In the fast-paced world of cryptocurrencies, security breaches and exploits are unfortunately not uncommon. The past 24 hours have seen several incidents come to light, reported by prominent security firms PeckShield and CertiK. Let’s delve into the recent hacking news and understand what transpired.
1. EraLend Exploit on zkSync:
An alert from PeckShield reveals that EraLend, a decentralized finance platform, fell victim to an exploit on zkSync. Approximately $1.7 million worth of USDC was exploited. The exploiter transferred the funds to Tornado Cash, an anonymity-focused platform on the Binance Smart Chain.
2. FLARE Token Bridge Exploit:
PeckShield’s community contributor also reported an exploit involving the bridging of 500 ETH (worth $1 million) from Ethereum to Binance Chain. The attacker then swapped these for approximately 5,000 BNB and transferred them to Tornado Cash as well.
3. Alphapo Hot Wallet Drainer on TRON:
PeckShield’s alert highlights the transfer of approximately 58 million TRX tokens (equivalent to $4.7 million) from the Alphapo hot wallet on the TRON network. Some of the stolen funds were subsequently sent to exchanges like Bitget and Bybit.
4. NFT Phishing on Blur:
In another concerning incident, PeckShield reports a case of NFT phishing on Blur. This involves the theft of tokens numbered 4177 and 9137 from the Milady Maker project. The stolen tokens were utilized by a fake phishing account.
CertiK Skynet Alert:
CertiK Skynet provides details about an exploit targeting EraLend, leading to a loss of approximately $2.7 million. The attacker executed a price manipulation attack using flash loans, borrowing 14,080,109 USDC and 7,566 ETH. The assets were then sent to the address SyncSwapVault, which appears to be a deposit.
The attacker took advantage of a vulnerability in the zkSync Era nUSDC contract, manipulating the price oracle during the borrowing process. By exploiting the reentrancy vulnerability, the attacker managed to borrow more assets than intended before repaying the flash loan.
After the exploit, the stolen funds were moved to wallets on Ethereum, Arbitrum, and Optimism.
These recent hacking incidents highlight the ongoing security challenges in the crypto industry. It is crucial for users and projects alike to remain vigilant and implement robust security measures to prevent such exploits. Security firms like PeckShield and CertiK play a vital role in identifying, analyzing, and raising awareness of these incidents. As the crypto industry continues to evolve, it becomes increasingly important to prioritize security and foster a safe environment for participants.