Crypto November 2022 Report: What the facts when No.2 CEX has a meltdown.
First of all, May this December be a good month for many people And with the reader’s good health. in the past November Many things happened in the crypto world. And the hardest thing is inevitably the bankruptcy of the world’s second-largest cryptocurrency board, CEX. What impact did this have and how severe is it?
FTX Bankruptcy & assets drained out from FTX around $600M
First, the bankruptcy of FTX, the world’s second-largest exchange CEX, and an event that had assets drained from FTX worth around $600M.
FTX filed for bankruptcy (chapter 11) on approximately 11 November. Most users cannot make transactions to withdraw funds from the platform. This is similar to the Quadrica incident where users were unable to withdraw large sums of money and subsequent collapses occurred. As a result of the investigation, Quadrica mismanaged and misused user assets, but FTX was similar, with unusual money flows to Alameda Research. I think we should wait for the full report to investigate the responsible government agencies again.
But shortly after news of FTX’s bankruptcy filing, FTX’s Community Telegram announced that “FTX has been hacked and asks users not to access the app or website.”
The admin announced this message in FTX’s Official Main Telegram Group, which caused a lot of confusion and shock among users. Because previously the user’s assets could not be withdrawn from the platform. which occurred before the bankruptcy filing
Around the same time, There have been alerts and reports about an unusual transaction with around $600M of assets out of FTX, a very large transaction. to an unknown address It was later reported that the destination address was not FTX’s address.
After the incident, Ryne (FTX General counsel) issued a statement. But it seems that he is still unaware of the facts of what happened at that time.
At the same time, a Twitter Space Hosted by Mario Nawfal allowed people to discuss the Assets Drained event from the FTX Exchange, with celebrities such as Elon Musk and others involved in the matter talking
After that, there was a statement about the incident. The question is, why is there an incident where FTX’s assets can be accessed without being able to identify the accessor? how the heck has this is happened?
I would like everyone to try to question. the world’s No.2 exchange with a large number of employees. Shortly after declaring bankruptcy Some of the assets around $600M were transferred to an unknown destination wallet. Do you think this is a coincidence? And assets are either bridge/convert/proxy to other wallets. This is extremely frightening. FTX is a big company. I think the major authorities in the US should be very scrutinized about this.
November 2: Deribit hot wallet was hacked for $28M
Deribit was hacked with an estimated $28M worth of hot wallets on the night of Nov 2, 2022.
After the incident, Deribit Exchange upgraded its security and resumed withdrawal transactions.
On November 3, 2022, Deribit Exchange once again enabled hot wallet withdrawals, all hot wallets migrated to Fireblocks, a wallet as a service provider that specializes in cryptocurrency security digital assets
November 2: Rubic Exchange was exploited loses over $1M in funds even admin wallet private keys using malicious software
Rubic Exchange, a cross-chain service provider integrated with multiple projects, has been exploited in a way where admin private keys have been leaked using malware-laden software. The question is, is this true? no?
The SECURI LAB questioned that admin wallet access should typically be multi-sig, with at least how many signatures must be required to allow transactions. So it is very unlikely to steal the all admin wallet.
November 2: Solend oracle attack on USDH resulting in $1.26M in bad debt
Solend, a Solana-based lending service provider, was attacked by Oracle infrastructure. This resulted in people being in bad debt or being liquidated, with damages estimated at $1.26M.
November 3: Skyward Finance treasury drained contract exploited on Near Protocol
November 4: pGALA on BSC misconfiguration of the p.Network bridge
pNetwork bridge protocol issued a statement regarding misconfiguration Affecting pGALA on the BNB Chain (Previously Binance Smart Chain), which is estimated to affect the pGALA ecosystem approximately 12,977 BNB affected. However, pNetwork has taken a snapshot and attempted to recover the loss.
November 11: Zootopia Finance's potential rug pull of almost $1M has out from total value locked (TVL)
Zootopia Finance expects a rug pull that caused approximately $1M in damage to platform users. The incident took place around 30 OCT — 2 NOV 2022 when Total Value Locked (TVL) experienced a sharp decline. in a short time After the incident, Zootopia Finance’s Twitter channel disappeared, which was typical for rug pulls.
November 11: DFX Finance suspicious activity in the DFX Contracts
November 14: Skyrex & 3commas Third-party API service provider has unexpected trading on their accounts [Positive Phishing Attack]
CZ Binance tweeted about three instances where users experienced abnormal trading on their accounts following a request from a 3rd party API. Those users may be exposed to a phishing scam attack where their API Key has not been hacked in any way.
About SECURI LAB
SECURI LAB is a group of cyber security experts Founded in 2018, we are security researchers with more than 3 years of expertise and we started out as a consultant to organizations on cybersecurity. We use highly reliable and industry-leading inspection tools.
Follow SECURI LAB On:
Website: https://securi-lab.com/
Twitter: https://twitter.com/SECURI_LAB
Telegram: https://t.me/securi_lab
Medium: https://medium.com/@securi
For those who are interested in running an Audit Smart Contract, we currently have a special discount of up to 30%, please contact us for the best offer.