Cryptocurrency Daily Thefoxposts.com

The decentralized finance (DeFi) sector is a financial frontier zone, home to some of crypto’s most risk-on experiments. As a result, few days go by without a dose of DeFi drama. But it’s not all bad news… Backdoor vulnerability left $10M at risk Security researchers at VennBuild announced the discovery of a “critical backdoor” vulnerability, in which suspected North Korean hackers had laid a trap affecting “thousands of smart contracts, leaving over $10,000,000 at risk for months.” We @VennBuild just discovered a critical backdoor on thousands of smart contracts leaving over $10,000,000 at risk for months Along with the help of security researchers @dedaub @pcaversaccio, the seals team @seal_911 and others, we managed to rescue the majority of funds… — deebeez (@deeberiroz) July 9, 2025 Read more: Whitehat hacker rescues $1.5M from first DeFi hack of 2025 Uncovered in conjunction with other researchers from Dedaub and the DeFi Security Alliance (SEAL),...

In the aftermath of Bybit’s $1.4 billion loss — the world’s largest crypto exchange hack — many once-celebrated services are struggling to control the laundering of criminal proceeds. Memecoin generator Pump.fun, permissionless token exchange ThorChain, and many others are trying to comply with Countering the Financing of Terrorism (CFT) and Anti-Money Laundering (AML) rules. Bybit, which once claimed to be the world’s second most popular crypto exchange by trading volume, suffered a $1.4 billion hack on February 21. Its executives signed a malicious transaction that allowed hackers to sweep ether (ETH) from its multi-signature wallets.  As panic set in, customers rushed to withdraw over $4 billion in deposits. Nevertheless, Bybit was able to secure some loans, and as of approximately 12 hours ago, claimed to have replenished liquidity to back customer deposits on a 1:1 basis . Over the past three days, hackers have swapped and liquidated some of the pr...

Crypto exchange Gemini has warned users to monitor their accounts for unusual activity after it confirmed that around 15,000 of its customers might be affected by a breach of its banking partner.  As reported by Bleeping Computer, Gemini began contacting affected customers last month to tell them that its unnamed automated clearing house provider had been breached. It informed the California Office of Attorney General last Thursday.  According to Gemini, “an unauthorized actor gained access to an internal collaboration tool on the bank partner’s system, which may have resulted in the potential disclosure of certain transactional data between June 3 and June 7, 2024.” As a result, “a subset of some Gemini customers’ banking information was potentially impacted as part of the incident.,” the exchange added. UK hacker jailed over $900K Coinbase login scam Read more: Crypto-skeptic Andrew Left of Citron Research charged with fraud This impacted information seemingly includes cust...

Three million dollars in locked bitcoin has been recovered by a Hack ing duo who claim to have ‘ Hack ed time’ to crack a corrupted randomly generated password. The anonymous holder (referred to in the video as ‘Michael’) stored his nearly-44 bitcoin s, worth roughly $5,300 in 2013, in a hot wallet protected by a randomly generated 20-character password created by RoboForm.  Unfortunately, Michael subsequently lost his password after storing it in an encrypted file that was later corrupted. With no way to recover his bitcoin, he reached out to Joe Grand, an electrical engineer running a hardware-hacking YouTube channel.  Grand and his friend, software hacker Bruno, initially turned down Michael’s appeal for help as they claimed they would need to try millions of password combinations in a brute force attack that they said nobody would take on, “no matter how many computers they had.” However, after he reached out again in 2023, the pair eventually ...

Food-themed crypto game Super Sushi Samurai was exploited for approximately $4.6 million today, though it appears to have been a white-hat operation. The project’s token, SSS, contained a vulnerability within its contract that allowed for duplicating balances when making a transfer between the same ‘to’ and ‘from’ address. At the time of writing, the proceeds, 1,310 Wrapped Ether ( WETH ) worth $4.6 million , remain in the exploiter’s address. SSS exploited on blast for ~$4.8m pic.twitter.com/YpVLBYGqw7 — Spreek (@spreekaway) March 21, 2024 Read more: Ethereum’s Dencun causes ‘Blast’ layer 2 outage Super Sushi Samurai had gone live just hours earlier on Blast, the controversial Ethereum layer-2 network, with the SSS token launched on March 17. The project had previously been runner-up in Blast’s recent Big Bang contest. The project’s team confirmed the hack, known as an ‘infinite mint’ attack, stating “Tokens were minted and sold into the LP.” As a result, the token’s va...

Scammers have started targeting Nansen’s customers via email by offering fake airdrops after the firm’s third-party vendor suffered data leak. Cybercriminals are sending out phishing emails to Nansen customers exposed in a recent data breach related to one of the firm’s third-party vendors. According to web3 threat researcher Officer’s Notes, the customer s who were exposed in the data breach have started receiving phishing emails , claiming they are “eligible” to participate in an airdrop from Nansen. Users have reported receiving phishing emails from fake @nansen_ai today… stay safe! FYI @ASvanevik pic.twitter.com/jqVRVE9by9 — Officer's Notes (@officer_cia) November 24, 2023 The fake letter from Nansen says customer s can now claim their $NANSEN token as part of an “exclusive opportunity,” attaching a malicious link. According to reports on X, the scammers are distributing the phishing letters via an email apparently ...

As web3 grows, so do the risks associated with decentralized applications (dapps). Here, we share practical advice to mitigate these risks. At the forefront of emerging web3 technologies are decentralized applications, often called dapps. They use interlinked smart contracts to do specific tasks within the app, running on blockchain as code snippets. They are like a bridge between the current Internet (Web 2.0) and the developing web3. Dapps leverage blockchain technology’s inherent security, transparency, and indelibility to empower users with enhanced privacy and greater control over their data and digital assets. They function as the blockchain counterpart of traditional apps, covering social media, finance, gaming, and more. Though the way you use a dapp might look similar to regular apps, what’s happening behind the scenes is different. Instead of being stored on one big server, dapps are spread across many computers called “nodes” on a blockchain network. T...

The fake Skype application is being heavily distributed on the Chinese internet, the SlowMist Security Team has learned. As many international marketplaces are inaccessible within China due to local regulations, bad actors are actively exploiting this gap, flooding the market with phishing applications targeting crypto investors . According to a blockchain security firm SlowMist, a group of Chinese scammers has recently started distributing a fake version of Skype — version 8.87.0.403 — for Android devices among multiple local marketplaces, such as 51pgzs, siyuetian, and others. They lure victims to believe they downloaded a legit version of the video chat application. Fake Skype application for Android on a Chinese marketplace | Source: Medium Once the malicious application is installed, it obtains images from various directories on the Android phone and monitors in real-time for any new images. All the images stored on the victim’s device are then uploaded to the phish...

The Unibot team says funds lost due to the bug on the new router ‘will be compensated.’ Telegram trading crypto bot Unibot has suffered a token approval exploit, resulting in a loss of $642,000 worth of crypto. In an X post on Tuesday, Oct. 31, the Unibot team acknowledged the attack, saying the hacker exploit ed the token approval mechanism in the new router. The team has paused the router “to contain the issue.” We experienced a token approval exploit from our new router and have paused our router to contain the issue. Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe. We will release a detailed response after investigations conclude. — Unibot (@TeamUnibot) October 31, 2023 According to reports, the exploit er stole over 356 Ethereum (ETH) worth around $642,000 at the time of writing. After the attack, the stolen funds have been moved to Tornado Cash, a sanctioned cryptocurrency mixing protocol...

Blockchain sleuth ZachXBT says Slope Wallet founder Leal Cheung created a new project immediately after the hack. Victims of Slope Wallet hack, which suffered a $4 million loss in August 2022, are “unlikely” to see anything returned given that the team behind the project took no responsibility. A well-known blockchain investigator ZachXBT wrote in an X thread on Oct. 11, that the hacker successfully transferred the stolen crypto from Solana to Ethereum through “Binance nested exchanges.” Later, the bad actor laundered the funds through Tornado Cash, a sanctioned crypto mixer built on the Ethereum blockchain. 1/ What happened to the funds from the @slope_finance $4M hack? Here’s my Analysis tracing the latest movements in 2023 and where the stolen funds ended up going. pic.twitter.com/6gVnqhYaiP — ZachXBT (@zachxbt) October 10, 2023 Trying to cover up the traces, the hacker bridge d the laundered crypto between Ethereum and TRON using SWFT, a cros...