Several crypto platforms targeted in multimillion-dollar attacks

A handful of crypto platforms have been hacked over the last 24 hours, resulting in millions of dollars in stolen funds, a day after a brazen attack on the platform Nomad nearly emptied its coffers.

The incident that drew the most concern was a wide-ranging attack on thousands of digital wallets. Blockchain security firm PeckShield told The Record that more than 7,000 cryptocurrency wallets had been attacked, leading to a total theft of about $8 million, mostly in Solana's SOL coin.

The money was sent to four distinct wallets tracked by multiple security firms. Solana later confirmed that about 8,000 wallets were drained. 

This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.

Updates will be posted to https://t.co/ivyoIbdCDP as they become available. 2/2

— Solana Status (@SolanaStatus) August 3, 2022

There were initial rumors that the total monetary value of the stolen coins reached $580 million, but that was quickly debunked, with security companies focusing on the major coins taken and not those with artificially inflated prices. The coins stolen included SOL, Ethereum, Bitcoin, and two cryptocurrencies pegged to the U.S. dollar: USDT and USDC.

“So far, the loss is estimated to be $8 million, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued [at] $570M),” PeckShield said, using a pejorative term for a cryptocurrency overvalued by its creators.

Solana denied that the attack originated from a vulnerability in its core code but “in software used by several software wallets popular among users of the network.”

The attack targeted wallets on a variety of platforms, including Slope, Trust Wallet and Phantom, which released a message on Twitter saying the team “does not believe this is a Phantom-specific issue.”

Solana’s co-founder Anatoly Yakovenko theorized that it was a supply chain attack, which reaches a target by first attacking a third-party, on iOS and Android users.  

Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are slope, but a few phantom users as well.

— toly (@aeyakovenko) August 3, 2022

The attack reignited the debate over “cold” and “hot” wallets within the cryptocurrency community.

Hot wallets are connected to the internet and allow users to easily trade and send cryptocurrency while cold wallets involve USB drives that are used to hold cryptocurrency and must be plugged in to be accessed. While cold wallets are considered safer, there have been several stories over the years of people losing access to millions worth of crypto simply because they lost their drive or forgot the password.

Several victims of the hack took to Twitter to lament the significant loss of funds, with many saying they lost thousands invested in SOL. 

Nomad urges return of stolen funds

The attack on Solana wallets comes shortly after the crypto platform Nomad was robbed of more than $156 million in cryptocurrency after dozens of hackers targeted a vulnerability in a recent update.

In a statement to The Record, Nomad said it is working with law enforcement and blockchain analysis firm TRM Labs to trace the stolen funds, identify recipient wallets, and coordinate the return of funds.

The company said it was also partnering with nationally regulated custodian bank Anchorage Digital to facilitate the return of stolen funds. They provided a specific Anchorage wallet address where white hat hackers can return the stolen funds. 

They also reiterated a warning that fraudsters and imposters may purport to be associated with Nomad in an effort to steal funds being returned to the platform. 

PeckShield said blockchain data shows that about $9 million of the estimated $156 million has been returned to Nomad.

#PeckShieldAlert PeckShield has detected ～$9m has returned into @nomadxyz_ Funds Recovery Address, including 100 $ETH (~$164k) from address with ENS name bitliq.eth, ~3.78m $USDC, ~2m $USDT, ~15.8m $CQT (~$1.38m), ~1.2m $FRAX (~$1.2m), 200 $WETH (~328k), ~150k $DAI and etc. pic.twitter.com/Bpyjt7jnek

— PeckShieldAlert (@PeckShieldAlert) August 3, 2022

Other platforms allegedly hacked

Blockchain security firms have found that two other crypto platforms – Reaper Farms and ZBExchange – have also dealt with multimillion-dollar hacks over the past two days.

About $1.8 million in cryptocurrency was stolen from Reaper Farms, according to PeckShield and blockchain security firm SlowMist.

Reaper said a vulnerability in their platform was exploited, but they were able to recover about 10% of the stolen funds and are in the process of creating a compensation plan for any affected users.

“It was a very simple mistake with dire consequences – validation of the receiver account was not accurate, allowing anyone to withdraw anyone else’s funds,” the company explained in a post-mortem statement.

“I’d like to apologize profusely to users affected by this exploit, and we will work on a recovery plan to ensure you are all made whole.”

Meanwhile, on Tuesday cryptocurrency platform ZBExchange was forced to suspend deposits and withdrawals “due to the sudden failure of some core applications,” following an alleged attack from hackers.

ZB users,
Due to the sudden failure of some core applications, we’re currently responding to these issues.
To keep your assets secured, we have temporarily suspended Deposit and Withdrawal services while we resolve the issue.
We will provide an update once completed.
Thank you

— ZBExchange (@ZBexchange) August 2, 2022

The company did not respond to requests for comment but wrote in an update that it would take time to troubleshoot the issue. They urged users not to deposit any cryptocurrency before the platform recovers fully.

PeckShield pegged the platform’s losses at nearly $5 million.