Cryptohack Roundup: Hope Finance, Platypus and CoinbasePlus, New Malware That Demands Crypto Payments
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In the days between Feb. 17 and Feb. 23, Hope Finance users lost nearly $2 million, decentralized finance firm Platypus is making a plan to compensate victims of the $9.1 million hack on its platform, Cisco Talos discovered a threat actor using two new malware programs to steal crypto and Coinbase shared lessons learned from a social engineering campaign.
Decentralized finance protocol Hope Finance says it was the victim of a $1.86 million theft on Monday, a claim being met with skepticism by many in the cryptocurrency world who say they hope it's not an exit scam in which key personnel abscond with user funds.
Hope Finance began promoting its project for launch on Feb. 20. But the time of the scheduled launch, an externally owned address had drained a funds pool containing nearly $2 million and deposited it into Tornado Cash. "It seemed at first that Hope Finance may have been exploited, however when examining some of the team's wallet activity it became clear that this was an exit scam," asserts cryptocurrency cybersecurity firm CertiK.
Decentralized finance platform Platypus is hatching a plan to compensate users after a hacker drained $9.1 million from the protocol in three separate attacks by exploiting a smart contract vulnerability. The company shared the suspected attacker's identity with law enforcement agencies and partnered with Binance to conduct the investigation, it said in a Thursday notification.
An unidentified threat actor has been deploying recently discovered malware to steal or demand payments in virtual currency, Cisco Talos said. The MortalKombat ransomware encrypts files and makes the affected system inoperable, while the GO variant of the Laplas Clipper malware is a clipboard stealer that tricks victims into performing fraudulent cryptocurrency transactions.
Crypto exchange firm Coinbase on Feb. 17 shared details of an SMS phishing campaign in which threat actors targeted the company's employees to steal credentials, leading to a minor data breach. The company alleges that the attack is part of the same campaign that targeted Twilio and Cloudflare last year (see: Crypto Exchange Coinbase Details SMS Phishing Attacks).