The crypto world is a dynamic and rapidly evolving landscape, but unfortunately, it attracts the attention of hackers and exploiters. In the past 24 hours, several incidents have come to light involving the exploitation and theft of significant amounts of digital assets. In this article, we will delve into the details of these attacks and explore how they were carried out.
1. EraLend Exploited through Price Manipulation Attack:
One of the most significant incidents involves EraLend, which experienced a flash loan exploit resulting in an attacker gaining approximately $2.7 million. The attacker initiated a flash loan of 14,080,109 USDC and 7,566 ETH, using the funds to manipulate the price oracle and borrow more assets than intended. This was made possible due to a reentrancy vulnerability in the system, which the attacker exploited.
The stolen funds were then transferred to the address SyncSwapVault (0x62142…), which appears to be a deposit. To cover their tracks, the attacker bridged the stolen funds to wallets on Ethereum, Arbitrum, and Optimism.
2. Exploitation of spreekaway and Era_Lend on zkSync:
In another incident, a community contributor reported that spreekaway alerted Era_Lend being exploited on zkSync, resulting in the loss of approximately $1.7 million in USDC. The specific details of how this exploit occurred are not available at this time, but it is alarming to see the vulnerability of platforms and the ease with which attackers can exploit them.
3. FLARE Token Exploiter Bridging Funds to Tornado Cash:
A Twitter user under the handle @PeckShieldAlert highlighted an incident where an exploiter bridged 500 ETH (worth approximately $1 million) from Ethereum to BNBChain. The attacker then swapped the ETH for around 5,000 BNB and transferred them to Tornado Cash, a privacy-oriented platform. Using such platforms makes it difficult to trace and recover the stolen funds, adding an extra layer of complexity to these hacking incidents.
4. Alphapo Hot Wallet Drainer on TRON Exploits Transfers to CEXs:
The Alphapo hot wallet drainer on the TRON blockchain has made headlines after transferring approximately 58 million TRX (worth around $4.7 million) out of their control. Additionally, the attacker sent some of the stolen funds to centralized exchanges such as Bitget and Bybit, likely with the intention of cashing out. The transfer of funds to CEXs emphasizes the need for strengthened security measures on such platforms.
5. Phishing Incident Involving NFTs on Blur:
Moving beyond the traditional avenues of attack, a phishing incident related to NFTs has occurred on the Blur platform. The accounts with the identifiers #4177 and #9137 were stolen by a user known as #Fake_Phishing182232, as confirmed by transactions on the Ethereum blockchain. These incidents highlight the importance of remaining vigilant and adopting robust security practices, including two-factor authentication, to protect one’s digital assets.
The past 24 hours have witnessed several alarming incidents in the crypto world, where attackers have exploited vulnerabilities and stolen substantial sums of money and digital assets. These incidents serve as a reminder of the importance of continued diligence, robust security measures, and the need to stay up-to-date with the latest developments in the crypto space. As the industry continues to evolve, it is crucial for users, platforms, and developers to work together to ensure the safety and security of digital assets.