Frontal - Weekly Digest | 27 August 2022
Frontal - Blockchain and Web3 Frontliners
The Future of Cybersecurity. Securing One Block at a Time.
Stay informed with Frontal's Weekly Digest. All you need to know about the Blockchain & Web3 space is right here.
In this week's digest, you'll learn about:
1. Don’t trust your coins to anyone, Ledger CEO warns
The Ledger CEO ( Pascal Gauthier ) said that until people begin using decentralized technology, control over assets and data will remain in the hands of the big tech giants and centralized intermediaries.
Speaking to Cointelegraph at Surfin’ Bitcoin 2022 on Thursday, Gauthier said that the recent collapse of centralized exchanges has showcased why investors shouldn’t rely on intermediaries to manage their digital assets.
While most actors are well intended, Gauthier said “the [crypto] industry is too young,” the current state of the economy is “under stress” and, if necessary, intermediaries will?continue to prevent investors?from accessing their holdings in times of need, citing the?now bankrupt Celsius as a textbook example:
“Don’t trust your coins and your private keys to anyone because you don’t know what they’re going to do with it.”
Gauthier admitted the bad news added “fuel to [their] business,” but reinforced that people need to “move their coins before it’s too late.” Though Gauthier, unfortunately, noted that people in crypto often need to “get burned a little bit” before learning the hard way.
2. Alleged Tornado Developer Pertsev Must Stay In Jail, Dutch Judge Rules
Pertsev’s arrest for involvement in the now-sanctioned crypto mixer generated consternation in the Web3 community
Alexey Pertsev, accused of facilitating money laundering via the now-sanctioned Tornado Cash app,?must stay in jail for at least a further 90 days, a judge in the Netherlands ruled Wednesday.
Pertsev, 29, was arrested Aug. 10 on the orders of the Dutch authorities, just two days after the U.S. Treasury Department sanctioned the currency mixing service, which it linked to over $1 billion in illicit transactions and to North Korean hackers.
The arrest has generated consternation from the Web3 community, which has warned it could have a chilling effect on those developing open-source software, and on those who have legitimate reasons to use mixers, which keep crypto transactions private.
Alleged Tornado Cash Developer Must Stay in Jail; Judge Approves Voyager Paying 'Retention' Bonuses
3. NFT Exchange SudoRare Goes Dark After $820,000 Rug Pull
SudoRare, a fork of the popular NFT exchanges SudoSwap and LooksRare built by an anonymous team, has scammed users out of about $820,000 worth of various crypto tokens.
SudoRare was live for only six hours before executing the rug pull and taking down its website and all affiliated social media accounts.
领英推荐
SudoRare Disappears With $820,000
After numerous warnings that SudoRare could be a scam did the rounds on Crypto Twitter, the anonymous team behind the decentralized NFT exchange has pulled the rug. The theft has defrauded users of about $820,000 worth of ETH and other crypto tokens.?
According to?on-chain data, the incident occurred early Tuesday, only about six hours after SudoRare went live. The exchange, which was spun up as a fork of the NFT marketplaces?LooksRare?and?sudoswap?by an anonymous team,?was supposed to allow users to create liquidity pools for NFT collections and collect fees by staking the project’s native token SR. However, soon after going live, the team “pulled the rug,” crypto terminology for stealing funds from users and disappearing without a trace. Shortly after making off with the $820,000, the platform’s website and Twitter disappeared.?
The culprits behind the attack?withdrew?about $315,700 in WETH, $200,000 in XMON, and $314,700 worth of LOOKS tokens from the exchange before swapping the assets for ETH and moving the funds to three Ethereum wallets. Blockchain security firm PeckShield has traced the attacker to a wallet funded by the centralized exchange Kraken. “The actor behind SudoRare rugpull seems a @krakenfx user,” the firm?said?on Twitter today, providing on-chain evidence of the connection.
4. More than $100M worth of NFTs stolen since 2021
The firm reported that although the market downturn had caused the value of NFTs to “slump,” scammers stole an estimated 4,647 of the tokens in July 2022.
Cryptocurrency risk management firm Elliptic has released a report suggesting that scammers stole more than $100 million worth of nonfungible tokens, or NFTs, starting in 2021.
In its NFTs and Financial Crime report released on Wednesday, Elliptic said crypto users had been the victims of roughly $100.6 million worth of scams related to NFTs in the 13-month period from July 2021 to July 2022. The firm reported that although the market downturn had caused the value of NFTs to “slump,” scammers stole the most tokens in July 2022 — estimated to be 4,647 assets — and the most value in May 2022 at roughly $23.9 million.
According to Elliptic, the most valuable NFT theft the firm verified as part of its analysis was a CryptoPunk valued at $490,000 at the time it was stolen in November 2021. In December 2021, scammers were able to pilfer “16 blue chip NFTs worth $2.1 million” from a single victim in the crypto space.
The report stated that individuals had laundered more than $8 million in illicit funds through NFT platforms since 2017, while more than $328 million went through?cryptocurrency mixers including Tornado Cash, sanctioned by the United States Office of Foreign Asset Control in August. The controversial mixer reportedly processed $137.6 million worth of crypto from NFT platforms and was “the laundering tool of choice” for the majority of scams.
It’s unclear how close the aforementioned figures were to the true value of crypto and NFTs involved in scams, as many go unreported or are identified after the fact. Elliptic reported more than 2,000 NFTs were stolen at a rough value of $20 million in April 2022, but the fake airdrop?targeting Bored Ape Yacht Club NFT holders?accounted for an estimated tens of millions of dollars stolen at the time. Elliptic's data suggested that scammers removed $58.1 million worth of Ape NFTs from the Bored Ape Yacht Club and Mutant Ape Yacht Club in July 2022.
5. Bitcoin ATMs hijacked by the mystery threat actor
A cryptocurrency ATM manufacturer has been hacked by an unknown party in what could be a reprisal for its declared support for Ukraine against the Russian invasion.
The attacker was able to remotely create a user admin account and use this to hijack “two-way ATMs” operated by General Bytes that convert crypto to cash and vice versa, forcing them to intercept legitimate transactions by other customers and reroute the money to his or her own account.
General Bytes has issued a security patch for the exploit – a bug that hackers can use to illegally access a target machine – and warned its customers not to use their ATMs until they have run the update.
The ATM manufacturer, which services cryptocurrency users worldwide in 40 denominations, claims the unknown attacker did not gain access to its database, host operation and filing systems, or any passwords or private keys.
It has deactivated the ATMs and asked all users to reset passwords, modify and upgrade their servers and firewalls, and review access permissions before using its terminals again.
“The attacker was able to create an admin user remotely [...] via a URL call on the page that is used for the default installation on the server,” said General Bytes.
The attacker then modified the two-way machines using their wallet and the “invalid payment address” settings to make them forward funds to the attacker’s wallet when customers sent cryptocurrency to an ATM.
Earlier this month, General Bytes updated a statement on its website in support of Ukraine and giving its customers the option to transfer funds directly to fund the war-torn country.
“General Bytes stands with Ukraine and opposes the Russian invasion into that sovereign nation,” it said. “If you agree with this political statement, we’ve made it possible for you to aid Ukraine directly yourself.”