• bitcoin
    Bitcoin(BTC)
    $0.00 4.63%24H
  • ethereum
    Ethereum(ETH)
    $0.00 7.65%24H
  • binance-coin
    Binance Coin(BNB)
    $0.00 8.29%24H
  • usd-coin
    USD Coin(USDC)
    $0.00 -0.04%24H
  • cardano
    Cardano(ADA)
    $0.00 5.58%24H
  • chainlink
    Chainlink(LINK)
    $0.00 7.66%24H
  • bitcoin-cash
    Bitcoin Cash(BCH)
    $0.00 5.04%24H
  • stellar
    Stellar(XLM)
    $0.00 4.19%24H
  • vechain
    VeChain(VET)
    $0.00 7.84%24H
  • tezos
    Tezos(XTZ)
    $0.00 5.65%24H
  • eosdac
    eosDAC(EOSDAC)
    $0.00 3.34%24H
Crypto Currency Bazaar 4u: Today’s Latest Worldwide News on Cryptocurrency Market delivered to the last minute, Live Crypto Price Data and Indexes, Crypto Investment & Finance opportunities & Blockchain projects, Global Crypto Classifieds
  • INVESTMENTS
    • Crypto General
    • Masternodes
    • Mining Projects
    • NFTS Investments
    • Invest In ICO
    • Exchanges
    • Staking Yeild Farming
  • WORLD
  • USA
  • CANADA
  • JAPAN
  • UK
  • UAE
  • INDIA
  • MORE
    • BRAZIL
    • AUSTRALIA
    • EL SALVADOR
    • CENTRAL AMERCIA
    • SOUTH AMERICA
    • AFRICA
    • EUROPE
    • ASIA
    • OCEANIA
    • ICO
  • Login
  • BLOCKCHAIN
  • BITCOIN
  • ETHEREUM
  • NFTS
  • ALTCOIN
  • MINING
  • VIDEOS
  • LIVERATES
  • SHOP
  • CLASSIFIEDS
  • ADVERTISE
  • SUBMIT PRESS RELEASE
HealthNews
No Result
View All Result
Home EXCHANGES

The biggest security breaches of 2021

CB4U by CB4U
January 21, 2022
in EXCHANGES
0
The biggest security breaches of 2021
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

According to on-chain analytics firm Chainalysis, the volume of criminal cryptocurrency transactions in 2021 peaked at a new all-time high – $14 billion. However, despite the rise in criminal transfer volume, its relative share to the entire cryptocurrency transaction volume of 2021 was the lowest of all time. These statistics show that the expansion of the cryptocurrency sphere is by far outpacing cybercrime associated with cryptocurrencies, it also shows that security in the industry is also catching up with the demand.

The most lucrative cyberattacks of 2021

Even though there was a drop-off in the share of crime-associated transaction volume in the cryptocurrency space in 2021, there were several instances that raised some eyebrows. Here I will go through some of the most eye-catching ones.

1. Poly Network – $611 million

The Poly Network hack happened on 10 August 2021 and resulted in the theft of around $611 million worth of digital assets stolen on three blockchains: Ethereum, BSC and Polygon. The conspicuous detail was that the hacker returned the entire sum he had stolen, explaining his move as an attempt to point out the vulnerabilities in the Poly Network protocol that did not seek profit.

Poly Network is a cross-chain network that allows users to perform cross-blockchain operations in a decentralized way. For example, transferring funds from one blockchain to another. For doing this, a large amount of liquidity is needed to be in the protocol. In Poly Network, this liquidity is controlled by special smart contracts.

The contracts exploited were EthCrossChainManager and EthCrossChainData. EthCrossChainData is owned by EthCrossChainManager and stores a list of public keys who can control this liquidity (keepers).

The attacker exploited a vulnerability in the EthCrossChainManager contract and could trick it to replace the contract’s keepers for the attacker’s ones. Then the attacker cyphoned the liquidity from the Poly Network protocol, having gained full control over the protocol’s operations.

2. Bitmart – $196 million

On 4 December 2021, the centralised cryptocurrency exchange Bitmart got attacked, with $200 million worth of crypto assets being stolen from its hot wallet. The attackers stole the private keys to the exchange’s hot wallets.

The Bitmart exchange claimed that it had lost $150 million, but the blockchain cybersecurity firm Peckshield later came out with a claim that $196 million had been stolen from the Ethereum and Binance Smart Chain blockchains in more than 20 cryptocurrencies and tokens. They also showed the path in graphics that the stolen assets had travelled except for the final destination. First, the attacker swapped the stolen assets for Ether using the DEX aggregator 1inch and then washed the Ether using a privacy mixer Tornado Cash. After that the trace goes blank.

This cyberattack showed once again the vulnerability of storing private keys to multiple addresses with huge sums on a single server. This exposed all of the exchange’s hot wallets at once.

3. Cream Finance – $130 million

In the Cream Finance cyberattack that took place in December 2021, a hacker or two hackers used multiple protocols – MakerDAO, AAVE, Curve, Yearn.finance – to pull off a heist from Cream Finance worth $130 million worth of tokens and cryptocurrencies.

The evidence suggests there might have been two attackers, I am going to assume so. There were two addresses used in the attack: address A and address B. First address A loaned out $500 million worth of DAI from MakerDAO and, having dragged that liquidity through Curve and Year.finance, used them to mint 500 million cryUSD on Cream Finance. At the same time, address A increased the liquidity in Yearn.finance’s yUSD Vault to 511 million yUSDTVault.

Then address B flash borrowed $2 billion in Ether from AAVE, minted $2 billion worth of cEther by depositing the borrowed $2 billion ETH into Cream. Then address B used it to take out 1 billion yUSDVault and redeemed them for 1 billion cryUSD and transferred them to address A. Thus, address A got 1.5 billion cryUSD.

After that address A bought 3 million DUSD from Curve and redeemed them all for yUSDVault, thus obtaining 503 million yUSDVault on its balance. Then address A redeemed 503 million yUSDVault for the underlying yUSD token and brought the total supply of yUSDVault to 8 million.

Then address A transferred 8 million yUSD into the Yearn.finance yUSD vault and doubled the vault’s valuation. This made Cream’s PriceOracleProxy’s double the valuation of cryUSD as it determines the price of cryUSD based on (valuation of yUSD Yearn Vault) / (the total supply of yUSDVault), i.e. $16 million / 8 million yUSDVault. Therefore, Cream perceived that address A had $3 billion in cryUSD.

This mistake eventually cost Cream Finance. The hackers were able to return the flash loan with the excess liquidity they produced and pocket the entire liquidity ($130 million) that was locked in Cream Finance using the $1 billion in cryUSD they got left.

The most popular types of attacks in 2021

Speaking of attacks on smart contracts, the most popular type of attack was the flash loan attack like the one described above. According to The Block Crypto, out of the 70 DeFi attacks in 2021, 34 used flash loans, the December Cream Finance heist being the pinnacle in terms of the stolen amount. The quintessential trait of these attacks is the use of multiple protocols. On their own, they might be secure, but when it comes to using a string of them, vulnerabilities can be found.

Another type of attack on smart contracts that can be classed as a classic DeFi attack is the reentrancy attack. A reentrancy attack can happen if the function that calls an external contract does not update the address balance before it makes another call to that contract. In this case, the external contract can withdraw funds recursively because the address balance in the target contract is not updated after every withdrawal. And these recursive calls can continue until the contract’s balance is depleted.

And the third common type of attacks in 2021 was attacks on centralised exchanges by way of stealing the private key to the hot wallet of exchanges. This is a very old way of cyber attacks in the history of cryptocurrencies, but it does not become too old.

How to protect your funds in the cryptocurrency space?

When it comes to an individual user’s funds, it is good to do due diligence of the platform you want to deposit your funds to: look at the site, look at the socials of the team members, have a look at the White Paper and the technical audit. Also, it will be good to use the functionality in cryptocurrency wallets that allow whitelisting the contracts that the user regularly uses, it exists in the Metamask wallet and in dedicated online services for safe cryptocurrency keeping Unrekt and Debank. If a transfer to an unfamiliar contract has been approved, they will highlight such a contract.

When the safety of a DeFi protocol is concerned, it is good to use other tried and tested projects’ codebase. But the founder should still sanction at least one technical audit of the smart contracts of the project. This is especially important with protocols deployed on multiple blockchains and interacting with other protocols. They require especially rigorous scrutiny during audits.

Guest post by Gleb Zykov from HashEx

Gleb began his career in software development in a research institute, where he gained a strong technical and programming background, developing different types of robots for the Russian Ministry of Emergency Situations.
Later Gleb brought his technical expertise to the IT services company GTC-Soft, where he designed Android applications. He moved on to become the lead developer and afterwards, the company’s CTO. In GTC Gleb led the development of numerous vehicle monitoring services and an Uber-like service for premium taxis. In 2017 Gleb became one of the co-founders of HashEx – an international blockchain auditing and consulting company. Gleb holds the position of Chief Technology Officer, spearheading the development of blockchain solutions and smart-contract audits for the company’s clients.

Learn more →

Posted In: Guest Post, Hacks

CryptoSlate Newsletter

Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis

Price snapshots

More context

Join now for $19/month Explore all benefits

Advertisement Banner
Previous Post

Axie Infinity Is Gearing Up For Major Updates; More Details

Next Post

Despite Recent Fear, Coins Aged 12-18 Months Rise To 2-Year High

CB4U

CB4U

Next Post
Despite Recent Fear, Coins Aged 12-18 Months Rise To 2-Year High

Despite Recent Fear, Coins Aged 12-18 Months Rise To 2-Year High

Discussion about this post

RECOMMENDED

LTC/USD Consolidates Below $110, Bearish Momentum in Control

LTC/USD Consolidates Below $110, Bearish Momentum in Control

1 year ago
Donald Trump Warns US Economy Is Facing ‘Much Bigger Problem Than Recession’ — ‘We’ll Have a Depression’ – Economics Bitcoin News

Donald Trump Warns US Economy Is Facing ‘Much Bigger Problem Than Recession’ — ‘We’ll Have a Depression’ – Economics Bitcoin News

7 months ago

DON'T MISS

How to Play Axie Infinity?

How to Play Axie Infinity?

February 9, 2023
Cardano Launches EVM-Compatible Sidechain Public Testnet

Cardano Launches EVM-Compatible Sidechain Public Testnet

February 9, 2023
Argo Blockchain CEO, Interim Chairman Peter Wall steps down

Argo Blockchain CEO, Interim Chairman Peter Wall steps down

February 9, 2023
US Government Secretly Cracking Down On Crypto?

US Government Secretly Cracking Down On Crypto?

February 9, 2023
Crypto Currency Bazaar 4u: Today’s Latest Worldwide News on Cryptocurrency Market delivered to the last minute, Live Crypto Price Data and Indexes, Crypto Investment & Finance opportunities & Blockchain projects, Global Crypto Classifieds

The Cryptocurrency Bazaar 4U was founded in 2020 for providing the most trusted information for the Crypto enthusiasts covering a broad range of news about blockchain technology, cryptocurrency assets, emerging fintech trends in the decentralized space, and other related wide array of information surrounding this emerging technology.Our team provides the most up-to-date and accurate news from different sources in this space comprising of unbiased news, in-depth analytics, detailed cryptocurrency price charts, and insightful opinion pieces is the basis of our editorial content.

POPULAR POSTS

How to Play Axie Infinity?

How to Play Axie Infinity?

February 9, 2023
Cardano Launches EVM-Compatible Sidechain Public Testnet

Cardano Launches EVM-Compatible Sidechain Public Testnet

February 9, 2023
Argo Blockchain CEO, Interim Chairman Peter Wall steps down

Argo Blockchain CEO, Interim Chairman Peter Wall steps down

February 9, 2023

Categories

  • AFRICA
  • ALTCOIN
  • ASIA
  • AUSTRALIA
  • BITCOIN
  • BLOCKCHAIN
  • BRAZIL
  • CANADA
  • CENTRAL AMERCIA
  • CRYPTO GENERAL
  • EL SALVADOR
  • ETHEREUM
  • EUROPE
  • EXCHANGES
  • ICO
  • INDIA
  • INVERST IN ICO
  • INVESTMENTS
  • JAPAN
  • MASTERNODES
  • MINING
  • MINING PROJECTS
  • NFTS
  • NFTS INVESTMENTS
  • OCEANIA
  • SINGAPORE
  • SOUTH AMERICA
  • STAKING & YEILD FARMING
  • UAE
  • UK
  • Uncategorized
  • USA
  • VIDEOS
  • WORLD
  • CONTACT US
  • DISCLAIMER
  • PRIVACY POLICY
  • ABOUT US
  • CLASSIFIED
  • ADVERTISE
  • SUBMIT PRESS RELEASE

© cryptocurrencybazaar4u.io

No Result
View All Result
  • BLOCKCHAIN
  • BITCOIN
  • ETHEREUM
  • NFTS
  • ALTCOIN
  • MINING
  • VIDEOS
  • LIVERATES
  • SHOP
  • CLASSIFIEDS
  • ADVERTISE
  • SUBMIT PRESS RELEASE

© cryptocurrencybazaar4u.io

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • bitcoin
    Bitcoin(BTC)
    $0.00 4.63%24H
  • ethereum
    Ethereum(ETH)
    $0.00 7.65%24H
  • binance-coin
    Binance Coin(BNB)
    $0.00 8.29%24H
  • usd-coin
    USD Coin(USDC)
    $0.00 -0.04%24H
  • cardano
    Cardano(ADA)
    $0.00 5.58%24H
  • chainlink
    Chainlink(LINK)
    $0.00 7.66%24H
  • bitcoin-cash
    Bitcoin Cash(BCH)
    $0.00 5.04%24H
  • stellar
    Stellar(XLM)
    $0.00 4.19%24H
  • vechain
    VeChain(VET)
    $0.00 7.84%24H
  • tezos
    Tezos(XTZ)
    $0.00 5.65%24H
  • eosdac
    eosDAC(EOSDAC)
    $0.00 3.34%24H
en English
en Englishja Japaneseko Koreantl Filipinovi Vietnamesehi Hindibn Bengalita Tamilzu Zulusw Swahilide Germanfr Frenches Spanishpt Portugueseru Russian