Risk Review: Weekly hack update [03/11/2023]
It's been a busy week for hacks in the crypto realm. This week's update gives you a breakdown of everything you should know. We explore the methods employed by cybercriminals and shed light on the measures being taken to mitigate the impact of these hacks.
$182K returned by Astrid Finance exploiter after negotiation
An exploiter returned 80% of the $227,000 stolen from Astrid Finance from an attack on 28 October following a withdraw function argument manipulation. Using an on-chain message the following day after the attack, Astrid convinced the hacker by offering him 20% of the funds and returning the rest with the threat of taking legal action if not received by 31 October. Astrid stated that they have refunded stolen funds and the rest will be transferred to a multi-signature wallet to help audit and develop Astrid’s smart contracts following the hack.
$1.41 Billion of crypto has been stolen in 2023 so far
Since the start of this year, crypto hackers have stolen $1,410,669,002 worth of coins, with 292 incidents being recorded. It was also a big month for crypto hacks in October where just over $22 million worth of cryptocurrency was lost. Specifically, reports identified that 45.8% of stolen crypto was on the BNB Chain and 37.5% on Ethereum.
$4.4 million losses for LastPass hack victims
At least 25 LastPass users were the target of an attack leading to losses of $4.4 million. Taylor Monahan, a developer of ZachXBT and MetaMask reported. at least 80 crypto wallets were compromised after a breach of LastPass’s cloud storage service last year. Amongst the crypto being stolen were Bitcoin, Ethereum, BNB, Arbitrum, Solana and Polygon blockchains.
Lazarus strikes again with ‘Kandykorn’ malware attempt
A new form of malware, named ‘KandyKorn’, used by the Lazarus group attempted to compromise a crypto exchange. Supposedly, people from the Lazarus group acted as blockchain engineers and targeted engineers on Discord from an unnamed crypto exchange. Hackers prompted the engineers to download a “bot” that hackers claimed could help profit from discrepancies between crypto prices on different exchanges.