Latest Hackers News and Insights | Yellow.com

The crypto world's got a fresh headache. LiFi protocol, a nifty tool for swapping and bridging cryptocurrencies, just got walloped. Hackers made off with over $10 million in digital assets. Ouch. Here's the deal. The bad guys found a loophole in LiFi's contract approvals. They used it to drain both the contracts and users' wallets. Talk about a double whammy. Cyvers Alerts, a crypto watchdog, sounded the alarm. They spotted some fishy transactions targeting LiFi. The culprit? A specific contract address. LiFi's team jumped into action. They warned users to steer clear of LiFi-powered apps for now. "If you didn't set infinite approval, you're not at risk," they tweeted. Small comfort for those who did, eh? Meir Dolev, Cyvers' tech guru, didn't mince words. "Hackers can exploit these approvals to drain assets," he said. No kidding, Sherlock. LiFi's not alone in this mess. The DeFi space has been taking hits left and right. Pike Finance lost $1.6 million to a smart contract bug. Dough Finance got burned for $1.8 million in a flash loan attack. It's been a rough year for crypto security. Over $1 billion in digital assets vanished in the first half of 2024. Phishing attacks, key compromises – you name it, they've seen it. But it's not all doom and gloom. The crypto market's showing some grit. They managed to recover 77% of stolen funds in Q2. Not too shabby. Still, scams are alive and kicking. X (that's Twitter for you oldies) is losing nearly $50 million a month to account impersonation. It's a jungle out there. So, what's the takeaway? Be careful with those approvals, folks. And maybe keep an eye on those Twitter accounts. You never know who's really sliding into your DMs.

Several decentralized finance (DeFi) apps have fallen victim to a domain registry attack. Blockchain security platform Blockaid raised the alarm on July 11. The attacker seized control of Compound Finance's DNS registry. They also tried and failed to hijack Celer Network's registry. Blockaid's initial probe points to Squarespace domains being the target. This puts any DeFi app using Squarespace at potential risk. The attack came to light when compound.finance started redirecting users to a dodgy site. This malicious site housed a drainer app, aiming to steal users' tokens. Celer Network dodged a bullet. Their domain monitoring system caught the takeover attempt in time. At 3:38 pm UTC, Blockaid dropped a bombshell. "Multiple DeFi front ends are at risk of hijacking," they tweeted. They fingered Squarespace's domain name registry as the likely culprit. DefiLlama developer 0xngmi shared a list of potentially affected domains. It's a who's who of DeFi, featuring over 100 protocols. Big names like Pendle Finance, dYdX, and LooksRare made the cut. MetaMask, a popular Web3 wallet, is stepping up. They're working to warn users about potentially compromised apps linked to the attack. This isn't the first rodeo for the Web3 industry. Domain-name hijacking is just one of many attacks they've faced in the past year. Remember the Ledger Connect library hack in December? That one hit almost the entire Ethereum Virtual Machine ecosystem. Talk about a headache. It's clear that security remains a hot-button issue in the DeFi space. As the old saying goes, with great innovation comes great responsibility – and apparently, great risk.

Cryptocurrency hacks and fraud escalated in the second quarter of 2024. Losses nearly doubled compared to the same period last year. Immunefi, a crypto bug bounty platform, reported $509 million in losses. This marks a 91% increase from Q2 2023. May 2024 saw record-breaking losses of $107 million. June losses decreased to $78 million across 12 incidents. This represents a 27% drop from June 2023's $107 million. DMM Bitcoin, a Japanese centralized exchange, suffered the largest loss. Hackers stole $305 million. The exchange has since implemented customer reimbursement measures. Other significant exploits targeted BtcTurk, Hedgey, Lykke, Gala Games, and SonneFinance. These attacks resulted in combined losses of $164.2 million. Centralized crypto financial institutions bore the brunt of successful attacks. They accounted for two-thirds of all incidents. Grace Dees, a cybersecurity analyst at Resonance Security, explained the trend to Decrypt. "CEFi entities often manage larger pools of assets compared to DeFi platforms. This makes them more lucrative targets," she said. Dees highlighted the vulnerability of centralized systems. "This centralization can create single points of failure," she noted. Regulatory scrutiny has forced DeFi platforms to enhance security. This may have made them less attractive targets, according to Dees. Ethereum emerged as the most exploited blockchain. It accounted for 44.4% of attacks. BNB chain followed at 25%, with Arbitrum at 5.6%. Jonah Michaels from Immunefi explained Ethereum's vulnerability. "Ethereum is the main hub for DeFi activity and currently has the highest amount of funds locked within its ecosystem," he said. Ethereum's connection to privacy chains facilitates quick laundering of stolen funds. This makes it an attractive target for hackers. Only 5% of stolen funds were recovered in Q2 2024. This amounted to $26,736,000 across four specific situations. The crypto industry faces ongoing security challenges. As the market evolves, so do the tactics of malicious actors.

BtcTurk, a leading Turkish cryptocurrency exchange, has fallen victim to a cyber attack. The incident resulted in unauthorized access to some of its hot wallets. The exchange reports asset losses for some users. But the overall financial stability remains intact, the BtcTurk officials claim. The hack occurred on June 22. It raised concerns in the crypto community. The total amount lost remains undisclosed. BtcTurk stated that only hot wallets of 10 cryptocurrencies were compromised. Cold wallets, holding the majority of assets, remain secure. The exchange has disabled all withdrawal and deposit transactions. Binance CEO Richard Teng announced a joint investigation with BtcTurk. It has led to the recovery of $5.3 million in stolen assets. Teng stated: "Binance is assisting BtcTurk with investigations and has frozen over $5.3M in stolen funds so far. Our investigations & security teams work around the clock as part of our proactive efforts to protect the ecosystem from bad actors. We will provide further updates as relevant." On-chain investigator ZachXBT provided insights into the potential hackers. He linked them to an address that recently transferred 1.96 million AVAX ($54.2 million) to Coinbase and THORChain. This transfer caused a 10% decline in AVAX price. ZachXBT's theory is based on BtcTurk's market AVAX address on the Avalanche X-chain. The exchange has not confirmed or denied this theory. BtcTurk assures users of their assets' safety. It claims the hack has not affected its robust financial position. This incident marks the second crypto exchange hack in 2024. In May, Japanese platform DMM Bitcoin lost $305 million in BTC. Crypto exchange hacks draw attention due to their custodial nature. These platforms control users' private keys. They often hold larger funds than decentralized finance (DeFi) counterparts. For perspective, Binance records 13 times the daily trading volume of Uniswap, the largest decentralized exchange. This data comes from Coingecko.