SEC - Page 180

Decentralised finance (DeFi) lending platform and stablecoin issuer Seneca Protocol has fallen victim to exploitation, as stated in a Feb. 28 announcement on the protocol’s official X account.

According to a report disclosed to Cointelegraph, blockchain analytics firm CertiK has estimated the losses at $6.4 million thus far.

The Seneca team has urged users to revoke approvals for the affected contracts and has asserted that its personnel are “presently collaborating with security specialists to investigate the bug”.

Seneca Protocol is a DeFi lending application enabling users to deposit various cryptocurrencies as collateral, which can then be utilised to mint and borrow the protocol’s native stablecoin, SenecaUSD.

Blockchain data reveals that an account ending in 42DC managed to transfer approximately 1,385.23 Pendleton Kelp restaked Ether (PT Kelp rsETH) from a Seneca collateral pool by invoking the “performOperations” function.

Subsequently, this account exchanged these tokens for approximately $4 million worth of Ether (ETH) through three transactions.

Following these swaps, the account proceeded to transfer an additional 717.04 ETH derivative tokens from various collateral pools and exchanged them for ETH.

According to CertiK’s report, these transfers were maliciously executed due to a flaw in the protocol’s “performOperations” function.

The bug permits any account to invoke the function while specifying OPERATION_CALL as the action to be executed.

Consequently, the attacker gains the ability to “perform external calls to any address as the callee and callData are fully controlled by the attacker”.

READ MORE: Overdare Partners with Circle to Integrate Web3 Wallets and USDC Payouts for Gaming Creators

Hence, CertiK contends, the attacker managed to drain funds from the collateral pool not under its ownership.

Blockchain investigator Spreek also alerted users about the exploit on X, describing it as a “critical vulnerability”.

Spreek recommended that users should revoke approvals for the addresses used in the exploit.

According to security researcher ddimitrov22, Seneca suffers from an additional vulnerability preventing developers from pausing the Seneca contracts, as the pause and unpause functions within them are labelled as “internal”, rendering them inaccessible.

In their acknowledgment of the attack, the development team stated that they are currently conducting an investigation and will provide an update “shortly”.

Hacks and exploits continue to pose threats to Web3 users in 2024.

On Feb. 23, Axie Infinity co-founder Jeff “Jihoz” Zirlin lost $9.7 million due to a hack of his personal wallets. Concurrently, on the same day, DeFi protocol Blueberry was exploited for 457 ETH.

Read the latest crypto news today

The cryptocurrency industry continues to grapple with cybercrimes, with darknet markets standing out as one of the two sectors experiencing a surge in revenue in 2023, as per the latest findings from blockchain analysis firm Chainalysis.

Released on February 29, the Chainalysis “2024 Crypto Crime Report” unveils that darknet marketplaces amassed a minimum revenue of $1.7 billion in 2023.

This marks a recovery from the data of 2022, when authorities dismantled Hydra, the world’s largest darknet marketplace.

Although no single marketplace has replaced Hydra, the report highlights the emergence of smaller marketplaces catering to specific niches and adopting more “specialised roles.”

Mega Darknet Market leads the pack with over $500 billion in crypto inflows.

Nevertheless, the revenue from darknet markets hasn’t yet reached the peak levels observed during the reign of Hydra.

The report forecasts ongoing scrutiny and crackdowns by law enforcement agencies, particularly due to the availability of fentanyl products on many of these platforms.

Eric Jardine, cybercrime research lead at Chainalysis, noted that the phenomenon of “niche darknet marketplaces” vying for market share isn’t new and mirrors trends seen after the closures of platforms like the Silk Road and AlphaBay.

READ MORE: Bitcoin Scaling Tokens and BRC-20 Coins Surge, Outpacing Crypto Markets

In addition to the rise in darknet market revenue, 2023 witnessed a doubling of crypto-linked sanctions by the United States Office of Foreign Assets Control (OFAC), totalling 18 sanctions on individuals or entities, all with cryptocurrency addresses tied to them.

Such inflows to sanctioned entities and regions constituted 61.5% of all illicit transaction volume, amounting to $14.9 billion in 2023.

Moreover, the report indicates a shift in crypto-linked OFAC sanctions towards individual actors and groups, moving away from major darknet markets like Garantex and Hydra, as well as mixers like Tornado Cash.

However, amidst these concerning trends, there are some positive indicators. Revenue from crypto-based scams experienced a year-over-year decline, dropping to $4.6 billion in 2023 from $5.9 billion in the previous year.

Nonetheless, new types of scams emerged, including romance scams, which more than doubled in revenue year-over-year, showing an 85-fold increase since 2020.

Jardine highlighted the rising prevalence of romance scams, attributing it to their effectiveness in exploiting victims’ trust over extended periods.

He underscored the importance of vigilance in online interactions and advocated for a collaborative effort among public and private sector entities, as well as individuals, to create a safer digital environment.

Read the latest crypto news today

The token representing the layer-1 blockchain Shido plummeted by as much as 94% in a mere 30 minutes subsequent to falling victim to an exploit on its Ethereum-based staking contract.

Blockchain security firm PeckShield alerted its audience to the plunge in a post dated Feb. 29 X.

In a subsequent post, it elucidated that an exploiter had succeeded in transferring the blockchain’s Ethereum staking contract to another address, following which the new owner upgraded the contract with a concealed function to withdraw staked tokens.

According to CoinGecko data, PeckShield disclosed that the attacker had withdrawn over 4.3 billion Shido tokens, equating to nearly half of the circulating token supply, which was approximately 9 billion tokens.

Before the price downturn, the value of these tokens stood at approximately $35 million.

In another post, the pseudonymous on-chain researcher ZachXBT revealed that they had identified the exploiter’s address, which had been funded through cryptocurrency initially bridged from the cross-chain protocol Layerswap and subsequently from the Arbitrum blockchain.

ZachXBT claimed to have uncovered the true identity of the wallet owner who funded the exploiter but suggested that they too had fallen victim to hacking, as “their assets were suddenly transferred before funding the exploiter.”

Several hours after the incident commenced, the Shido team issued an official statement asserting that they had neutralised any further threats against Shido.

READ MORE: ENS Resolves Dispute Over eth.link Domain with $300,000 Settlement

The protocol also stated that they had initiated an investigation and urged the hacker to engage in negotiation regarding a bounty.

Shido also assured users who staked their tokens that their assets would be returned.

Shido, a layer-1 proof-of-stake blockchain that is yet to launch its mainnet, announced its impending mainnet launch in a post dated Feb. 24 X.

SHIDO, an Ethereum-based ERC-20 token, allowed staking on the project’s connected decentralized exchange (DEX) to earn an 8% annual yield, according to its website.

Shido did not provide an immediate response to a request for comment regarding the contract exploit.

According to PeckShield, last year witnessed over 600 crypto-related hacks resulting in $2.1 billion in losses, marking a nearly 30% decrease from 2022.

Up until January of this year, there had been 30 attacks resulting in $182.5 million lost.

February also seemed to conclude as a significant month for exploiters, with $290 million stolen from PlayDapp, alongside several million dollars’ worth of crypto stolen in various wallet breaches and phishing scams.

Read the latest crypto news today

Hong Kong, as of February 29, has ceased accepting license applications from cryptocurrency exchanges and will imminently mandate that all non-compliant trading platforms shutter their operations within the local jurisdiction.

The Securities and Futures Commission (SFC) of Hong Kong has underscored that cryptocurrency exchanges within the region failing to submit license applications must conclude their business affairs by May 31, 2024.

The SFC of Hong Kong has also advised investors utilising virtual asset trading platforms to “make preparations early” and transition to entities that have either acquired operating licenses or have initiated the application process.

Formal licensure has been granted to two cryptocurrency trading operators in Hong Kong: OSL Digital Securities on December 15, 2020, and HashKey Exchange on November 9, 2022.

The regulatory body received license applications from 22 cryptocurrency trading platforms, encompassing four exchanges that had applied under the SFC’s preceding opt-in regime for such platforms.

Moreover, four other exchanges—Huobi HK, Meex, BitHarbour, and Ammbr—initially pursued licensure but subsequently either withdrew their applications or had them returned.

The SFC will maintain a publicly accessible list of cryptocurrency platforms slated for mandated closure by law, aimed at informing citizens of associated risks.

READ MORE: Hacker Moves Millions in Digital Assets from KyberSwap

Throughout the winding-down phase, Hong Kong will curtail the operational capacities of these exchanges and enforce cessation of all marketing endeavours within the region.

The SFC of Hong Kong will also publish a roster of cryptocurrency exchanges deemed licensed as of June 1, 2024. Nonetheless, it will not assure licensure for all entities mentioned.

Upon securing licensure from the SFC of Hong Kong, cryptocurrency exchanges will be permitted to onboard retail investors for trading Bitcoin and Ether.

Various altcoins and stablecoins are presently under SFC review for trading approval.

Recent developments have seen Hong Kong-based cryptocurrency exchange BitForex become unresponsive subsequent to suspending withdrawals for a minimum of three days.

The exchange’s X account has remained stagnant since May 2023.

Users on its official Telegram channel have reported a spectrum of issues, ranging from inability to access their accounts to asset dashboards failing to display.

Multiple users have encountered a pop-up screen indicating they are blocked from accessing the company’s website. An internal investigation by Cointelegraph replicated this issue.

Read the latest crypto news today