A phishing attack targeting users of popular crypto data sites like Etherscan and CoinGecko was found.
Affected users received prompts to connect their MetaMask wallets to a website called “nftapes.win”.
"The situation is caused by a malicious ad script by Coinzilla, a crypto ad network - we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don't connect your Metamask on CoinGecko.”
"Interim we've taken immediate action to disable the said 3rd party integration on Etherscan,” - Etherscan
DexTools, another crypto-focused app site, is also affected. In its tweet, DexTools appeared to blame a crypto ad platform known as Coinzilla.
"We are disabling all ads until the situation is clarified by @adsbycoinzilla. Please be aware and don't sign suspicious requests at your wallet. DEXTools does not automatically request any permissions."
Two lending platforms, Venus Protocol on BSC and Blizz Finance on Avalanche, have been drained of $13.5 and $8.3M, respectively.
As the LUNA price continued to plummet, the Chainlink price feed used by the protocols became inaccurate, allowing funds to be borrowed against vastly overpriced LUNA collateral.
Neither project had existing failsafe mechanisms in place, and even though it appears the alarm was raised in advance, preventative measures weren’t established in time to prevent losses.
The failed UST recovery plan crashed the price of LUNA to fractions of a cent, down from an ATH of almost $120, just over a month ago.
However, the Chainlink oracle, used as a price feed by both protocols to value collateral, contained a minimum price (minAnswer) for LUNA hardcoded at $0.10.
As the price dropped below this, anyone was able to buy up large quantities of LUNA at market price and use it as collateral (valued at $0.10) to borrow funds from the platforms.
Venus, with a TVL of ~$1B, was (luckily) able to suspend activity before being totally cleaned out. There is currently an active proposal to resume functionality, but with LUNA and UST positions suspended.
70 million N3DRs were sold by hackers. the exact operation has been detailed by security company @Blocksec. We will also closely investigate whether it is specifically an INSIDE job.
The attacker somehow accessed the private keys for the owner's address and was able to make calls to the Operator contract which has method(s) to call
N3DR.emergencilyTransfer(). This way exploiter could be able transfer tokens from any address to any other address.
It was exploited by calling emergencilyTransfer() function in the N3DR contract. However, this emergencilyTransfer() function was not in the scope of the audit conducted by QuillAudits. The function was added after the completion of the audit process.
ONE OF OUR STAKING CONTRACTS WAS BREACHED.
What we know: ARTIS Staking Pool effected. Hacker withdrew liquidity ARTIS rewards and sold to Quickswap pool.
We will release all information after a full investigation has been performed and contacting our Audit Partners.
WE PLAN ON FULLY RESTORING ALL STOLEN FUNDS.
THIS ISN'T TERRA, WE WILL FIX THIS. PLEASE BE PATIENT IN THE MEANTIME.
According to PeckShield: The vulnerable tokensReceived() function does not validate the caller
Mee6 says they weren’t hacked