Hacken Token
$ -- --.--

Weekly News Digest #64

Discord tokens are stolen by malicious NPM packages

17 new malicious packages in the npm (Node.js package manager) repository have been discovered by the security firm JFrog. The key purpose of these packages is to steal users’ Discord tokens. By hijacking users’ Discord tokens, attackers can get full control over the victims’ accounts. In the case of successful execution, this type of attack may have severe implications. Even amateur hackers can successfully execute this form of attack by using public hack tools. 

To reduce the risks related to the possible introduction of malicious code into their applications, organizations are recommended to take precautionary measures and manage their use of npm for software curation. The payloads of packages may vary ranging from info stealers to full remote access backdoors. These packages may have the following infection tactics: dependency confusion, trojan functionality, and typosquatting.

Read more 

Solana hit by DDoS attack, network remains operational

As a result of the DDoS attack targeting Solana, its network was temporarily clogged but remained online. It is the first time the network has faced such an issue. In September 2021, the network suffered a 17-hour outage due to mass botting activity for an IDO on Raydium, Solana-based decentralized exchange platform. The DDoS attack was highlighted by Solana-based nonfungible token platform Blockasset on Thursday.

The validator network was experiencing issues related to the processing of transaction requests. The scope of the incident is still unclear and it has not been confirmed by Solana yet. Status.Solana shows that the network is fully operational and has not suffered any outages. There are suggestions that the network clogging may be attributable to another IDO launch on Radium. 

Read more 

BitMart crypto exchange has lost $150M due to hack

$150M worth of tokens were stolen from the exchange’s hot wallets. The affected wallets are the one storing Ethereum and the one storing Binance Smart Chain tokens. According to the information provided by the exchange, other wallets have remained undamaged and, generally, the affected wallets carry only a small percentage of the exchange’s funds. So, the scope of the damage is limited.

The exchange is working on determining the methods used by attackers. It is conducting a comprehensive security review. The management of the exchange has promised to ensure transparency during the investigation process. Investors recommend moving large amounts of crypto that are not needed for day-to-day trading to “cold” storage that is not connected to the Internet. 

Read more

Another disastrous hack took place in the DeFi space. It’s a case for crypto audits

Over the past week, the cryptocurrency community witnessed one of the biggest hacks in the history of DeFi. The decentralized finance protocol Badger DAO that is used for borrowing, lending, and earning yield with tokenized Bitcoin on Ethereum lost more than $120M due to the hack. Cybercriminals actors added a malicious script to the protocol’s frontend website thereby prompting users to approve a smart contract transaction. The script has unlimited permission to drain funds from users’ wallets.

The first firm to notice the attack was PeckShield. The crypto lending firm Celsius Network lost more than $50M in BTC due to the hack. The cases such as the one with Badger DAO have become prevalent in the modern crypto space since the price of many virtual assets has skyrocketed. The recent hack gives rise to discussions about the security of blockchains and the methods to make them more resistant to existing and potential threats.

Read more 

More than $12B worth of crypto assets have been stolen since 2011

The globally distributed team of world-class blockchain analysts Crystal Blockchain has released its bi-annual report called Crypto & DeFi Hacks & Scams. According to the data provided in the research, for the last 10 years, there have been 120 security attacks, 73 attacks on DeFi protocols, and 33 fraudulent activities. As a result of these incidents, more than $12B worth of crypto assets have been stolen by malicious actors including $1.7B stolen from DeFi protocols. 

The fact that cyberattacks targeting DeFi projects have become so widespread for the last year is explained by the current state of DeFi technologies: they are still relatively new and contain a lot of vulnerabilities. According to the data provided by Crystal Blockchain specialists, more than 39% of all stolen BTC were distributed via fraudulent exchanges, the exchanges involved in exit scams, any forms of illegal behaviour, or the ones that had funds seized by the government.
Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.

    hackenproof logo

    The world trusted Bug Bounty Platform. Run custom-tailored Bug Bounty Programs to secure your business and assets.