Bug Bounties a possible solution to cryptocurrency exchange hacks

Bug Bounties a possible solution to cryptocurrency exchange hacks

August was a great month for hacks, as one of the biggest in cryptocurrency history took place on the Poly Network, with strange results.

cyberattack on the Poly network made headlines with several strange twists and turns. One could imagine that looting cryptocurrency exchanges is easier than robbing a bank.

High-risk crypto thefts are apparently on the rise. However, it is essential to note that these decentralized technologies continue to evolve since their inception. As with any system, when vulnerabilities are discovered, they are fixed.

Poly Network saga

Poly Network was arguably the biggest hacker scandal of this month.

hacker found a vulnerability in digital contracts. se are what Poly Network uses to move crypto assets between multiple chains. Through this, they found their way.

y then proceeded to land a monumental crypto heist across three chains. Ethereum, Binance, and Polygon Network were affected. y drained more than $ 600 million from the decentralized financial platform (DeFi).

Furthermore, the attacker maintained a public presence during this attack. y even went so far as to publish a question and answer who claimed that the attack was “for fun.”

However, his true motives for stealing money are unclear. This is why their justifications are quite contradictory and confusing to follow. In their question and answer session, they claim that they took the tokens “to keep him safe.”

y claimed they took the money to prevent any Poly Network member from finding the vulnerability. However, instead of fixing it, they decided to take the money.

It seemed like it was his responsibility to worry about vulnerability. y then turned their attention to stealing the DeFi platform trying to find the best way to launder money without being noticed.

However, the attacker made noisy transactions under the watchful eye of the crypto community. se have been observed on the public blockchain. y even bought a Cryptopunk NFT for 42,000 EXC, which is over $ 180 million.

An unusual hacker move

strange thing is that they finally returned $ 550 million of the stolen money. hacker kept the other half for a time, despite trying to explain that the intrusion was carried out with good intentions.

In a Discussion by, Poly Network said: “We ask miners from affected blockchain and crypto exchanges to blacklist tokens from above addresses … We will take legal action and urge hackers to return assets.”

Also Read 9 & 14 Year Old Bitcoin, ETH, RVN Miners “Earn $ 30,000 a Month”

Tether, which operates the USDT stablecoin, he answered the call to the blacklist of addresses used by the attacker.

While this was going on, another cryptocurrency user named Hanashiro delivered an empty Ethereum transaction to the attacker with tips to help him maneuver through the changing landscape, saying ‘don’t use your USDT token, you have [sic] blacklisted’.

intruder responded to Hanashiro half an hour later, sending 13.37 ETH worth approximately $ 57,000 as a token of gratitude. Hanishiro then sent part of the funds to charities.

rumor of this payment has spread and spread like wildfire. This triggered a “gold rush” on the Ethereum network.

Potential accomplices began texting the attacker’s account, offering advice on how to launder money for charitable contributions.

Poli Network has stated that they would take legal action against the attacker, claiming that “law enforcement agencies in any country will consider this a serious financial crime and you will be prosecuted.”

As the situation worsened due to non-payment of funds, Poly Network offered the intruder $ 500,000 to discover the vulnerability.

hacker rejected them. After all, they had close to $ 500 million in stolen assets.

Somewhere in between Poly Network urging the hacker to return the money and eventually pay it back, Poly Network offered the intruder a job as the new Chief Security Advisor, which was also turned down.

“After contacting Mr. White Hat, we also came to a fuller understanding of how the situation unfolded and Mr. White Hat’s original intent,” Poly Network reported in a statement, referring to the intruder by this nickname. .

Hack tracking

However, this is not the end of the story. SlowMist, the blockchain ecosystem security company, was able to successfully unravel the thread leading to the hacker.

y did this by unmasking their inbox, IP address, and device fingerprint through on-chain and off-chain monitoring.

With technical assistance from SlowMist partner Hoo Tiger Symbol, along with multiple participating exchanges, SlowMist’s security team was able to determine that the attacker’s initial encryption source was Monero (XMR).

y then transferred the funds to BNB, ETH, and MATIC on the exchange. n they withdrew funds in different directions and then hacked three exchanges.

flurry of activity on the blockchain has made them easier to track. However, they concluded that this attacker thoroughly investigated, planned and organized the attack before it was executed.

Also Read Best Crypto Airdrops To Watch In August 2021

More hacks, more victims

next event to take place in this saga came from Fetch.ai, an artificial intelligence lab located in Cambridge, which asked Binance to work on identifying and tracking the hacker’s movements after the hacker breached its cryptocurrency account on June 6.

network has restricted the attacker’s accounts. Preventing them from withdrawing assets. As a result, the attacker sold these funds to a third party within an hour.

Fetch.ai asked Binance to suspend the intruder’s accounts on the exchange. To further aggravate the matter, a Supreme Court accepted the requests so that the incident could be thoroughly investigated and resolved through legal channels.

Reports indicate that Binance will comply with court orders. However, they will not be able to apply for a recovery order until they present evidence that they have been a victim of this matter.

“We need to dispel the myth that cryptocurrencies are anonymous. reality is that with the right rules and applications, they can be traced, traced and retrieved, ”said Syedur Rahman, a Rahman Ravelli partner representing Fetch.ai.

Binance was already under attack when financial institutions around the world were investigating the exchange. UK, along with several other countries, has issued warnings about the use of the exchange. Meanwhile, others have fully implemented the bans.

Japanese liquid crypto breached

Poly Network was not the only security incident in August. Liquid cryptography. Threat actors also targeted a Tokyo-based Japanese cryptocurrency exchange. y funneled $ 97 million in cryptocurrencies consisting of BTC, ETH, TRX, and XRP. Hackers have targeted hot wallets.

Liquid Crypto responded by saying that it is temporarily moving all assets offline to cold storage wallets. In addition, they have suspended all transactional services.

exchange reported that they are “tracking asset movement and working with other exchanges to freeze and recover funds.”

According to a blog post, the company explained that the hacker targeted a multi-party computing (MPC) portfolio. MPCs are used for the storage and management of cryptocurrencies of the Singapore branch, QUOINE PTE. However, Liquid Crypto did not offer a statement explaining how the intruders managed to enter.

“We are currently investigating and will provide regular updates. In the meantime, deposits and withdrawals will be suspended, ”said the exchange in a tweet.

Additionally, Liquid Crypto’s tweets show cryptocurrency addresses used by hackers to exfiltrate stolen assets.

Bonus errors can offer a solution to hacks

In a recent blog post, Poly Network said it will launch a $ 500,000 bug bounty program. This will welcome researchers and hackers to discover and report any vulnerabilities in your software.

Read also America’s first Bitcoin ETF wants to remove trade restrictions

According to the Overimmune bug bounty list, the maximum payout for the bounty is $ 100,000. With attractive incentives from partnerships with positive cybersecurity actors, this could be seen as an additional layer of asset protection.

Keeping the bad actors in the race to find exploitable holes is undoubtedly the key to solving problems. Who finds them first is something else.

A bug bounty program is a crowdsourcing initiative. Reward people who find and report software vulnerabilities that can be done through code audits and penetration testing.

This enables companies and members of the cybersecurity industry to find solutions before threat actors discover them and use them to their advantage.


All information on our website is published in good faith and for general information purposes only. Any action taken by the reader on the information found on our website is strictly at your own risk.

Source link


Related Posts

© 2024 Cryptocoin Budisma.net