Flash Loans and Duplicate Websites Continued to Plague Crypto Platforms in July
Over July, there was a flurry of sophisticated cyberattacks within the crypto industry. Cybercriminals continued to exploit a variety of attack vectors in the pursuit of siphoning off digital currencies.
These cybersecurity concerns come from a range of sources. Blockchain and cryptocurrency are vast and offer a variety of vectors for attacks.
Over the last month, these include issues of relaxed security practices, users not understanding security measures, and DeFi protocols continuing flash loan issues.
The crypto trading platform vulnurability
Contrary to popular belief, Mac OS is susceptible to malware just like any other operating system. Even though Microsoft Windows OS is the worlds’ standard operating system, Apple’s are thought to be more secure.
This is because they are built upon the architecture of the Unix kernel. Thus, making intrusions more difficult for the common hacker. However, recent events have put this belief to the test.
Previously, researchers at ESET discovered various unsuspecting websites spreading malware disguised as legitimate cryptocurrency trading applications for the Mac platform.
A closer inspection led researchers to find that the purpose of the malware was to leech information from browser cookies, crypto wallets and perform secret screen captures.
Fake trading apps certainly aren’t something new. In late 2020, Trend Micro reported a similar instance of fake trading applications targeting the Mac OS platform. These attackers were using to lure unsuspecting users and steal their information.
After stripping the malware down to the source code, the ESET researchers who made the more recent discovery concluded that this attack method was a new campaign of the one reported on my Trend Micro.
The threat actors rebranded the Kattana trading application by assigning it new names and duplicated the Kattana website. This made it appear identical to the original.
Creating duplicates bearing different names isn’t a difficult task. However, judging between websites masquerading as official sites for a product has become a common-place tactic hackers are using to trick users.
DeFi’s flash loan problem
On July 15, the Bondly Finance decentralized finance (DeFi) platform notified its users via Twitter that an unidentified party had compromised their platform.
They sent out the urgent warning, “STOP TRADING BONDLY.”
They told users they were actively working on remediating the issue as hackers exploited their liquidity pools. The threat actor then minted 373 million BONDLY to transact on the open market, leading to an 82% price crash.
DeFi has seen its fair share of exploitation in the past, mostly through shady flash loans and insider fraud before Bondly found itself on the hit list of cybercriminals.
A flash loan is a kind of uncollateralized lending that is exploitable by criminals. It can allow them to undermine DeFi protocols to steal millions of dollars. The transactions take place instantaneously because the funds borrowed are returned within the timeframe of one transaction.
A reccuring DeFi event
Oftentimes innovation leads to convenience. However, when convenience replaces security, it creates security holes. These, in turn, become ripe opportunities for crafty thieves to abuse.
The Cross-chain decentralized exchange (DEX) THORChain was recently bled of $5 million. This marked the exchange as a ripe target for cyber thieves. This is the third attack this year and for the second time within a week.
THORChain announced on July 16 that it lost somewhere around 4,000 ETH.
As flash loan exploits continue to roll out, this multi-million dollar cyber heist has become another target in the growing index of abused protocols.
PolyBunny Finance also found itself on that index of targets in July. An attacker slipped away with 1,281 ETH after successfully executing a flash loan crypto attack. This resulted in the theft of $2.4 million.
PollyBunny stated that the attack carried a loss of 2.1 million BOLLYBUNNY tokens. This subsequently caused the value of the token to drop just below $2 from $10.
Speaking broadly about approaches to cybersecurity, Johna Till Johnson, CEO and Founder of Nemertes Research explains that cybersecurity should focus on protecting against attacks rather than just protecting resources.
“Part of the problem with cybersecurity is that there’s this mindset that it’s about protecting cyber-resources. So the question is, well, what do we have to do to protect cloud-based resources because they’re all in the cloud. That’s exactly the wrong way to think about things,” she explains.
“Cybersecurity has meant and always, always has meant, and should mean that you are protecting the organization against cyber-based attacks. So, in other words, it’s not about protecting cyber resources. It’s about protecting from cyber-based attacks,” she said.
Cybersecurity issues trickle into offline concerns
Blockchain and cryptocurrencies have issues with their use by illegal networks, including terrorist groups.
These offline security concerns are apparent in the online crackdowns by government agencies. Either through regulation or raids, where possible.
In July, Israel’s National Bureau for Counter Terror Financing (NBCTF) seized several wallets allegedly held by members of Hamas. This came after a large spike in crypto donations to Hamas back in May during a time of elevated conflict between the group and Israeli forces.
A future blockchain security concern — Quantum Computing
While there are concerns about blockchain and security, the inherent benefit is found in its use of cryptography. These complicated mathematics provide a level of protection against human hackers, resulting in the various work-around exploits already discussed.
However, Johnson points out that there is a future threat to the security of blockchain, quantum computing.
“What I worry about with blockchain and all cryptocurrencies is whether quantum computing is going to blow it out of the water because essentially, in layman’s terms, blockchain counts for its very existence on the fact that certain things, you know, certain cryptography, simply can’t be hacked by computers known to man,” she explained.
“And the problem with quantum computing is that assumption is now false. So basically, one side of the argument is, well, quantum computing is actually going to destroy blockchain. The other side of the argument is now. They’ll shift all of their cryptography over to quantum cryptography. Therefore, it’ll be an arms race,” Johnson said.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.