en
Back to the list

Recent Cryptocurrency Thefts: MicroStrategy and Others Who Fell Victim

source-logo  cryptonews.net 27 February 2024 13:56, UTC
Ruth Kamau

MicroStrategy, renowned as the largest corporate Bitcoin owner globally, was targeted in a cryptocurrency theft totaling approximately $500,000 on February 26. The assailants managed to breach MicroStrategy’s X account, perpetrating a sophisticated scam.

Hackers initiated their attack by disseminating a fraudulent message endorsing a fictitious cryptocurrency named “MSTR” via MicroStrategy’s compromised X account. Despite swift action from MicroStrategy to remove the deceptive communication, a copy was preserved by crypto personality Spreek.

Screenshots revealed the hackers’ attempt to dupe individuals into believing that MicroStrategy was launching a new Ethereum-based coin named MSTR. The scheme entailed luring victims to click on a provided link, promising “free MSTR” in exchange for their credentials.

Blockchain investigator ZachXBT’s examination suggests that the hackers may have already siphoned over $440,000 in cryptocurrency. Notably, a significant portion of the stolen funds has been laundered through various exchange platforms, including KYBERSwap, ParaSwap, and POKT Network.

As of the time of publication, MicroStrategy has not issued an official statement regarding the incident. However, this breach occurred just days after Michael Saylor, MicroStrategy’s founder, reaffirmed the company’s commitment to maintaining its substantial Bitcoin reserves, currently exceeding 190,000 BTC valued at over $9.7 billion.

Cryptocurrency Security Landscape Riddled with Hacks and Exploits in 2024

PlayDapp’s Massive Loss

In early February, PlayDapp, a platform for crypto gaming and NFTs, encountered security breaches resulting in the creation of 1.79 billion PLA tokens, valued at a staggering $290 million. The hacker, according to Elliptic, a blockchain analysis firm, began laundering the stolen funds shortly after the breaches.

In an attempt to reclaim the stolen assets, PlayDapp initiated negotiations with the hacker through an on-chain transaction. They offered a $1 million reward for the return of the funds by February 13, but negotiations proved fruitless as the hacker refused to cooperate. Consequently, PlayDapp announced the suspension of the PLA smart contract on February 13.

Abracadabra Finance ($6.5 Million)

Abracadabra Finance, the platform behind the stablecoin Magic Internet Money (MIM), fell victim to a hack on January 30, resulting in a loss of approximately $6.5 million. As a result, the value of MIM deviated from its intended stability.

CoinMarketCap data indicated a drastic drop in the stablecoin’s market capitalization, plummeting from $100 million to $0.76 before swift action from the project’s team restored its price, leading to a rebound.

Concentric.fi ($1.8 Million)

Concentric.fi experienced a significant security breach due to a targeted social engineering attack. The attacker compromised a deployer wallet, exploiting the protocol’s vulnerabilities. Despite having audited vaults, the protocol’s upgradability rendered it vulnerable.

CertiK, a blockchain security platform, disclosed losses exceeding $1.8 million. The report also suggests a potential connection between this incident and a previous exploit on the OKX decentralized exchange.

Shocket.Tec($3.3 Million)

Socket.Tech suffered an exploitation on January 16, affecting various Web3 applications. The attack targeted Bungee Exchange, a crucial component of Socket Protocol bridging Ethereum and 12 EVM chains, resulting in a $3.3 million loss.

The attacker exploited a flaw in SocketGateway, facilitating unauthorized fund transfers from users with unrestricted access. Approximately 700 victims were impacted, with substantial losses reported, including $656,000 USDC.

Gamma Strategies ($3.4 Million)

Gamma Strategies, a DeFi protocol, faced a $3.4 million loss due to a vulnerability in its accounting mechanism. The exploit involved the withdrawal of over 1500 ETH by exploiting high price change thresholds in LST and stablecoin vaults.

PeckShield, a security firm, confirmed the incident. The protocol has since disabled deposits to public DeFi vaults while maintaining active withdrawals for users, addressing inconsistencies in accounting mechanisms.

CoinsPaid ($7.5 Million)

CoinsPaid, an Estonia-based digital asset processor, encountered its second breach within six months, resulting in a $7.5 million loss. The unauthorized withdrawals involved Tether, Ether, USD Coin, and CPD tokens, with significant exchanges to Ethereum and other assets.

Despite previous investigations, including potential links to the Lazarus Group, CoinsPaid has not commented on the recent breach. Security firm Cyvers has made public the hacker’s digital address.

Radiant Capital ($4.5 Million)

Radiant Capital, a cross-chain lending platform, suspended lending and borrowing on the Arbitrum network following a flash loan attack on its newly launched USDC market. The exploit, occurring seconds after launch, led to a $4.5 million loss.

PeckShield and Beosin identified the vulnerability and manipulation of the ’index parameter’ as the root cause. Radiant has assured users that existing funds are secure but has postponed further actions pending a full review.

Orbit Chain ($80 Million)

South Korea’s Orbit Chain suffered a massive loss exceeding $80 million due to a hack involving compromised multisig signers. The breach affected various cryptocurrencies, including stablecoins and wrapped Bitcoin, underscoring ongoing security challenges in the crypto space.

The incident highlights persistent risks associated with multisig wallets and private key management, emphasizing the need for enhanced safeguards and learning from past breaches. As of now, there is uncertainty regarding the recovery of stolen funds by the victims.

Shiba Inu Community Warned Against Fraudulent Giveaways Amid Rising Scams

The Microstrategy hack event only adds to the longlist of hacks so far this year. Amid the growing concern’s Lucie, a spokesperson for Shiba Inu, issued a stern warning against fraudulent giveaways targeting investors within the Shiba Inu community. These scams exploit the recent success of initiatives like SHEboshi and the adoption of the DN404 standard.

Lucie highlighted a specific scheme masquerading as “@thesheboshis,” falsely associating itself with the SHIB-backed Sheboshis project. The Shibarmy scam warnings team emphasized the potential phishing risks associated with engaging with such fraudulent initiatives.

In light of these scams, Lucie urged SHIB users and investors to exercise caution, advising thorough research before engaging with any promotional material or new sites. Community members were encouraged to report any suspicious accounts or activities to safeguard the interests of the Shiba Inu ecosystem.

These incidents underscore the critical need for heightened security measures and greater awareness within the cryptocurrency market. As the industry continues to evolve, stakeholders must remain vigilant against evolving threats and vulnerabilities to safeguard assets and maintain trust in the crypto ecosystem.