High-profile hacker attacks in the last 2 years
Table of Contents
Why do people hack into each other and try to take over other people's information and assets? What are the benefits they are after? In this article, we'll talk about that as well as the nature of hacking and the latest high-profile cryptocurrency scams.
Hackers - who are they?
To begin with, let us outline who hackers are, what they are and how many of them there are in general in the Internet space.
A hacker is a user who decided to take possession of information, software, assets and other data of another user or company in an illegal or unauthorized way. It makes sense that they emerged as soon as people started to actively use computers. It was around the 90s, not yet the heyday of the Internet, and there was never any talk of cryptocurrency.
The hacker movement first manifested itself in America. In 1996 John Perry Barlow wrote the article “A Declaration of the Independence of Cyberspace”. With this message, the author, on behalf of all users, called on the government to respect boundaries and freedoms on the Virtual Web. It was a kind of subculture, spreading aggression in different ways: deleting data, posting viruses and the like.
The reasons why the hacker movement emerged in the first place:
- The emergence of many computer firms;
- Widespread access to computers by hobbyists;
- Vulnerable software to attacks.
- Increased media attention to cyber-attacks.
Conventionally, hackers can be divided into black-hat and white-hat.
White-hat hackers are like positive players in the arena - they test the security of computer systems. They just specialize in finding vulnerabilities in the software in order to further minimize malicious attacks.
Black-hat hackers are those who deliberately bypass the system and do minor or tangible damage to it.These actions are for their own benefit, financial enrichment. And from this it follows that this is a crime. Fraud and illicit enrichment in its purest form!
It would seem that after 2020 developers and programmers have reached a high level of security and protection, visible progress on blockchains, but hacker attacks have not decreased.
Let's talk about attacks on blockchain projects in the last two years (2020-2022).
In September 2020 there was an attack on KuCoin, which it managed to withstand. A centralized exchange that found a vulnerability, and the attackers used decentralized protocols. We know that decentralization is built on functioning without human help or control, and transactions are easy to disguise. The worst part is that it was not easy to trace where the assets went. But then we found out that they had been sent to two different addresses. In total, the hackers caused a loss of $280 million. BTC, ETH, XRP, USD, ERC-20 tokens and other coins were stolen.
After inspections and recovery, the company promised that it would return users their finances. And it kept its word, 84% were returned. Even law enforcement agencies had to be involved to conduct a total inspection and catch the culprits.
KuCoin has created a special program about security and consequences in such cases to improve the security of support for other projects.
By the way, not only centrally managed platforms are being hijacked. PancakeSwap (a decentralized company) was attacked in March 2021. The amount of damage is unknown, as it is still impossible to calculate the number of users who clicked on the fake site and entered the code phrase. The attacker committed DNS hijacking. Such action can be performed using special programs or by changing server behavior. This method is often used by hackers, but technology has advanced - they can be identified by certain traces.
As soon as the team discovered the hack, it notified all social media outlets that users should never enter passphrases or private keys to avoid stealing assets.The attack targeted the appearance of the site, but not the smart contracts themselves, which made the team's plight much easier.
Right now, the PancakeSwap site has a warning message at the top saying that the link that users clicked is correct. Stay vigilant!
Poly Network Hack
And then (you will not believe it!) there was an attack where the hacker decided to return the stolen funds himself. In August 2021, another respected decentralized project, Poly Network, was hacked. Independent analysts have calculated a fabulous loss of over $600 million. At that point, it was the largest amount in the history of hacks.
This platform connects different blockchains and deploys chains of smart contracts. The attacker found a vulnerability by initiating a transaction between the chains, substituted function concepts and replaced the address. Assets were redirected to 3 addresses.
The development team attempted to recover the funds and asked the hackers to return someone else's. And the intruder responded, saying that he did not need the money at all, it was all done just for fun.
In August 2021, the Liquid exchange was hacked. According to analysts, the damage was estimated at 97 million dollars in tokens! In this situation, a hacker (or a group of individuals) transferred assets to 4 different wallet addresses. Notably, both centralized exchange platforms and decentralized ones were used to hack and transfer some funds. This was followed by announcements from the team, investigations and other warning actions.
Liquid is now fully restored and functioning as before.
And this is already this year. In January 2022 Crypto.com was attacked, the damage was more than $30 million. More than 400 users lost funds from their wallets. The team suspended withdrawals for 14 hours, launched its own investigation, and added a new anti-theft feature (canceling unauthorized transactions within a day). The company also stated that it had reimbursed users for losses and created a new infrastructure with respect to user protection. An additional layer of security was implemented and audits were conducted. We are convinced of how important two-factor authentication is in such cases.
Ronin Bridge Hack
In the spring of 2022, the bridge was attacked in duo with the Ronin wallet, which are based on the Ethereum blockchain and are tightly linked to the gaming sphere (in particular the game Axie Infinity). Fast transactions with minimal costs and user-friendliness...also gave the detractors a hard time. The loss is $620 million. The North Korean hacker group Lazarus took possession of closed validators and didn't discover the loss until a week after the attack. The team, after investigating and following typical procedures, announced that they had restarted the bridge and returned users their assets. So far, this is the largest loss so far in 2022.
Pontem is notable for its security and reliability. This advantage makes us a proven Web3 project. For example, The Move Language (which Pontem is based on) is the most secure smart contracts language and will probably become a standard after Solidity.