It was a volatile week for the crypto industry, where several big-name platforms were hit by hackers stealing millions. Cybercriminals have escalated their activity from hacking into DeFi protocols to stealing users’ credentials on Discord servers.
A staggering $42.7 million worth of Ether was moved through the Tornado Cash, which may raise questions about the security of blockchains. The most prominent of these were the Penpie exploit which by themselves resulted in the loss of $27 million as loopholes within the platform’s reward system were used by hackers.
Penpie Exploited, $27 million lost by investors
The attackers stole $27 million from the Penpie platform. The hack entailed an exploit on a bug that existed in Penpie’s reward system to siphon off funds from the system. The attacker was able to switch the stolen funds into Tornado Cash, a cryptocurrency-tumbling service that nearly makes tracking transactions impossible.
In the wake of the hack, Penpie has started processes to regain the lost funds, but the use of Tornado Cash makes it difficult to trace and recover such items.
ChainLink Discord Hack –Phishing Threat
On the same day, ChainLink’s official Discord server was hacked. People took to cyber vandalism, sharing phishing links to get users to reveal their passwords. No actual monetary losses have been claimed, but users have been advised not to click on any link until a decision is reached.
Pythia Staking Contract exploited to the tune of $53k
Decentralized algorithmic stablecoin protocol, Pythia was breached, and hackers stole 21 ETH, equivalent to $53,000. This hack was a result of a weakness in the platform’s staking contract.
Sei Discord Compromise – Phishing Alert
Sei’s official Discord server was compromised, and hackers posted phishing links to the users. While no monetary losses were reported after the breach of this channel, it demonstrated the potential danger the users experienced when directly engaging with the affected channels.
Tornado Cash Money Laundering – $42.7M Processed
In total, three big hackers used Tornado Cash to launder 17,800 ETH ($42. 7M) over the last three days. It is the anonymity that Tornado Cash has, which has been in use for a long time now by hackers to clean their stolen digital currency.
– Penpie Exploiter: The largest contributor is the Penpie hack, which contributed 9,600 ETH, 23 million USD.
– WazirX Exploiter: The hacker deposited 7,200 ETH, equal to $17. 3M from the Indian-based WazirX exchange.
– Fenbushi Capital Exploiter: The attacker who pulled out $42M from the account of Bo Shen, the founder of Fenbushi Capital, deposited 1,000 Ether, equivalent to $2.4 million.
Despite the recognition of the possibility of using Tornado Cash to launder stolen funds and its sanctioning, the problem of identifying and tracking stolen assets remains acute and indicates the need for further development of regulatory and technological solutions in the field of blockchain cybersecurity.
these are some of the hacks that have occurred ranging from smart contract hacks to hacks in communication channels and are a reminder that the nascent industry of digital assets is not without its dangers.
Source: https://coinpedia.org/news/crypto-weekly-report-major-hacks-target-penpie-chainlink-and-pythia-in-devastating-week/