SBI Crypto has not made any public statements addressing the apparent theft.
SBI Crypto likely suffers $21 million theft
Crypto sleuth zachxbt observed $21 million in "suspicious outflows" from SBI Crypto, a crypto mining subsidiary of the Japanese SBI Group. The money was quickly laundered through instant exchanges and Tornado Cash, in ways zachxbt observed were similar to tactics of North Korean crypto thieves.
Kinto token crashes; community claims rug pull, Kinto claims hack
The price of Kinto's $K token suddenly crashed 90%, sparking accusations of a rug pull. A tranche of investor tokens had just been unlocked recently, leading some to speculate that investors dumped their tokens on retail buyers.
However, Kinto blamed the token crash on the exploit that was recently disclosed by VennBuild, claiming on Twitter that "we got hacked by a state actor". Venn seemed to corroborate Kinto's explanation that the crash was related to the exploit, tweeting that although they had tried to warn all vulnerable projects before publicly disclosing the bug, "Sadly the Kinto token was not found despite being vulnerable, and exploited without time to mitigate."
Kinto has announced a plan to try to fundraise to cover a $1.4 million loss in liquidity, then create a new $K token based on a snapshot of previous token holdings.
Security researchers disclose exploit that put over $10 million across multiple protocols at risk
On July 9, security researchers at VennBuild and other firms disclosed a "critical backdoor" affecting thousands of smart contracts, which one of the researchers said left "over $10,000,000 at risk for months". The researchers suggested that the backdoor was likely created by Lazarus, a North Korean state-sponsored hacking group.
According to the researchers, they found thousands of contracts affected by the exploit, and worked with multiple protocols to upgrade contracts or withdraw vulnerable funds. The researchers theorized that the attackers were "likely a sophisticated group waiting for a bigger target, not small wins."
Tapioca DAO exploited for most of its assets — over $4 million
The defi lending protocol Tapioca DAO was exploited after an attacker reportedly socially engineered the DAO's co-founder and gain access to their private key. The attacker then used their access to sell off TAP tokens, and to drain a stablecoin liquidity pool on the platform, netting around $4.4 million in USDC and ETH. The TAP token price subsequently crashed by around 96%.
Various security researchers have observed that the attack appears to be linked to a slew of social engineering attacks perpetrated by cybercriminals out of North Korea.
Radiant Capital exploited again, this time for at least $50 million
The cryptocurrency lending project Radiant Capital was hacked for the second time in under a year, this time for more than $50 million in the USDC stablecoin, wBNB, ETH, and other tokens. An attacker successfully gained access to three of eleven private keys controlling a multisignature wallet, which enabled them to upgrade the project's smart contracts in such a way as to drain funds.
This is the second Radiant Capital exploit this year, after a $4.5 million theft in January that was enabled by an unaddressed vulnerability in the underlying Compound Finance code.
The US and South Korean governments later attributed this attack on Radiant to North Korean state-sponsored attackers.
Cosmos founder reveals a portion of the protocol was created by North Korean developers
Cosmos creator Jae Kwon has raised concerns about a portion of the Cosmos protocol called the "Liquid Staking Module" after learning it was developed by North Korean agents. Although a contributor to the protocol, Zaki Manian, learned of the developers' links to North Korea after contact from the FBI in March 2023, Kwon claims that Manian ignored known flaws in their code, failed to fully audit their code, and did not report the issue to the project team or the Cosmos community. According to Kwon, the code contained a vulnerability that would allow stakers to avoid having their stakes slashed, which "contradicts the fundamental principles of staking security."
Kwon urged the Cosmos governance team to perform a full audit of the code written by these developers, and develop more protocols to prevent issues like this going forward. He also called for the governance team to blacklist Zaki Manian.
- "On the LSM Module", All In Bits
North Korean developers steal $1.3 million from crypto project treasury
According to blockchain investigator zachxbt, North Korean developers using fake identities were able to steal $1.3 million from a cryptocurrency project after pushing malicious code.
zachxbt traced the payment addresses for roughly 21 developers involved in this kind of activity, which he found had been working for at least 25 different cryptocurrency projects. They had earned around $375,000 over the past month.
WazirX exchange hacked for $235 million
After a $230 million "suspicious transfer", Indian cryptocurrency exchange WazirX has paused withdrawals and acknowledged that one of their multisignature wallets was compromised. The attacker began selling off the tokens, causing the price of tokens like Shiba Inu to drop around 10%.
WazirX is the largest cryptocurrency exchange in India. The company was acquired by Binance in 2019, but the two companies re-separated in 2023 after a bizarre public dispute.
WazirX's June 2024 proof-of-reserves reported around $500 million in total holdings, making the $235 million theft a substantial portion of the assets held at the exchange.
Blockchain sleuth zachxbt observed that the theft had some of the hallmarks of the Lazarus Group, a North Korean hacking group that has perpetrated other 9-figure heists including the $625 million Axie Infinity theft in March 2022, and the theft of more than $100 million from Atomic Wallet users. The US and South Korea both officially pinned the attack on North Korea later on.
Japanese crypto exchange DMM Bitcoin loses $308 million
A Japanese cryptocurrency exchange called DMM Bitcoin has announced that they suffered an "unauthorized leak" of 4,502.9 bitcoin (~$308 million) from a company wallet. They've provided very little in additional details around how the loss occurred, or who may have been involved. They have taken some of their services offline as they investigate the incident.
The company claims it will replace the lost funds with help from other companies in their group.
This is one of the largest cryptocurrency thefts in recent history, rivaling the roughly $320 million theft from the Wormhole bridge in February 2022 and the $477 million theft from FTX in November 2022.
The DMM hack was later attributed to a North Korean state-sponsored cybercrime group.
$2 million stolen from ALEX's XLink bridge by bumbling exploiter
An attacker tried to pull off what could have been a ~$12 million heist from ALEX Lab's XLink bridge after a private key was compromised. However, the sloppy work by the attacker enabled an apparent whitehat hacker to step in.
The attacker was successfully able to transfer around 13.8 million STX (~$2 million) on the Stack BTC layer-2 chain. However, their attempts to steal assets notionally worth around $4.3 million from the project's BNB Chain implementation failed when they upgraded the project contract to a malicious version, but failed to prevent other people from calling the withdraw function. The attacker's first transactions to withdraw the funds themself failed, and an apparent whitehat hacker was able to step in and complete the withdrawal ahead of the exploiter. They later negotiated a deal for the funds' return, after offering a 10% "bounty".
The exploiter had also tried, and failed, to steal assets notionally worth around $5 million on the Ethereum blockchain, but failed to do so. ALEX Lab later announced they were able to recover or secure around $4.5 million of those assets. ALEX also later announced that they believed the attackers were part of the North Korean Lazarus Group.