Crypto Theft Happens Again
Navigasi - Ethereum-based Stablecoin protocol Beanstalk Farms has been hacked and its cryptocurrency exploited for USD 182 million or equivalent to Rp. 2.6 trillion as of Sunday local time.
|Crypto Theft Happens Again|
The attack was announced on Twitter by blockchain security firm PeckShield, which said the attackers made a loss of at least $80 million in crypto, even though the losses suffered by the protocol were much greater.
The market for stablecoin BEAN, Beanstalk instantly collapsed as a result of the attack. The token Bean also fell 86 percent pegged at USD 1.00.
According to the summary, the attacker took an express loan on the lending platform Aave, which was used to collect a large number of BEAN tokens.
With the voting power afforded by this token, an attacker can quickly send a malicious governance proposal that depletes all protocol funds into his private Ethereum wallet.
According to PeckShield, attackers laundered all stolen funds via Tornado Cash, which allows users to send and receive crypto while obscuring the source.
The BEAN project lead wrote in the summary of the attack in a report.
"Beanstalk did not use a quick borrowing resistance measure to determine the percentage of Stalk that had voted in favor of (the governance proposal). This was a glitch that allowed hackers to exploit the BEAN token," the report said, quoted from CoinDesk, Wednesday (20/4/2022).
Beanstalk smart contracts are audited by blockchain security company Omnicia. However, the audit was completed before the protocol added the security of the express loan, so the theft occurred.
Beanstalk declined to provide details to CoinDesk as to whether funds would be returned to users. According to PeckShield, they said the attackers contributed $250,000 of the stolen funds to a Ukrainian aid wallet.
This is the latest hack in a series of major decentralized finance (DeFi) exploits that have occurred in recent weeks. In late March, Ronin Blockchain Axie Infinity was exploited for USD 625 million in an attack attributed by US officials to North Korea.
Earlier, the Minister of Digital Transformation of Ukraine, Mykhailo Fedorov, thanked crypto donors this Easter. He said each donation was a form of strengthening Ukraine's defense capabilities.
The Ukrainian official tweeted on Sunday local time that the crypto donation was for good and was spent on 200 sets of Class 4 ballistic plates for bulletproof vests.
"The more complete the soldiers, the sooner the day of victory for Ukraine," Fedorov wrote in his tweet, quoted from FX Empire, Tuesday, April 19, 2022.
The currently war-torn country has received millions of dollars in crypto donations since the start of the full-scale invasion of Russia in February 2022. What's interesting is that Ethereum's dominance in distribution has been followed by Bitcoin and Polkadot.
According to a recent Financial Times report, the Ukrainian government has spent half of its crypto fundraising on thousands of bulletproof vests, food rations, helmets and medical supplies.
"(They) deliberately chose to spend funds on non-lethal equipment, so as not to deter future donors," the Financial Times report said.
Aid for Ukraine was formed to accept donations in nine cryptocurrencies, including Bitcoin, Ether, Tether, Solana, and dogecoin. On the second day of the invasion, Fedorov told his deputy to create an official government wallet that could accept payments in cryptocurrencies.
The Ukrainian government has raised more than $100 million in cry pto donations since the start of the war.
While this is small compared to the billions in aid from the IMF and other western governments, Ukraine's deputy digital transformation minister said cryptocurrencies had become "an important tool of war", allowing flexibility and speed.
Many crypto platforms have emerged recently, to act as intermediaries for accepting donations in cryptocurrencies, stablecoins, and NFTs.
Previously, millions of dollars' worth of crypto donations had flooded into Ukraine since Russia invaded, but about half of the humanitarian campaign claimed was a scam, according to a new report by blockchain research firm TRM.
Based on data that TRM collected from 50 different crypto donation campaigns for humanitarian or military funds in Ukraine, fraudulent campaigns made up about half of them.
TRM researchers noted the surge in global attention and the desire of people to donate to Ukraine created an opportunity for scammers to promote fake fundraisers.
Fraudsters use dummy campaign names such as Support Ukraine, Ukraine-Fund, and “Ukraine NOW” to lure donations.
"Most of these scams are quickly identified by researchers and hosting providers, and their sites are removed. They collect from a few hundred dollars to several thousand, before being taken down," TRM wrote in a report, quoted from Yahoo Finance, Monday, April 11, 2022.
The report highlights which indicators they use to identify fake donation campaigns. Twitter reveals a lot of this, with things like unverified accounts managing campaigns and activity like bots.
Meanwhile, a new report by Atlas VPN found crypto blockchain hackers had stolen nearly USD 700 million in just three months of this year. Just this week, a hacker exploited the popular play-to-earn game Axie Infinity for over USD 600 million in tokens.
TRM documented more than USD 135.7 million in cryptocurrencies sent to Ukraine between February 22 and March 28, with new campaign types appearing on Twitter or Discord, or via NFT printing.
Previously, officers from the Federal Security Service (FSB) and the Ministry of Internal Affairs in the Russian republic of Dagestan had identified people suspected of organizing a financial ponzi pyramid scheme. The scheme offers victims a return of up to 500 percent per year on investments in digital assets such as cryptocurrencies.
According to sources quoted by the Russian business daily Kommersant, the suspects are representatives of the Yusra Global project. In addition, Dagestan announced that the fraudulent entity had set up offices in other regions of Russia, Kazakhstan in Central Asia and Turkey. The publication revealed authorities had detained four people in January, all Russian nationals, believed to be behind the Ponzi scheme. They were initially detained for two months but the defendants could face up to ten years in prison on top of hefty fines.
Fraudsters inflate the quote value of digital assets and pay out profits using the funds invested by new participants in the pyramid scheme. They distributed the remaining money among themselves and bought real estate. Initial estimates put the victims' losses at 1 billion rubles, or more than USD 10 million or around Rp. 143.5 billion at current exchange rates. News of the Yusra Global investigation comes after last year, when Russian authorities uncovered the country's biggest financial fraud since the infamous MMM pyramid in the 1990s.