Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Cryptohack Roundup: Tender.fi, Algodex

Also: Uranium Finance Hacker Moves Funds; BitKeep Moves to Refund Victims
Cryptohack Roundup: Tender.fi, Algodex
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In the days between March 3 and March 9, Tender.fi joined the growing list of decentralized finance platforms that paid a white hat reward to a thief who stole from it, a Uranium Finance hacker began to launder funds via sanctioned mixer Tornado Cash, Algodex suffered security breaches and urged users to withdraw funds, and BitKeep said it would reimburse hack victims.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Tender.fi

A decentralized finance platform on Tuesday rewarded a malicious hacker for stealing funds from its platform. The hacker, who exploited a misconfigured price oracle to steal $1.6 million from Tender.fi, returned the funds in exchange for a $97,000 "bounty," the company said. The platform has paused the borrowing function and is working on a postmortem report.

Uranium Finance

A wallet associated with the multimillion-dollar Uranium Finance theft moved funds worth $3.35 million to sanctioned cryptocurrency mixer Tornado Cash. The move comes after more than 21 months of inactivity, Web3 security firm PeckShield said on Tuesday. The hacker on April 28 exploited a coding vulnerability on the Binance Smart Chain-based platform to steal funds worth $50 million at the time, likely forcing the company to cease operations and ask users to withdraw funds from the platform.

Algodex

A threat actor continues to drain funds from one of DeFi platform Algodex's wallets, amid a renewed warning from the company. The hacker stole "less than $55,000," and the incident did not affect the company's liquidity, it said. MyAlgo, the wallet provider for the network Algodex operates in, urged users to withdraw their assets or rekey their funds to new accounts - that is, maintain a static public wallet address while dynamically rotating the authoritative private spending keys. The warning follows a Feb. 27 announcement from MyAlgo of a $9.2 million exploit resulting from an unknown and unpatched vulnerability.

BitKeep

Crypto wallet BitKeep on Wednesday said it had verified the reimbursement appeals of 2,785 victims that lost $8 million in a December hack, and it is set to reimburse users through two transactions "shortly." The thieves last year hijacked the APK versions of the BitKeep app to install malicious code into user devices, the company said at the time. Victims must complete their appeal process by March 15 to be eligible for compensation, BitKeep said.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.