Cryptocurrency Opinion and Analysis

DeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijack

2024.08.26 13:18

Voiced by Amazon PollyVoiced by Amazon Polly

Crypto scams, hacks and exploits and how to avoid them: Crypto-Sec

Phish of the Week: DeFi Saver user loses $55 million in DAI

A user of decentralized finance management protocol DeFi Saver suffered an unusual style of phishing attack on Aug. 21. According to an X post from blockchain security firm Global Ledger, the attacker tricked the user into reassigning ownership of their DeFi Saver Proxy contract.

The victim reportedly attempted to perform a transaction soon afterward, but it failed. The attacker then changed ownership again and drained the smart contract wallet of all of its Dai (DAI) stablecoin, removing over $55 million worth in total.

Global Ledger post to X about DeFi Saver phishing attackGlobal Ledger post to X about DeFi Saver phishing attack(Global Ledger)

Blockchain data shows that the DAI came from the null address rather than from the victim’s address, implying that the attacker must have minted the DAI using the victim’s collateral instead of directly draining it from the victim’s account. 

The victim’s smart contract wallet is labeled “DSProxy #166,776” on Etherscan. On Aug. 20, the account owner called the “Set Owner” function and listed a malicious phishing account as the new owner. The owner was likely tricked by a malicious web app into approving this transaction. It was a costly mistake, as the victim is now $55 million poorer.

DeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijackDeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijack
DeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijackDeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijack

Web3 users should consider carefully inspecting contract addresses before approving transactions. Many protocols list their official contract addresses in their documents, and users can check these addresses to make sure the one they are about to interact with is listed there. This can often save users from losing funds due to phishing attacks, although no security method is 100% foolproof.

DeFi exploits: iVest announces shutdown after $156K lost

Decentralized finance (DeFi) protocol iVestDAO announced that it will not be able to reopen after suffering from a $156,000 exploit. The protocol had previously stated that it would compensate investors and reopen at a later date. However, the iVest’s Telegram admin told Cointelegraph on Aug. 15 that it is shutting down.

“Unfortunately, we are not able to continue operations and are shutting down the project and refunding our holders out of our own pockets,” the admin stated, calling this development “a tragic event.”

In a public statement on the protocol’s website, iVest claimed that the team is “refunding our holders out of our own pockets.” However, the totality of funds “is not recoverable and there is no method to replace it back to 100% with the personal funds available to the team.”

The team stated that it was “hurt and defeated,” but would “pick up the pieces and move on with our lives.”

iVest was exploited via a ‘null address’ donation attack on Aug. 12.

Malware Corner: Copy2pwn bypasses Windows Smart Screen

A new exploit, called “copy2pwn,” is being used by malware operators to bypass protections in the Windows Smart Screen program, according to a report from SecurityWeek. The vulnerability has been patched in the latest version of Windows, but some devices may not have been updated yet and may still be at risk.

The exploit could potentially be used to install malware, leading to the loss of private keys in software wallets.

Read also

Features

Tornado Cash 2.0: The race to build safe and legal coin mixers

Features

Lazarus Group’s favorite exploit revealed — Crypto hacks analysis

Copy2pwn was disclosed in CVE-2024-38213 and reportedly discovered by Trend Micro’s Zero Day Initiative. It utilizes the Web-based Distributed Authoring and Versioning (WebDAV) protocol in Windows, which is intended to make it easier for users to share and edit web-based content.

However, cybercriminals discovered that the content hosted on WebDAV shares was failing to gain a Mark of the Web flag, allowing it to bypass Smart Screen protections.

According to the report, malware operators have been using copy2pwn to install DarkGate on users’ devices. DarkGate is a sophisticated malware program that is difficult to detect and efficient at stealing data, according to cybersecurity firm Socradar.

Crypto users who rely on Windows Smart Screen for malware protection should consider upgrading to the latest version of Windows as soon as possible.

Clipboard hijacking hits hackathon participant

Porter Adams, software engineer for ZKsync network developer Matter Labs, ran across crypto-stealing malware in an unusual place on Aug. 25; on the PC of a fellow hackathon participant.

Adams posted a video of the reported incident on X.

Porter Adams post to X about clipboard hijacking malwarePorter Adams post to X about clipboard hijacking malwareSource: Porter Adams.

The participant was attempting to send Ether (ETH) on the Sepolia test network to a particular address. However, Adams discovered that the person’s device was infected with clipboard-hijacking software.

Whenever the user attempted to copy and paste a crypto address, the malware would paste its developer’s address instead, causing the user to send crypto to the wrong address and lose it forever.

Luckily, the participants were using a testnet with ETH that had no real value. But had the participant gone home and made real crypto transactions with this device, they could have easily lost all of their funds. “I saved a hackathon participant from malware today,” Adams stated in his post.

When cutting and pasting addresses, crypto users are advised to check the address pasted to make sure it is the same as the one they intended to copy. If it turns out to be a different address, the device may be infected.

Subscribe

The most engaging reads in blockchain. Delivered once a
week.

Subscribe to Magazine by Cointelegraph Newsletter.Subscribe to Magazine by Cointelegraph Newsletter.

DeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijackDeFi Saver ownership phish, iVest shuts down after attack, plus hackathon clipboard hijack

Christopher Roark

Some say he’s a white hat hacker who lives in the black mining hills of Dakota and pretends to be a children’s crossing guard to throw the NSA off the scent. All we know is that Christopher Roark has a pathological desire to hunt down scammers and hackers.

Source link

Related Articles

Back to top button
bitcoin
Bitcoin (BTC) $ 98,002.26 0.05%
ethereum
Ethereum (ETH) $ 3,434.04 1.58%
tether
Tether (USDT) $ 0.998806 0.03%
xrp
XRP (XRP) $ 2.24 2.38%
bnb
BNB (BNB) $ 705.48 0.27%
solana
Solana (SOL) $ 194.08 2.48%
dogecoin
Dogecoin (DOGE) $ 0.324475 2.57%
usd-coin
USDC (USDC) $ 0.999201 0.11%
staked-ether
Lido Staked Ether (STETH) $ 3,429.46 1.54%
cardano
Cardano (ADA) $ 0.89057 3.68%
tron
TRON (TRX) $ 0.254315 1.07%
avalanche-2
Avalanche (AVAX) $ 39.04 5.21%
the-open-network
Toncoin (TON) $ 5.85 0.38%
chainlink
Chainlink (LINK) $ 23.56 5.41%
wrapped-steth
Wrapped stETH (WSTETH) $ 4,078.60 1.53%
shiba-inu
Shiba Inu (SHIB) $ 0.000022 3.72%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 98,035.27 0.37%
sui
Sui (SUI) $ 4.38 4.23%
hedera-hashgraph
Hedera (HBAR) $ 0.305399 1.72%
stellar
Stellar (XLM) $ 0.371175 4.45%
polkadot
Polkadot (DOT) $ 7.21 3.10%
weth
WETH (WETH) $ 3,434.35 1.60%
bitcoin-cash
Bitcoin Cash (BCH) $ 452.56 2.48%
hyperliquid
Hyperliquid (HYPE) $ 26.21 11.24%
bitget-token
Bitget Token (BGB) $ 6.31 17.33%
leo-token
LEO Token (LEO) $ 9.46 0.77%
litecoin
Litecoin (LTC) $ 106.56 1.74%
uniswap
Uniswap (UNI) $ 13.23 6.64%
pepe
Pepe (PEPE) $ 0.000018 5.61%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,623.67 1.54%
near
NEAR Protocol (NEAR) $ 5.25 5.42%
ethena-usde
Ethena USDe (USDE) $ 0.997516 0.09%
usds
USDS (USDS) $ 0.99839 0.20%
aave
Aave (AAVE) $ 349.48 7.31%
internet-computer
Internet Computer (ICP) $ 10.71 6.18%
aptos
Aptos (APT) $ 9.21 5.69%
crypto-com-chain
Cronos (CRO) $ 0.154334 4.08%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.497196 4.36%
mantle
Mantle (MNT) $ 1.20 2.64%
ethereum-classic
Ethereum Classic (ETC) $ 26.58 3.63%
vechain
VeChain (VET) $ 0.049297 5.75%
render-token
Render (RENDER) $ 7.30 5.82%
whitebit
WhiteBIT Coin (WBT) $ 24.71 0.41%
bittensor
Bittensor (TAO) $ 481.89 4.14%
monero
Monero (XMR) $ 192.41 1.67%
mantra-dao
MANTRA (OM) $ 3.69 2.25%
dai
Dai (DAI) $ 0.999427 0.07%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.30 4.71%
arbitrum
Arbitrum (ARB) $ 0.773449 4.38%
filecoin
Filecoin (FIL) $ 5.11 4.87%