Analysis News TheBitTimes.com

Blockchain security firm CertiK believes the $2.4 million draining of a CoinSpot hot wallet is likely the result of a “private key compromise.” Australian crypto exchange CoinSpot has reportedly been hacked for $2.4 million in a “probable private key compromise” over at least one of its hot wallet s. According to a Nov. 8 post to his Telegram channel, blockchain sleuth ZachXBT highlighted two transactions entering the alleged hackers wallet. Afterwards, the wallet’s owner bridged the funds to the Bitcoin (BTC) network via ThorChain and Wan Bridge. In emailed comments to Cointelegraph, blockchain security firm CertiK said the alleged exploit was the result of a “probable private key compromise” on at least one CoinSpot hot wallet. According to data from Etherscan, a transaction totalling 1,262 Ether (ETH) — worth $2.4 million at current prices — came from a known CoinSpot wallet and entered the alleged hackers wallet . The presumed attacker stole 1,262 ETH from a known CoinSpot wall...

As per its agreement, project developers will not pursue legal action against the hacker. Decentralized finance (DeFi) protocol Platypus Finance said it had recovered 90% of assets that were stolen in a security breach last week. According to the October 17 announcement, developers said the protocol's net loss was limited to "18,000 Avalanche," worth $167,400 at the time of publication. As the hacker voluntarily returned the funds, Platypus Finance stated it "will guarantee that no legal action will be pursued." Developers also hinted that withdrawal information regarding users' assets will soon be posted. On October 12, the automated market maker running on the Avalanche blockchain suffered three separate flash loan attacks that drained the protocol of $2.23 million. In 2021, the project raised $3.3 million in funding led by the now-defunct crypto hedge fund Three Arrows Capital. Since the most recent attack, Platypus developers have halted all liquidit...

Developers face tradeoffs between making bridges upgradeable to fix bugs versus making them decentralized. Over $2.5 billion was stolen in cross-chain crypto bridge hacks from 2021 to 2022, according to a report by Token Terminal. But, despite several attempts by developers to improve bridge security, a debate from December 2022 to January 2023 on the Uniswap DAO forums has laid bare security weaknesses that continue to exist in blockchain bridges. In the past, bridges like Ronin and Horizon used multisig wallets to ensure that only bridge validators could authorize withdrawals. For example, Ronin required five out of nine signatures to withdraw, whereas Horizon required two out of five. But attackers figured out how to circumvent these systems and withdrew millions of dollars worth of crypto, leaving users of these bridges with unbacked tokens. After these multisig bridges were hacked, developers started turning to more sophisticated protocols like Celer, LayerZero and Wormhole, whic...

The DeFi market didn't see much change in its first week of new year compared to the last week of 2022 as the price momentum remained in a similar zone. Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The end of 2022 saw the least value of stolen funds from DeFi, with $62 million worth of exploits in December. While the figure might seem a relief given the multiple bridge hacks and hundreds of millions of dollars stolen this year, cybersecurity experts have warned that the ecosystem would see no decrease in exploits, flash loans or exit scams in 2023. Lido protocol overtook MakerDAO to have the highest total value locked (TVL) in the DeFi ecosystem. In other news, Mango Markets hacker Avraham Eisenberg was detained pending trial. The start of the new year saw a GMX whale hacked for $3.5 million worth of GMX tokens. The hackers took control of 82,519 GM...