Summary # On November 22, 2023, Heco Bridge and HTX Exchange were victims of cyberattacks, resulting in over $113.3 million in losses. The attacks appear coordinated and carried out by the same attacker based on similar exploitative techniques and the connection between the two targets. Blockchain security firms CertiK, Peckshield, and Cyvers have reported over $86.6 million in digital assets losses for Heco Bridge and $13.6 million in losses for HTX.
...
Summary # On November 19, 2023, Kronos Research, a Taipei-based cryptocurrency trading and investment firm, was targeted by a hacker who stole over $25 million from the firm’s treasury using unauthorized API keys. This breach enabled the attacker to access the company’s blockchain wallets and conduct unauthorized transactions. The attack’s impact extended beyond Kronos Research, affecting Woo X, an exchange closely affiliated with Kronos Research. As Kronos Research was a major liquidity provider for Woo X, the security incident led to a temporary suspension of certain asset pairs on Woo X due to a liquidity shortage.
...
Summary # On November 8, 2023, the Australian crypto exchange, CoinSpot, experienced an attack on two of its hot wallets, resulting in more than $2.4 million in losses due to a private key leak. The recipient of these funds exchanged them using platforms THORchain and Wan Bridge before exchanging them for Bitcoin using Uniswap and spreading them into four wallets. The Australian financial authority, AUSTRAC, is actively addressing the security breach because the amount stolen is more than $10,000.
...
Summary # On September 24, 2023, HTX, a global custodial crypto exchange, formerly Huobi Global, experienced a security breach due to a private key leak. The attacker exploited this vulnerability and extracted approximately $7.9 million worth of ETH (4,999 ETH) from the hot wallet of the exchange. After HTX identified the attacker and demanded the return of the funds, the hacker returned the stolen assets on October 7, 2023, and received a “white hat bonus” of 250 ETH, equivalent to $408,666.
...
Summary # Steadefi, a yield farming platform on Arbitrum and Avalanche, reported a loss of $1.14 million due to a compromised deployer address. The exploit allowed the attacker to assume control over the platform’s vault contracts, leading to the unauthorized borrowing of all available funds. The total value locked (TVL) in Steadefi dropped from over $2 million to almost $0 as a result. The funds were converted to approximately 625 ETH and landed in Tornado Cash.
...
Summary # On February 1, 2022, BitBNS, an Indian crypto exchange, fell victim to a hacking incident resulting in the loss of $8 million. The exploit was made possible through a vulnerability in their AWS (Amazon Web Services) cloud storage, allowing the attacker to access the exchange’s private keys and steal funds. BitBNS initially attempted to hide the breach from users by tweeting about “system maintenance in progress.” The CEO later admitted to concealing the incident, stating that the decision was made following law enforcement advice.
...
Summary # On March 24, 2019, DragonEx, a Singapore-based cryptocurrency exchange, was hacked for $7 million. The attacker gained access to one of the exchange’s hot wallets, which are used to store user funds that are available for withdrawal.
Attackers # Attackers associated with Lazarus Group gained access through a sophisticated phishing attack. More about Lazarus
ETH
DragonEx Hacker wallet: 0xa7f72Bf63EDeCa25636F0B13Ec5135296ca2eBb2 Losses # The attackers managed to steal a total of $7 million:
...
Summary # South Korean cryptocurrency exchange Coinbin, which took over the previously hacked exchange Youbit, filed for bankruptcy on February 20, 2019, following embezzlement by an employee. The employee, previously the CEO of Youbit and responsible for cryptocurrency balances at Coinbin, was accused of neglecting his duties and embezzling funds. Specifically, he allegedly appropriated the key to an Ethereum wallet and claimed the cryptographic key had been lost. In addition to these events, Youbit was previously hacked twice: in April and December 2017, losing around 4,000 Bitcoin and $35 million, respectively.
...