Early on Tuesday, Certik was the first to identify the suspicious activity, announcing on platform X: “We have identified several dubious transactions on Base… The perpetrator has siphoned approximately $1.6 million from Arcadia Finance, probably via random ‘swapdata’ on its rebalancer contract.“

After a few hours, Certik updated their initial report stating that the “attack” had continued and the total losses had now escalated to around $3.5 million.

Arcadia’s team responded to the breach quickly, posting on X: “We are mindful of unauthorized transactions via a Rebalancer. All asset managers should revoke all permissions immediately.” In addition, the company cautioned its users on its official website to “disconnect rebalancers and compounders” from their accounts.

Arcadia, a platform and margin protocol backed by Coinbase Ventures, provides users the ability to lend, borrow, and trade assets without needing permission.

Certik, a prominent web3 security firm in the digital assets industry, reported last month that crypto users and DeFi protocols suffered losses amounting to $302 million due to hacks and scams in May, marking a 16.9% decrease compared to the previous month.

Supported by dominant firms like Sequoia Capital, Tiger Global and Goldman Sachs, Certik’s valuation stood at $2 billion as of last year.

The post DeFi Platform Arcadia Suffers $3.5 Million Security Breach appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

CertiK has detected a significant exploit on Binance Smart Chain (BSC), where a perpetrator siphoned nearly $2 million by misusing a smart contract function known as printMoney(). Exploiter Manipulates Authorized Contract to Loot Funds Twitter Link A recognized attacker carried out the exploit from address 0xd5c6f3…122c. This person repeatedly activated the printMoney() function on their authorized attack contract. The unauthorized intrusion originated from a compromised victim contract associated with address 0xb5cb0, which had unknowingly authorized the malicious contract approximately eight hours before the attack.

CertiK suspects the victim contract deployer’s private key was either phished or compromised in some other way, leading to the unauthorized approval transaction. This allowed the attacker to fully transfer the victim’s tokens. Hacker Transforms Funds and Possesses Nearly $2M Twitter Link Once the attacker had access, they quickly transformed the stolen derivative tokens into BNB and stablecoins. Currently, the exploiter holds about $1.96 million worth of assets at their address.

The crypto community is urged to remain vigilant as several major crypto hacks have been reported this year. Coinbase lost $400 million, Cetus on the Sui network was hit for $220 million, and other platforms like Phemex and UPCX have also suffered significant losses. These incidents demonstrate the high risk involved in the crypto space if not properly managed. According to CertiK, trusting unverified smart contracts or having weak security for private keys are among the biggest blunders. In a recent BSC hack, these were the exact issues that led to the theft of millions.

CertiK is actively monitoring the hacker’s wallet and is on the lookout for suspicious activity. They’ve also reminded users and developers to consistently verify contract approvals, use thoroughly audited code, and avoid rushing transactions. CertiK’s advice is straightforward – be cautious, stay vigilant, and don’t rush decisions.

The post Binance Smart Chain Faces $2M Crypto Exploit: CertiK Monitors Attack appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

According to the Hack3d report, Q1 of 2025 witnessed a shocking surge in cryptocurrency thefts. Hackers managed to abscond with about $1.67 billion through 197 security breaches, marking a nearly 303.38% rise compared to the last quarter. Predominantly, the Bybit exploit contributed to this enormous loss, accounting for approximately $1.45 billion. This security breach has since caused a ripple effect across the Web3 industry, prompting crucial discussions about the security protocols of centralized exchanges.

The report also highlighted the rising threat of private key compromises, a specific form of wallet breaches. About $142 million got stolen through these compromises in 15 separate incidents. Interestingly, despite phishing incidents outnumbering private key compromises, the total amount lost to phishing was significantly lower, at nearly $16 million across 81 incidents. This disparity indicates that individual phishing attacks tend to have a smaller financial impact.

The Hack3d report points out that fraudsters are persistently employing techniques like social engineering, artificial intelligence, and contract manipulation to circumvent even the most fortified security systems. With cryptocurrency becoming more mainstream and asset values climbing, the CertiK team anticipates a regretful upward trend in crypto thefts.

In addition to these alarming revelations, CertiK’s Q1 2025 Hack3d report also scrutinizes the most vulnerable blockchains, the top three security incidents of the quarter, key industry developments, and strategies for boosting user and protocol security. As a comprehensive security resource, Hack3d aids stakeholders in understanding the growing security risks within the Web3 sphere and equips them with the necessary knowledge for enhancing their defenses and making well-informed decisions in this high-risk landscape.

You can find the Q1 2025 Hack3d report here.

Media Contact:
CertiK
Elisa Xu
yiting.xu@certik.com

The post Crypto Security Report Reveals a Staggering 300% Rise in Q1 2025 Hacking Incidents appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

FTX Hack

The catastrophic failure of the widely used digital asset exchange FTX, with the loss of billions of dollars in cash, was the most significant cryptocurrency event of 2022 and perhaps the most important news story of the year.

In addition to filing for Chapter 11 bankruptcy on November 12, the celebrity-backed exchange was the target of an unknown cyberattack.

About $640 million worth of tokens were stolen from many wallets believed to belong to FTX. The money was then transferred to other cryptocurrency exchanges and changed into other digital currencies.

Unfortunately, the thief or thieves responsible for the missing funds remain unknown. New FTX management’s attorney, James Bromley, said during the collapsed exchange’s first court hearing that a significant proportion of the exchange’s assets are either lost or stolen.

$566,000,000 for Binance (Binance Smart Chain)

On October 6, hackers stole $566 million worth of BNB from a blockchain affiliated with the largest cryptocurrency exchange in the world.

This vulnerability affected the inter-chain bridge BSC Token Hub. The hackers basically created tokens out of thin air by forging withdrawal proofs. However, the assault against Binance did not result in user losses on the Binance blockchain.

Although a large number of tokens were stolen, the perpetrators could not get away with them all; according to Binance CEO Changpeng Zhao, the exchange was able to keep between 80% to 90% of the stolen assets safe.

It is because, after the assault, validators on the BSC chain halted the network, but hackers did transfer around $100 million to other chains.

$552,000,000 for Ronin

In March, hackers stole an estimated $552 million in Ethereum and USDC from Ronin, a sidechain for the widely played NFT game Axie Infinity. One week after Axie Infinity creator Sky Mavis announced the flaw, the total worth of the stolen cash had reached $622 million.

What strategy did they employ? The “hacked private keys” were used to make fake transactions and steal money.

Approximately $7 million in Ethereum was transmitted to cryptocurrency mixing provider Tornado Cash for fast laundering.

U.S. Treasury investigators subsequently found cryptocurrency wallet addresses that they believed belonged to the Lazarus cyber organization in North Korea.

$326 million Wormhole

It was a terrible year for decentralized financial protocols. DeFi is a catch-all word for the still-evolving category of applications that banks and brokerages use to automate routine tasks. It implies there is a safety concern, especially with bridges, which enable users to move cash across different blockchains.

The famous bridge, Wormhole, was vulnerable to an attack in February. Tokens were minted by hackers who focused on Solana (where users lock Ethereum within a smart contract in exchange for a similar amount of Wrapped Ethereum, or WETH). About $120,000’s worth of WETH tokens. That equated to around $326 million back in the day.

In the DeFi ecosystem, WETH, a token tied to the price of Ethereum at a ratio of 1:1, facilitates rapid monetary transfers.

Wormhole’s parent business, Jump Trading, a prominent participant in the Solana ecosystem, stepped in to replace the stolen goods and restore bridge service.

Nomad, $190 million

In August, there was a second attack on a bridge. All of Nomad’s Ethereum, USDC, DAI, FXS, and CQT were stolen by hackers who took advantage of a flaw in the update. Nomad is a service that allows users to exchange digital assets across multiple blockchains.

The money began trickling back in when the protocol’s backers promised a 10% incentive to hackers who returned the tokens (without imposing law enforcement).

Although around $22 million was recovered from the incident, it led the FBI to issue a warning to investors about the increased interest of cyber criminals in exploiting weak DeFi systems.

The $100M Harmony Bridge Hack

Another $100 million in various cryptocurrencies were stolen via a breach of the Horizon Bridge, which connects Ethereum, Bitcoin, and BNB Chain to Harmony’s layer-1 blockchain.

Because the money was laundered in a manner consistent with known Lazarus Group operations, blockchain forensics company Elliptic has concluded that the breach was carried out by that group of North Korean cybercriminals.

It is believed that Lazarus stole employee login credentials for the Harmony platform, compromised the site’s security, and took control of the protocol before using automated laundering programs to transfer funds.

The Wintermute $160M Hack

Approximately $160 million in 70 different tokens were stolen from the hot wallet of United Kingdom-based crypto-exchange Wintermute.

CertiK, a blockchain security company, conducted an analysis and found that a private key presumably produced by Profanity, an app that lets users construct vanity crypto addresses, was exploited.

Using the private key, the attacker could then perform a function that, according to CertiK, would enable the attacker to replace the swap contract on the platform with the attacker’s own.

BlockSec, a blockchain security company, disproved rumors that the attack was an “inside job” because of the method by which it was executed.

$182 million Beanstalk Farms

Beanstalk Farms is an Ethereum-based stablecoin system. Tokens called STALK were utilized in this technology. It would need the consent of the majority of STALK holders in order for any assets to be transferred out of Beanstalk Farms.

A hacker purchased a controlling stake in STALK via a flash loan (a very short-term crypto loan) in April. They then utilized STALK tokens to propose a huge transfer of cash and approve it. An estimated $80 million in profits were made by the hacker, but the attack led the stablecoin to fall, leading to total losses of $182 million.

The post Top 8 of 2022’s Worst Crypto Exploits appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.