Early on Tuesday, Certik was the first to identify the suspicious activity, announcing on platform X: “We have identified several dubious transactions on Base… The perpetrator has siphoned approximately $1.6 million from Arcadia Finance, probably via random ‘swapdata’ on its rebalancer contract.“

After a few hours, Certik updated their initial report stating that the “attack” had continued and the total losses had now escalated to around $3.5 million.

Arcadia’s team responded to the breach quickly, posting on X: “We are mindful of unauthorized transactions via a Rebalancer. All asset managers should revoke all permissions immediately.” In addition, the company cautioned its users on its official website to “disconnect rebalancers and compounders” from their accounts.

Arcadia, a platform and margin protocol backed by Coinbase Ventures, provides users the ability to lend, borrow, and trade assets without needing permission.

Certik, a prominent web3 security firm in the digital assets industry, reported last month that crypto users and DeFi protocols suffered losses amounting to $302 million due to hacks and scams in May, marking a 16.9% decrease compared to the previous month.

Supported by dominant firms like Sequoia Capital, Tiger Global and Goldman Sachs, Certik’s valuation stood at $2 billion as of last year.

The post DeFi Platform Arcadia Suffers $3.5 Million Security Breach appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

“A moderator under contract had their account hacked, which enabled a malicious bot to post scam links in one of our channels,” Ledger associate, Quintin Boatwright, shared on the Ledger Discord server. “The issue was swiftly addressed: the breached account was deleted, the bot was eliminated, the website was reported, and all requisite permissions were scrutinized and safeguarded.”

Some members of Ledger’s Discord channel reported that the attacker, exploiting moderator privileges, banned and silenced them when they tried to report the breach. This may have delayed Ledger’s response. However, Boatwright reassured that this security breach was a singular occurrence and that Ledger has implemented additional measures to fortify its Discord server security.

Using the compromised Ledger community manager account, the hacker informed Ledger Discord members of a recently discovered flaw in the company’s security systems. He then strongly encouraged all users to validate their recovery phrases using a fraudulent link. Screenshots of this activity were shared on X. Ledger users were instructed to connect their wallets and follow the instructions provided on-screen. The impact of this security breach remains unclear.

In a related event last month, scammers sent physical letters to Ledger hardware wallet owners, requesting them to authenticate their private seed phrases in an attempt to gain access and drain the wallets. These letters, bearing the Ledger logo, business address, and a reference number, were intended to appear legitimate and instructed users to scan a QR code and input their wallet’s recovery phrase.

Following a data leak in July 2020, where a hacker breached Ledger’s database exposing the personal information of over 270,000 customers, there were speculations that the scammers might be targeting the affected Ledger customers. The leaked data included names, phone numbers, and residential addresses. The subsequent year, several Ledger users reported receiving tampered Ledger devices in the mail that were designed to install malware upon usage.

The post Ledger Reinstates Security on Discord Following Attempted Seed Phrase Theft by Hacker Bot appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

Sturdy Finance, a well-known DeFi lending protocol, recently faced an unfortunate incident – a security attack by an anonymous hacker, resulting in a loss of 442 ETH, equivalent to around $800,000. The alleged hacker took advantage of the protocol’s re-entrancy vulnerability to manipulate a price oracle incorrectly.

PeckShield, a reputable blockchain analytics company, publicized the incident on Twitter, highlighting the exploitation Sturdy Finance had undergone. According to PeckShield’s analysis, the exploit didn’t reveal any classic signs of a smart contract hack or security breach. Instead, it appears that price manipulation was the issue. Additionally, the analysis identified the hacker’s address and noted that the offender had transferred the 442.6 ETH to Tornado Cash, a decentralized crypto mixer, effectively obscuring the transaction details.

Sturdy Finance Responds to the Security Incident

In response to the unfortunate event, Sturdy Finance promptly halted its trading services to prevent any additional losses. The platform reassured its community, stating “no additional funds are at risk,” and promised to provide more information once they resolved the issue. Furthermore, the team comforted its users by assuring them that no immediate action was required from their end.

Analysis of the Security Breach and the Broader DeFi Landscape

BlockSec, a security firm, identified the root cause of the exploit as the typical Balancer’s read-only re-entrancy, alongside manipulation of the B-stETH-STABLE price. They stated that the exploiter managed to steal the ETHs through this manipulation.

In a broader context, DeFi REKT Database’s recent analysis highlighted that there have been almost nine DeFi attacks this month alone. Among these, the most devastating was the Atomic Wallet exploit on June 4, one of the most significant crypto exploits in history, leading to a loss of over $35 million.

The post DeFi Platform Sturdy Finance Suffers 442 ETH Loss in an Exploit appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.