BitBunny app offers users Bitcoin rewards for walking

Linear Finance Dealing With LUSD ExploitLinear Finance, the Hong Kong-based DeFi protocol, made an announcement by way of a blog post published to the project’s website on Thursday, suggesting that the project’s native stablecoin, LUSD, has come under attack.Photo by Markus Spiske on UnsplashTaking precautionary actionThis security breach has prompted the team to take immediate action to safeguard user accounts and the project’s integrity. The project team is actively investigating the exploit attack on LUSD. It has issued a stern warning to its users, advising them against buying or trading LUSD until the team can confirm the situation’s status.This measure is aimed at preventing further complications and ensuring the community’s interests remain protected. Furthermore, the project has temporarily suspended liquidations to secure users’ accounts. This step has been taken to mitigate immediate concerns and ensure that no user faces undue losses as a result of the exploit.Assets disposed on PancakeSwap & AscendexAmid the ongoing investigation, Linear Finance’s team has pledged to provide timely updates as soon as more information becomes available. In explaining away the nature of the attack, the project team clarified:”The attacker was able to mint an unlimited supply of LAAVE and subsequently traded the liquid asset to LUSD on the Linear Exchange, prior to selling it on PancakeSwap and Ascendex.”Project responseIn its efforts to deal with the issue, the Linear Finance project team has engaged an on-chain data specialist to track down the attackers. The Linear bridge contract has been disabled relative to LUSD. All protocol contracts that allow tokens to be minted, exchanged, or burnt have been paused. Meanwhile, wallets identified as having been involved in the protocol exploit have been shared with the authorities and major cryptocurrency exchanges.Synthetic asset protocolLinear Finance creates synthetic assets with the protocol design enabling unlimited liquidity. The network has been built on top of the Ethereum blockchain. As a consequence of activity surrounding the exploit, trading of LUSD over the course of the past 24 hours has proven to be out of the ordinary. At the time of writing volume over the past 24-hour period had increased by 8412%. The current market price of the stablecoin stands at $0.9874.Protocol and network hacks and exploits have been coming in thick and fast in recent days. Hong Kong crypto exchange CoinEx has been trying to recover from a $70 million hack on the platform over recent days. Meanwhile, Seychelles-headquartered peer-to-peer crypto platform Remitano suffered a $2.7 million hack late last week.On Wednesday, the project team behind DeFi protocol Balancer warned network users that the Balancer front-end user interface was under attack. The Ethereum-based DeFi network fell victim to another exploit last month, resulting in losses in the region of $900,000.In the dynamic crypto sector, unforeseen events like potential exploits can disrupt the market and sow uncertainty. The issue remains a major challenge both for centralized exchange platforms and DeFi protocols.

In the aftermath of the massive $235 million hack of the WazirX cryptocurrency exchange on July 18, users and stakeholders are grappling with its devastating consequences. The breach, which compromised a significant portion of the exchange’s reserves, has led to a series of legal, financial and security-related challenges, leaving millions of users uncertain about the future of their funds. The hack and its aftermathWazirX, once a leading Indian cryptocurrency exchange, lost approximately $235 million due to a breach in one of its multi-signature wallets. This included significant amounts of Shiba Inu (SHIB), Ethereum (ETH) and other assets. The hack crippled the exchange, forcing it to temporarily shut down operations and seek a restructuring process under Singapore's insolvency laws. The WazirX hacker has since begun laundering the stolen assets through Tornado Cash, a crypto mixer known for obscuring transaction details. According to blockchain security firm Cyvers, the hacker transferred over 5,000 ETH (approximately $12 million) to a new wallet and laundered $10 million in Ethereum through Tornado Cash. This mirrors the tactics of the North Korea-backed Lazarus Group, which has used similar methods in past high-profile crypto thefts. Photo by GuerrillaBuzz on UnsplashUsers seeking redress and government interventionAs the victims of the hack face uncertainty, over 4 million active WazirX users are expected to suffer a loss of at least 43% of their funds due to the restructuring process. Frustrated by the lack of action from Indian authorities, many users have sought help from Indian Prime Minister Narendra Modi, who was visiting Singapore at the time. Users took to social media to air their grievances and demand justice, urging the government to intervene. WazirX co-founder Nischal Shetty, who is based in Dubai, added to the confusion by stating that he does not know who is responsible for safeguarding user crypto funds on the platform. His statement has fueled outrage among users, who feel abandoned by the exchange’s management. Legal and ownership disputesAmid the chaos, WazirX is also battling a legal dispute over its ownership with Binance, the world’s largest cryptocurrency exchange. Shetty has repeatedly claimed that Binance acquired WazirX, granting it significant control over the platform's operations. However, Binance founder Changpeng Zhao (CZ) refuted these claims in 2022, stating that the acquisition deal was never completed. The uncertainty surrounding the ownership of WazirX has further aggravated users, many of whom are demanding a clear statement from Binance. So far, Binance has remained silent, neither confirming nor denying its involvement. This ambiguity has intensified calls for clarification, with users fearing that a lack of transparency may worsen their chances of recovering their funds. Partial withdrawals and restructuring effortsIn response to the crisis, WazirX has initiated phased withdrawals for users, allowing them to access 66% of their Indian Rupee (INR) token balances. Initially set for September 9, the withdrawal window was moved forward, offering some relief to users. However, many are dissatisfied with the partial access to their funds and are questioning when full crypto withdrawals will resume. WazirX’s legal team has indicated that users may recover only 55% to 57% of their crypto holdings, sparking further discontent. Meanwhile, the exchange has filed a moratorium application in the Singapore High Court, seeking a six-month reprieve from legal actions as it works on a restructuring plan. Looking aheadAs the WazirX saga unfolds, the future of the exchange and its users remains uncertain. The legal battles, ownership disputes and the ongoing laundering of stolen assets pose significant challenges to the platform's recovery. For now, users can only hope that the restructuring process will bring them closer to recovering their lost funds and that authorities will step in to provide clarity and resolution. 

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have jointly issued an advisory to raise awareness about the escalating use of cryptocurrency drainers in cyberattacks. The advisory aims to inform citizens about the threat and provide recommendations to protect against such attacks, with a specific emphasis on utilizing hardware wallets for enhanced security. Cryptocurrency drainers represent a form of malware that specifically targets crypto wallets. These malicious tools are often employed in phishing attacks to illicitly extract funds from users' wallets without proper authorization.Photo by Junrui Wu on UnsplashDrainer-as-a-service threatOf particular concern are commercial crypto draining kits, which empower less experienced cyber-criminals with sophisticated malware at no upfront costs. Operating on a drainer-as-a-service (DaaS) model, attackers share a predetermined percentage of the stolen funds with the service provider. The SPF and CSA underscored that crypto-drainer-related attacks typically originate from phishing campaigns. These campaigns commonly involve infiltrating verified social media accounts or dispatching fraudulent emails to users from compromised databases of major service providers. Unsuspecting victims who click on phishing links are redirected to counterfeit trading websites that prompt them to connect their Web3 wallets. Subsequently, a malicious smart contract is injected into the victim's system, enabling hackers to withdraw funds without additional authorization. MS Drainer and Inferno DrainerWhile no such attacks have been reported in Singapore to date specifically, the advisory acknowledges the rising recognition of this threat among hackers. Notably, an off-the-shelf crypto drainer called MS Drainer contributed to hackers stealing $59 million worth of cryptocurrency in 2023. Last month, Singapore-based cyber security firm Group-IB produced a report concerning the Inferno Drainer operation. According to the company’s research, the malware operation led to the theft of $80 million in digital assets globally, until the developers behind it shut it down last November. In December, the Pink Drainer hacking group notched up another victim, to the tune of $4.4 million in LINK tokens. Last week blockchain security firm Scam Sniffer reported that $10 million in digital assets had been stolen in phishing-related incidents over the course of just five days. Hardware walletsTo counteract these threats, Singapore authorities recommend the use of hardware wallets as a security measure against wallet drainer attacks. Additionally, the advisory instructs crypto investors to conduct thorough research before engaging with cryptocurrency services or platforms. Singaporeans are encouraged to report any suspicious incidents related to crypto drainers or phishing attacks to both relevant authorities and crypto service providers. In the event of a security breach, victims are urged to revoke any suspicious token approvals and promptly transfer their remaining funds to a different, secure wallet address to prevent further losses. This proactive approach aims to empower individuals with the knowledge and tools needed to navigate the risks associated with crypto drainers and foster cybersecurity awareness within the cryptocurrency ecosystem. As the threat landscape evolves relative to digital assets, this advisory serves as a valuable resource to educate citizens about the risks posed by crypto drainers.