Crypto crime spree continues with Deribit and Solend hacks

The world of crypto is a minefield of hacks, scams, and rug pulls. The maxim “not your keys, not your coins” advises against trusting centralized exchanges but, as today’s news about crypto exchange Deribit and lending protocol Solend shows, neither CeFi nor DeFi is safe from the near-constant efforts of exploiters.

Deribit, an exchange focused on crypto derivatives trading, yesterday lost $28 million in bitcoin, Ethereum, and USDC when its hot wallets were compromised. Assuring that all user losses will be covered, an announcement explained that, “It’s company procedure to keep 99% of our user funds in cold storage to limit the impact of these types of events.”

Deribit hot wallet compromised, but client funds are safe and loss is covered by company reserves
Our hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022.
— Deribit (@DeribitExchange) November 2, 2022

“Hot” wallets are those which are constantly connected to the internet. In Deribit’s case to facilitate customer withdrawals which have been temporarily suspended following the breach. “Cold” wallets are supposedly much more secure given that, when used correctly, any would-be attackers require physical access to the hardware wallet in order to transfer funds.

The loss to Solana-based “algorithmic, decentralized lending and borrowing protocol” Solend was much smaller, at just over $1 million. The team tweeted that they’d detected an “oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools,” resulting in a total of $1.26 million of bad debt.

In a stark similarity to the Mango Markets incident, the prices of collateral assets were manipulated, allowing the attacker to drain Solend’s lending pools against the collateral’s inflated value.

Perhaps this is another “highly profitable trading strategy” from Avraham Eisenberg, the man who admitted to carrying out the last month’s nine-figure heist. A pseudonymous identity has been linked to the hacker’s address, and negotiations are currently ongoing.

We discovered a known contact for the hacker (verified on-chain proof connecting the hacker to an off-chain pseudonymous identity) and have been working closely with the Solend team over the past half hour to get them in touch with the hacker to reach a resolution. https://t.co/xoKw14Zigw
— SolBlaze.org | Stake with us! 🔥💃 (@solblaze_org) November 2, 2022

“Hacktober” was a record month for crypto thefts

Blockchain security firm Peckshield estimated that October saw $760 million lost to crypto crime. Approximately $100 million has been returned.

Of the dozens of projects exploited, the largest by far was the BNB Bridge incident that saw over half a billion dollars in BNB fraudulently minted. The attacker was only able to move just $127 million to other chains before the BSC network was paused and the assets frozen.

For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.

Source: https://protos.com/crypto-crime-spree-continues-with-deribit-and-solend-hacks/