August has been a big month for hacks as one of the biggest in cryptocurrency history was pulled off on the Poly Network, with strange results.
Cyberangrebet mod Poly-netværk har skabt overskrifter med adskillige bizarre drejninger og hovedkradsende drejninger. Man kan forestille sig, at det er lettere at plyndre cryptocurrency-børser end at røve en bank.
High-stakes cryptocurrency thefts are seemingly on the rise. However, it is essential to point out that these decentralized technologies are still evolving since their inception. Like with any system, when vulnerabilities are discovered, they’re fixed.
The Poly Network saga
The Poly Network was undoubtedly this month’s biggest hacker scandal.
Hackeren fandt en sårbarhed i de digitale kontrakter. Disse er, hvad Poly Network bruger til at flytte kryptoaktiver mellem forskellige kæder. Herigennem fandt de vej ind.
De fortsatte derefter med at udføre et monumentalt krypto-tyveri på tværs af tre kæder. Ethereum, Binance og Polygon Network blev alle ramt. De drænede over $600 millioner fra den decentraliserede finans (Defi) platform.
What’s more, the attacker maintained a public presence during this attack. They even went so far as to publish a Q&A som hævdede, at angrebet var "for sjov".
However, their actual motives for robbing the money are not clear. This is because their justifications are rather contradictory and confusing to follow. In their Q&A, they allege that they took the tokens “to keep it safe.”
They alleged that they took the money to prevent any insiders in the Poly Network from finding the vulnerability. However, instead of fixing it, they decided to take the money instead.
De lod til at gøre det til deres ansvar at bekymre sig om sårbarheden. De fokuserede derefter deres opmærksomhed på at røve Defi platform ved at forsøge at finde den bedste måde at hvidvaske pengene ubemærket.
However, the attacker made noisy transactions under the watchful eye of the crypto community. These were observed on the public blockchain. They even purchased a Cryptopunk NFT for 42,000 ETC, a figure that is worth over $180 million.
An unusual hacker move
What’s strange is that they eventually returned $550 million of the stolen money. The hacker pocketed the other half for a time, despite attempting to explain that the intrusion was carried out with good intentions.
I en Twitter tråd, Poly Network said, “We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses … We will take legal actions, and we urge the hackers to return the assets.”
Tether, som driver stablecoin USDT, svarede til opfordringen til at blackliste de adresser, der bruges af angriberen.
Da dette skete, leverede en anden kryptovaluta-bruger ved navn Hanashiro en blank Ethereum-transaktion til angriberen med råd om at hjælpe hackeren med at manøvrere rundt i det skiftende landskab og sige, "brug ikke dit USDT-token, du er blevet [sic] sortlistet."
The intruder responded to Hanashiro half an hour later, sending 13.37 ETH worth around $57,000 as a token of gratitude. Hanishiro then sent some of the funds to charity organizations.
Fællesskabsmedlemmer støtter hacker
Word of this payment got around and spread like wildfire. This ignited into a “gold rush” on the Ethereum network.
Would-be accomplices started messaging the account used by the attacker, offering them advice on how to launder the money to pleas for charity contributions.
Poly-netværk erklærede at de ville forfølge retssager mod angriberen og sige, at "lovhåndhævelse i ethvert land vil betragte dette som en stor økonomisk forbrydelse, og du vil blive forfulgt."
Da situationen eskalerede på grund af ikke-returnerede midler, blev Poly Network derefter tilbød den ubudne gæst $500,000 for at opdage sårbarheden.
The hacker turned them down. After all, they were holding close to half a billion dollars in stolen assets.
Et sted i mellem, hvor Poly Network opfordrede hackeren til at returnere pengene, og de til sidst blev returneret, tilbød Poly Network den ubudne gæst et job som deres nye chef Sikkerhed Rådgiver, hvilket også blev afvist.
"Efter at have kommunikeret med Mr. White Hat er vi også nået til en mere fuldstændig forståelse af, hvordan situationen udviklede sig såvel som Mr. White Hats oprindelige intention," rapporterede Poly Network i en erklæring, hvor de refererer til den ubudne gæst ved denne moniker.
Tracking the hacks
This isn’t the end of the story, however. SlowMist, the blockchain ecosystem security company, were able to successfully untangle the thread leading back to the hacker.
They did so by unmasking their mailbox, IP address, and device fingerprint using on-chain and off-chain tracking.
Med den tekniske hjælp fra SlowMists partner Hoo Tiger Symbol, sammen med flere deltagende udvekslinger, var SlowMist-sikkerhedsteamet i stand til at konstatere, at angriberens oprindelige kryptokilde varMonero (XMR).
They then transferred the funds to BNB, ETH, and MATIC on the exchange. Following this, they withdrew funds to several addresses and then launched hacks on three exchanges.
The flurry of activities on the blockchain made it easier to track them. However, they concluded that this attacker thoroughly researched, planned, and organized the hack before it was executed.
More hacks, different victim
Den næste begivenhed, der udspillede sig i denne saga, kom fra Fetch.ai, et kunstig intelligens-laboratorium beliggende i Cambridge, som anmodet at Binance arbejder på at identificere og spore hackerens bevægelser, efter at hackeren brød deres cryptocurrency-konti den 6. juni.
The network restricted the attacker’s accounts. Thus preventing them from withdrawing assets. Consequently, the attacker reportedly sold these funds to a third party within an hour.
Fetch.ai requested Binance put a hold on the intruder’s accounts on the exchange. To compound the issue further, a Supreme Court granted the requests so that the incident could be fully investigated and resolved through legal channels.
Reports indicate that Binance will comply with the court orders. Nevertheless, they will not be able to seek a recovery order until they provide evidence demonstrating that they have been victims in this matter.
“We need to dispel the myth that cryptoassets are anonymous. The reality is that with the right rules and applications, they can be tracked, traced, and recovered,” said Syedur Rahman, who is a partner at Rahman Ravelli representing Fetch.ai.
Binance var allerede under beskydning som finansielle institutioner rundt om i verden har gransket børsen. Det Forenede Kongerige har sammen med flere andre lande udstedt formaninger om at bruge udvekslingen. I mellemtiden har andre gennemført forbud helt.
Japanese Liquid Crypto breached
Poly Network var ikke den eneste sikkerhedshændelse i august. Flydende krypto. Trusselaktører angreb også en japansk kryptobørs med base i Tokyo. De udlodde 97 millioner dollars i kryptovalutaer bestående af BTC, ETH, TRX ogXRP. Hackerne var rettet mod hot wallets.
Liquid Crypto svarede af siger det flytter midlertidigt alle aktiver offline til punge med kølerum. Desuden suspenderede de alle transaktionstjenester.
The exchange reported that they are “currently tracing the movement of the assets and working with other exchanges to freeze and recover funds.”
Ifølge et blogindlæg har virksomheden forklarede at hackeren målrettede en Multi-Party Computation pung (MPC). MPC'er bruges til at opbevare og administrere kryptovalutaer i Singapores datterselskab, QUOINE PTE. Liquid Crypto tilbød dog ikke en erklæring, der forklarer, hvordan ubudne gæster var i stand til at bryde ind.
“We are currently investigating and will provide regular updates. In the meantime, deposits and withdrawals will be suspended,” said the exchange in a tweet.
Additionally, Liquid Crypto tweets show the cryptocurrency addresses that were used by the hackers to exfiltrate the stolen assets.
Bug bounties could offer solution to hacks
In a recent blog post, the Poly Network said it would launch a $500,000 bug bounty program. This will welcome researchers and hackers to discover and report any vulnerabilities in its software.
Ifølge bug bounty notering on Immunefi, the maximum bounty payout is $100,000. With attractive incentives from collaborations with positive actors in the cybersecurity field, this could be viewed as an extra layer of asset protection.
Keeping bad actors behind in the race to find exploitable holes is undoubtedly key when it comes to working out the kinks. Who finds them first is another matter.
A bug bounty program is a crowdsourcing initiative. It compensates individuals who find and report software vulnerabilities which can be performed through code audits and penetration testing.
This allows companies and members of the cybersecurity industry to find solutions before threat actors discover them to use for their own advantage.
Ansvarsfraskrivelse
Alle oplysninger på vores websted offentliggøres i god tro og kun til generelle informationsformål. Enhver handling, som læseren foretager sig på oplysningerne på vores websted, er strengt på deres egen risiko.
Source: https://beincrypto.com/bug-bounties-a-possible-solution-to-cryptocurrency-exchange-hacks/