million. It's a mess. The company used to be called AllianceBlock. They tweeted about the attack. They're looking into it. Nexera hit pause on their NXRA token contract. They stopped trading on decentralized exchanges. They're trying to get centralized exchanges to halt trading too. The NXRA token took a nosedive. It's now at $0.033, down 40% since the hack. Ouch. The hacker's sitting pretty with 32.5 million NXRA tokens. That's worth $1.23 million. They've also got $555,000 in USDT. Not too shabby. But the hacker's not done. They're swapping NXRA for Ether. Cyvers, a blockchain security firm, says some cash has already jumped to the BNB chain. This isn't the hacker's first rodeo. ZachXBT, a blockchain sleuth, says they're linked to other recent hacks. SpaceCatch, Concentric Finance, OKX DEX – the list goes on. July was a nightmare for crypto. Hackers made off with $266 million in 16 attacks. WazirX, an Indian exchange, lost a whopping $230 million. That's 86.4% of the month's total losses. Compound Finance got hit for $24 million. Li.Fi lost $10 million. Bittensor and Rho Markets each lost $8 million. It's been a rough month. Hackers love using Tornado Cash to cover their tracks. It's a mixer that makes funds hard to trace. It's a thorn in the side of cybersecurity firms. June was better, with $176 million lost across 20 incidents. But July's spike is worrying. The crypto world's on edge. The Terra blockchain had its own drama. It halted operations after a $6 million theft. The attacker exploited a known bug. They nabbed 60 million ASTRO tokens, some USD Coin, and Bitcoin. In other news, the U.S. Homeland Security busted a Las Vegas resident. The charge? Running a fake crypto recovery scheme. The hits just keep coming in the crypto world.

Ronin Bridge, a major player in the crypto bridging game, hit a snag on Tuesday. The service was forced to pause operations after a whitehat hack drained $12 million in tokens. The Ronin Network team sprang into action. They confirmed the issue on social media platform X. The bridge was halted about 40 minutes after the first suspicious on-chain activity was spotted. The root cause? A botched upgrade. The team explained, "Today's bridge upgrade... introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds." The hack siphoned off 4,000 ether (ETH) and $2 million in USDC. At current prices, that's a cool $9.8 million in ETH alone. But here's the kicker: Ronin's holding onto over $850 million. Co-founder @Psycheout86 reassured users on X, "The bridge currently secures over $850M which is safe." Ronin's not taking this lying down. They're in talks with the hackers to get the funds back. Fingers crossed, eh? This isn't Ronin's first rodeo with security issues. Back in 2022, they got whacked with a $625 million exploit. Talk about a rough patch. For the tech nerds out there, bridges like Ronin are crucial. They let users move tokens between different blockchains. It's like a crypto highway system. Surprisingly, Ronin's native token, RON, didn't take a hit. It's up 6.1% in the last 24 hours, riding the wave of a broader market rise. The crypto world's watching closely. Will Ronin bounce back? Only time will tell. But one thing's for sure – this incident's a wake-up call for the whole industry.

Convergence, a decentralized finance (DeFi) protocol, got hammered by hackers. The attack happened in the wee hours of August 1. It cost the protocol a whopping $212,000. The hack sent Convergence's native token, CVG, into a nosedive. Its value plummeted by over 99%. Talk about a rough day at the office. Wireshark, the pseudonymous founder of Convergence, spilled the beans in a post-mortem. The hacker exploited a smart contract vulnerability. They minted and sold 58 million CVG tokens for about $210,000. But that's not all, folks. The hacker also nabbed $2,000 in unclaimed rewards from Convex. Convex is another DeFi protocol that boosts rewards for Curve liquidity providers. PeckShield, a blockchain security firm, tracked the hacker's moves. After minting the CVG tokens, they quickly swapped them for 60 wrapped-Ether and 15,900 Curve.fi FRAX. The CVG token is now trading at a measly $0.0004. Its market cap has shrunk to just $57,000. That's according to CoinMarketCap data. Convergence admitted they goofed up. They accidentally removed a crucial line of code from their smart contract. This contract distributes CVG staking rewards. "The modification led us to remove the line of code that was checking the input given to the function," Convergence explained. This slip-up allowed the hacker to exploit the contract. Convergence claims user funds are safe. However, they've advised users to withdraw assets from the platform. They're working on fixing the rewards contract for the Stake DAO integration. The hack has put a dent in Convergence's total value locked. It dropped from $5.79 million to $3.69 million, according to DefiLlama data. This incident is part of a larger trend. The crypto ecosystem lost around $266 million to hacks in July alone. Most of this came from the $230 million hack of Indian trading platform WazirX on July 18. Convergence is now left picking up the pieces. "We apologize to our community and investors, and we take full responsibility for what happened," they said. They're currently mulling over the future of the protocol. This hack serves as a stark reminder. Even in the world of cutting-edge finance, a single line of code can make or break a protocol. It's a tough lesson for Convergence, and a wake-up call for the entire DeFi space.