Cryptohack Roundup: ChipMixer, Euler Finance, Unpatched BugsAlso: Dero, Poolz Finance Hack and a Report on Ransomware Financing
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In the days between March 10 and March 16, law enforcement took down crypto tumbler ChipMixer for allegedly laundering $3 billion and charged a Vietnamese man for running it, a thief stole nearly $200 million from Euler Finance and received an offer of $20 million as a reward, Halborn found zero-days and critical vulnerabilities in more than 280 blockchains that put at risk $25 billion, criminals may have a new favorite privacy-focused crypto coin in Dero, a hacker drained $390,000 from Poolz Finance, and the Financial Action Task Force released its first dedicated report on ransomware financing.
The U.S. and German authorities on Wednesday seized darknet cryptocurrency anonymizing service ChipMixer, which federal prosecutors said cybercriminals had used for laundering $3 billion, including the proceeds of ransomware extortion and North Korean cryptocurrency hacking. American criminal prosecutors filed a criminal complaint against Minh Quoc Nguyen, 49, a Vietnamese man they said had run the service since its August 2017 creation. Mixers pool potentially tainted funds and randomly distribute them to destination wallets.
A thief who stole $197 million from a decentralized finance platform - the largest exploit in 2023 so far - has an enviable decision to make: keep all the stolen money and face legal consequences if caught or walk away unharmed with about $20 million. Euler Finance on Tuesday proposed the deal to the hacker. On Thursday, it declared a $1 million reward to anyone with information leading to the attacker. The hacker has already moved $1.8 million of the stolen funds to U.S.-sanctioned cryptomixing service Tornado Cash. The Euler Finance vulnerable code, dormant for eight months, remains unpatched, but no funds are at risk since the pools have been drained, Web3 security firm CertiK told Information Security Media Group. Euler Finance's smart contract code auditor Sherlock took responsibility for missing the vulnerability during its review and is set to make a payout of $4.5 million.
Multiple zero-days and critical vulnerabilities in more than 280 blockchains running on the UTXO network are potentially putting at risk more than $25 billion worth of digital assets. The bugs in the open-source code of the blockchains - including those that operate Dogecoin, Litecoin and Zcash - could compromise the funds in the wallets, Halborn said on Monday. While the Dogecoin team patched the vulnerabilities, others are still at risk of denial-of-service or remote code execution attacks.
Threat actors who mine digital assets using other people's infrastructure found a lucrative new cryptocurrency to motivate their hacking: privacy-focused currency Dero. The crypto crash of 2022 undercut the rewards of cryptojacking by between 50% and 90%, cybersecurity firm CrowdStrike said. Not so for Dero, "which offers larger rewards" to attract miners and provides cutting-edge anonymity features, making it a "perfect match" for attackers on the lookout for an illicit payday. Hence what the cybersecurity firm said in research published on Wednesday is the first-ever detected Dero cryptojacking operation. The operation has targeted Kubernetes infrastructure on three U.S.-based servers since February.
A hacker stole $390,000 from cross-chain platform Poolz Finance on Wednesday by attacking the platform's token vesting protocols on the Binance Smart Chain and Polygon chains, PeckShield said. Poolz Finance flagged the hacker's crypto wallet addresses, froze the vulnerable functions and advised users against using the platform for now.
FATF Ransomware Financing
The Financial Action Task Force, an international intergovernmental organization that develops policies to combat money laundering, on Tuesday released its first dedicated report on ransomware, sharing an overview of the threat landscape, how ransoms are laundered and how to disrupt the operations. Criminals "almost exclusively" use crypto and have "easy access" to virtual asset service providers, making jurisdictions with "weak or nonexistent" anti-money laundering controls a concern, it says.