In the world of cryptocurrency, security is of utmost importance. However, even with the best precautions in place, hackers and scammers find ways to exploit vulnerabilities in various platforms. In the past 24 hours, several incidents have come to light, showcasing the potential dangers that can lurk in the crypto space. Let’s dive deeper into these events and investigate the details to better understand the methods employed by the hackers.
One of the most prominent hacks that occurred recently is the Libertify_ hack, which resulted in a loss of approximately 452,000 USD. The success of this exploit can be attributed to the lack of reentrancy protection within the platform. By utilizing this flaw, the hacker was able to mint more shares by repeatedly re-entering the deposit() routine. The stolen funds from the Polygon portion were subsequently bridged to Ethereum via CelerBridge, further complicating the tracing process. The hacker currently holds around 210.7 ETH in their Ethereum address.
Rodeo Finance Hack:
Another significant attack that took place is the Rodeo_Finance hack, resulting in a loss of approximately 1.53 million USD. This attack can be categorized as a “ForceInvestment” hack. The flaw resided in the Investor.earn() routine, which allowed the attacker to force a swap between USDC, WETH, and unshETH. The exploitation of a flawed unshETH price oracle further added to the success of the exploit. Currently, the hacker has swapped 285 ETH for unshETH and has bridged the funds back to Arbitrum to continue the attack.
Apart from the hacks, there have also been reports of phishing attempts aimed at stealing crypto assets. PeckShield, an industry-leading blockchain security company, detected multiple phishing attempts across different platforms. These attempts include stealing USDT on Ethereum, transferring ETH to Tornado Cash from ArcadiaFi exploiter, and the theft of several NFTs on platforms like Blur and OpenSea. These incidents serve as a reminder that users must exercise caution and stay vigilant to protect their digital assets.
In addition to the hacks and phishing attempts, CertiKSkynetAlert warns users about a fake XEN crypto airdrop being promoted on Twitter. Users are advised not to interact with the website hxxps://join-xen.com/ as it has been identified as a known phishing contract. It is essential for users to verify the authenticity of any promotions or airdrops before providing any personal or financial information.
The past 24 hours have been eventful in the crypto world, with high-profile hacks and phishing attempts occurring. These incidents highlight the ever-present risks associated with digital assets and underline the importance of robust security measures. It is crucial for individuals and platforms to constantly update and strengthen their security protocols to stay one step ahead of malicious actors. As users, it is our responsibility to exercise caution and skepticism when engaging with unknown links or promotions. Only by being proactive in safeguarding our crypto assets can we navigate this evolving landscape with greater confidence.