Chainalysis says it managed to trace bitcoin through the popular mixing service CoinJoin to help identify the alleged DAO hacker. Analysis appears to point to Toby Hoenisch, a 36-year-old programmer who grew up in Austria and was living in Singapore at the time of the hack. Until now, he has been best known for his role as a cofounder and CEO of TenX, which raised $80 million in a 2017 initial coin offering to build a crypto debit card—an effort that failed
Amidst yesterday's report by Cryptopians author Laura Shin that claims to identify who hacked The DAO in 2016, there was a small detail crucial to the findings but with other implications.
It was the claim, by blockchain analytics firm Chainalysis, that it was able to unmask the path of transactions through a popular bitcoin mixing service called CoinJoin. CoinJoin is a crypto mixing tool by privacy-focused Wasabi Wallet.
Tom Robinson, co-founder and chief scientist at blockchain analytics firm Elliptic, said that it's not possible to demix all CoinJoin transactions. But he acknowledged that some transactions can be traced.
"Yes, Elliptic can also demix Wasabi transactions in some circumstances. However, this does not mean that all Wasabi transactions can be demixed. This is typically possible in situations where the Wasabi user has made a mistake," said Robinson.
Two hundred and fifty-four NFTs were stolen over roughly three hours.
On Saturday, attackers stole hundreds of NFTs from OpenSea users, causing a late-night panic among the site’s broad user base. A spreadsheet compiled by the blockchain security service PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club, with the bulk of the attacks taking place between 5PM and 8PM ET.
The attack appears to have exploited a flexibility in the Wyvern Protocol, the open-source standard underlying most NFT smart contracts, including those made on OpenSea.
First, targets signed a partial contract, with a general authorization and large portions left blank. With the signature in place, attackers completed the contract with a call to their own contract, which transferred ownership of the NFTs without payment. In essence, targets of the attack had signed a blank check — and once it was signed, attackers filled in the rest of the check to take their holdings.
OpenSea was in the process of updating its contract system when the attack took place, but OpenSea has denied that the attack originated with the new contracts. The relatively small number of targets makes such a vulnerability unlikely, since any flaw in the broader platform would likely be exploited on a far greater scale.
ARIVA was drained from a staking contract and swapped for 1,700 WBNB. Ariva’s price dropped 93.7%. The drained funds were then deposited into Tornado Cash. Ariva claims a hack happened to their staking wallet. Ariva says: the losses of our relevant investors will be covered by the Ariva Team
Canada’s national police have sent letters to cryptocurrency exchanges asking them to freeze at least 34 crypto addresses allegedly connected to the Freedom Convoy protests under the Emergencies Act recently invoked by Prime Minister Justin Trudeau. Banks have also received letters about “designated persons” tied to the protests as the police vow to take back Ottawa. The letter to crypto exchanges demands that they “cease facilitating any transactions” with a list of 34 crypto wallet addresses it provides.
Earlier this week, Russia invaded Ukraine in what President Vladimir Putin described as a “special military operation.” Russia is now facing widespread and sweeping sanctions. The European Union imposed sanctions aimed at "Kremlin interests," while U.S. President Biden denounced the invasion as a "premeditated attack," announcing a wave of sanctions aimed at Russia's banks and state-owned enterprises.
So far, the international community has held back from the UK's demand to bar Russia from the SWIFT international payments network. But Bitcoin and other cryptocurrencies could provide President Putin with a means of evading international sanctions and their attendant financial costs.