The Crypto Hack Storm: Massive Funds Stolen and North Korean Attack Tactics Evolving

According to PeckShields monitoring statistics, in August 2024, over 10 hacking incidents occurred in the crypto sector, resulting in a loss of approximately $313.86 million. The two largest hacks involved unauthorized transfers (phishing), accounting for 93.5% of the total stolen funds, amounting to $293.4 million.

Top 5 hacking incidents in August:

Phishing: $238 million (BTC)

Phishing: $55.4 million (DAI)

Ronin: $12 million (recovered)

Unauthorized transfer: $5.1 million

Nexera: $1.83 million

The data shows that the average monthly stolen funds in the crypto sector exceeded $200 million this year.

First Major Hack in September: Penpie Attack

According to Beosin Alert, the DeFi protocol Penpie, built on Pendle, suffered a hack resulting in the theft of approximately $27 million in crypto assets. Beosins analysis revealed that the attacker exploited the claimRewards function in the market contract, using a reentrancy attack to inflate the staking contract balance and extract surplus staked assets.

Summary of the attack process:

1. The attacker created an attack contract and built the corresponding market contract via the official factory.

2. The attacker called the batchHarvestMarketRewards function to update market rewards.

3. During the reward update, the claimRewards function was called back, allowing the attacker to stake flash-loaned assets, creating a discrepancy in the staking contract and extracting the surplus.

4. The attacker withdrew the staked assets and repaid the flash loan for profit.

Most of the stolen assets were Ethereum derivatives (e.g., wstETH, agETH, rswETH). The attacker converted the bulk of the stolen assets into 11,109 ETH ($26.95 million), with 1,000 ETH ($2.42 million) laundered through Tornado Cash. The initial funds used by the attacker were also traced back to Tornado Cash, making it difficult to identify the source.

The stolen assets, aside from the 1,000 ETH already laundered, are stored at the following addresses:

0x7a2f4d625fb21f5e51562ce8dc2e722e12a61d1b (holding YT assets worth $0.85 million)

0x2f2dDE668e5426463E05D795f5297dB334f61C39 (holding 10,113 ETH)

The Penpie team has left messages on-chain, requesting communication with the hacker and offering not to pursue legal action if the funds are returned, though there has been no progress so far. Seven hours after the attack was detected, Pendle successfully patched the vulnerability.

Pendle stated, “In response to the security breach, we swiftly paused our contracts, effectively protecting around $105 million.” The Pendle contracts have since resumed normal operations.

FBI Exposes North Korean Attacks on Crypto DeFi Through Social Engineering

On September 3, 2024, the FBI issued a warning, highlighting that North Korean hackers are increasingly targeting the cryptocurrency industry, particularly DeFi companies. These attacks utilize advanced social engineering techniques, such as thorough research on victims through social media and job platforms, to create convincing lures like job offers and investment proposals. The hackers build trust over time before eventually sending malicious software to steal crypto assets.

The FBI confirmed that these hackers use fake GitHub profiles and forged national identities to craft highly personalized fake identities, gaining employment within crypto companies. Once inside, they deploy malware to attack the companys assets. The FBI advises crypto companies to remain vigilant when verifying identities, record all interactions with potential attackers, and report any suspicious activity to law enforcement. As North Korean tactics continue to evolve, individuals and companies in the crypto industry should be cautious about the information they share on social media.

In summary, the increasing frequency of hacking incidents and the evolution of attack techniques underscore the ongoing critical importance of security in the crypto and blockchain sectors.

Which of the following are common security threats in the crypto space？ (Multiple selections)

A. Social engineering attacks

B. 51% attacks

C. Drone attacks

D. Smart contract vulnerabilities