Cybercriminals are adding feathers to their crime nests by siphoning funds from cryptocurrency services and exchanges. Hackers have been stealing money by targeting small to big cryptocurrency trading platforms using various tricks and tactics.
A cryptographic exploit
Recently, threat actors took advantage of an engineering mistake made by decentralized finance (DeFi) service Harvest Finance and stole roughly $24 million worth of cryptocurrency assets.
- According to Harvest Finance investigation, the hackers had executed several attacks against assets inside some of the vaults, deposited into shared pools of underlying DeFi protocols (such as the Y pool on Curve.fi).
- Hackers stole $13 million worth of USD Coin (USDC) and $11 million worth of Tether (USDT). But within minutes of the attack, the hackers returned $2.5 million back to the platform without any specific reason.
Other recent attacks
Attacking cryptocurrency exchanges and its users has apparently become a common practice among hackers because a successful heist often results in a multi-million grab within seconds.
- A few days ago, hackers had launched an SS7 mobile attack to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business, all subscribers of the Partner Communications Company.
- In September, an intruder managed to drain KuCoin cryptocurrency exchange for bitcoin assets, ERC-20-based tokens, along with other types of tokens for $150 million.
- In the same month, the European crypto exchange Eterbase suffered a targeted attack and lost a whopping amount of $5 million.
In October, hackers were seen shifting a massive batch of funds from the Bitfinex hack in 2016 to unknown wallets in separate transactions. In total, these hackers have moved a total of around 8,600 Bitcoin (approx $88.6 million) to unknown wallets in 2020.
Cryptocurrency hackers are not only looting cryptocurrencies but they are also shifting funds frequently to unknown wallets to probably cash out their profits. Cryptocurrency platforms should implement automated upgradability features for new vaults for possible mitigations in the future.