Various security researchers have observed that the attack appears to be linked to a slew of social engineering attacks perpetrated by cybercriminals out of North Korea.
Tapioca DAO exploited for most of its assets — over $4 million
The defi lending protocol Tapioca DAO was exploited after an attacker reportedly socially engineered the DAO's co-founder and gain access to their private key. The attacker then used their access to sell off TAP tokens, and to drain a stablecoin liquidity pool on the platform, netting around $4.4 million in USDC and ETH. The TAP token price subsequently crashed by around 96%.
Radiant Capital exploited again, this time for at least $50 million
The cryptocurrency lending project Radiant Capital was hacked for the second time in under a year, this time for more than $50 million in the USDC stablecoin, wBNB, ETH, and other tokens. An attacker successfully gained access to three of eleven private keys controlling a multisignature wallet, which enabled them to upgrade the project's smart contracts in such a way as to drain funds.
This is the second Radiant Capital exploit this year, after a $4.5 million theft in January that was enabled by an unaddressed vulnerability in the underlying Compound Finance code.
Cosmos founder reveals a portion of the protocol was created by North Korean developers
Cosmos creator Jae Kwon has raised concerns about a portion of the Cosmos protocol called the "Liquid Staking Module" after learning it was developed by North Korean agents. Although a contributor to the protocol, Zaki Manian, learned of the developers' links to North Korea after contact from the FBI in March 2023, Kwon claims that Manian ignored known flaws in their code, failed to fully audit their code, and did not report the issue to the project team or the Cosmos community. According to Kwon, the code contained a vulnerability that would allow stakers to avoid having their stakes slashed, which "contradicts the fundamental principles of staking security."
Kwon urged the Cosmos governance team to perform a full audit of the code written by these developers, and develop more protocols to prevent issues like this going forward. He also called for the governance team to blacklist Zaki Manian.
- "On the LSM Module", All In Bits
Permit phisher steals almost $1.4 million in frog tokens
An attacker using the permit phishing technique stole $1.39 million in tokens from an unsuspecting holder. The victim unknowingly signed a "Permit2" signature — a function intended to make crypto transactions smoother and less expensive, but one that also makes it possible for malicious actors to completely drain crypto wallets.
The attacker stole around $1.1 million of the cartoon frog-themed PEPE tokens, and another roughly $50,000 of the also cartoon frog-themed APU token.
$3.1 million in EIGEN tokens stolen and sold
Around 1.67 million EIGEN tokens belonging to an investor in the popular Ethereum-based EigenLayer project were stolen after the investor was tricked into transferring the tokens into the attacker's wallet. The thief then sold the tokens for around $3.1 million, although the tokens were notionally worth around $5.5 million. Some of the stolen funds were later frozen by centralized exchanges.
After the incident, some questioned why the tokens had been sent to an investor without a vesting contract, given they were supposed to be locked for a period of time to prevent sale.
Victim loses over $32 million to wallet drainer
A victim lost 12,083 spWETH tokens (~$32.4 million) after signing a malicious transaction stemming from someone using wallet drainer software. These drainers are "scam-as-a-service" products, where the drainer creators allow others to operate the drainer software in exchange for a 20% cut of stolen funds.
The victim wallet sent a message to the thief, offering "a peaceful resolution to this situation" in which the thief could keep 20% of the total amount taken (around $6.5 million).
Bedrock staking platform loses $2 million after bug that allowed users to trade Bitcoin and Ethereum 1:1
A staking platform called Bedrock lost around $2 million after exploiters discovered a bug that allowed them to swap 1 ETH for 1 BTC despite the more than $63,000 difference in prices for the two assets.
A security firm working with Bedrock had tried to warn Bedrock of the vulnerability several hours before the attack, but the team was asleep. The vulnerable contracts had been deployed a day and a half prior to the attack, and had not been audited.
Fortunately for Bedrock, security groups were able to pause third-party projects surrounding Bedrock, which helped to limit the losses — which ultimately could have been as high as the entire value of funds on the protocol.
Onyx hacked for $3.8 million via the same exploit used against them less than a year ago
The Onyx protocol was hacked for a second time by attackers taking advantage of known bugs in forks of the Compound Finance project. Projects regularly fail to patch these bugs, despite many instances of multi-million dollar hacks affecting Compound forks in the past.
Onyx apparently didn't learn their lesson the first time around, when they were exploited for $2 million in November 2023 by an attacker taking advantage of a known vulnerability affecting empty markets on the protocol. This same bug seems to have contributed to this exploit, although Onyx has claimed the hack was due to a separate vulnerability in an NFT liquidation contract.
Truflation hacked for around $5 million
The Truflation platform suffered a loss of around $5 million after what they described as "an attack using malware". The company acknowledged the attack and limited some of their services while they worked to mitigate it. They also offered a reward to "any white hats offering assistance", and offered to negotiate a "bug bounty" with the attacker.
Truflation is a blockchain-based project that provides economic data including inflation rates and asset valuations. The platform has been backed by Coinbase Ventures, Chainlink, and others.
OpenAI Twitter account once again hacked and used to promote scam token
The Twitter account belonging to OpenAI's news account was compromised and used to "announce" a scam website purporting to announce the $OPENAI token. "All OpenAI users are eligible to claim a piece of $OPENAI’s initial supply. Holding $OPENAI will grant access to all of our future beta programs," the scam tweets claimed. A link in the tweets directed users to a malicious website that invited users to connect their wallets to claim tokens.
This latest hack is only the latest in a slew of Twitter account compromises "announcing" a scam token. Over a year, OpenAI CTO Mira Murati had her account hacked to promote an "$OPENAI" token. Three months ago, accounts belonging to chief scientist Jakub Pachocki and researcher Jason Wei were hacked and used to post the same scam as today.