Binance CEO Changpeng Zhao (CZ) warned his 8 million Twitter followers on Dec. 28 that he is “reasonably sure” that API key leaks are taking place at the cryptocurrency trade management platform. I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately. Stay #SAFU. — CZ Binance (@cz_binance) December 28, 2022 The disclosure by CZ followed an incident on Dec. 9, when Binance cancelled the account of a user who complained about losing funds a day earlier. That user claimed …

In this week’s newsletter, read about investment giant Fidelity planning to enter the nonfungible token (NFT) space and how Italy’s NFT market will grow. Check out how North Korean hackers use phishing websites to target NFT holders and listen to a conversation with Crypto Raiders in the NFT Steez podcast. And, don’t forget this week’s Nifty News featuring Japanese gaming firm Square Enix investing millions in an NFT game developer. Fidelity plans NFT marketplace and financial services in the metaverse On Dec. 21, investment firm Fidelity filed three trademark applications to the United States Patent Trademark Office. The trademark filings …

The crypto wallets associated with now-bankrupt trading firm Alameda Research, the sister company of FTX, were seen transferring out funds just days after the former CEO Sam Bankman Fried was released on a $250 million bond. The transfer of funds from Alameda wallets raised community curiosity, but more than that, the way in which these funds were transferred grabbed the community’s attention. The Alameda wallet was found to be swapping bits of ERC20s for ETH/USDT, and then the Ether (ETH) and USDT (USDT) were funneled through instant exchangers and mixers. For example, a wallet address that starts with 0x64e9 received …

Defrost Finance, the decentralized trading platform that suffered a $12 million exploit leading up to Christmas, has denied allegations that it had “rugged” its users as part of an elaborate “exit scam.” On Dec. 23, the platform announced it suffered a flash loan attack, leading to the draining of user funds from its V2 protocol. One day later, another incident saw a hacker steal the admin key for a second “much larger” attack on the V1 protocol. It’s understood the attacker(s) conducted the flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate users. …

According to a letter posted on Chinese blockchain news publisher Odaily.com on Dec. 27, Kevin Como, anonymous CEO of BitKeep, warned that users' private keys are still at risk after a security incident on Dec. 26 led to over $13 million in losses at the time of publication. BitKeep is one of the more popular non-custodial, decentralized finance multi-chain wallets with over 6 million users. Specifically, Kevin wrote: "This was a large and atrocious hacker attack incident. The BitKeep APK 7.2.9 (Android Package Kit) installation package was hijacked and swapped by the hacker, and as a result, some users already …

After recovering the funds lost in a recent flash loan exploit, decentralized leverage-trading platform Defrost Finance is planning to return the funds to their rightful owners, according to a new announcement. In a Medium post, Defrost highlighted that it will soon be refunding the assets to their original holders and will be following a specific process. The process includes converting all Ether (ETH) into stablecoins, like DAI, at the on-chain market rate. Then, all stablecoins will be transferred from the Ethereum blockchain into Avalanche. Apart from these, the team will also be conducting a scan of on-chain data to find …

The Bitkeep exploit that occurred on Dec. 26 used phishing sites to fool users into downloading fake wallets, according to a report by blockchain analytics provider OKLink. The report stated that the attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker. 【12-26 #BitKeep Hack Event Summary】 1/n According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker …

On Dec. 26, blockchain security firm CertiK issued a warning alleging that Defrost Finance, a decentralized leveraged trading platform on the Avalanche Blockchain, is an "Exit Scam." In supporting the decision, CertiK wrote: "On 24 December we have seen an #exitscam on @Defrost_Finance. We have attempted to contact multiple members of the team but have had no response. The team are not KYC'd but we are using all the information that we do have to assist with authorities." The prior day, Defrost Finance suffered a flash loan attack that drained protocol users of $12 million in assets. Immediately after the …

Major cryptocurrency mining pool BTC.com has suffered a cyberattack resulting in a significant loss of funds by the company and its customers. BTC.com experienced a cyberattack on Dec. 3, with attackers stealing around $700,000 in client assets and $2.3 million in the company’s assets, the mining pool’s parent firm BIT Mining Limited officially announced on Dec. 26. BIT Mining and BTC.com reported the cyberattack to law enforcement authorities in Shenzhen, China. The local authorities subsequently launched an investigation into the incident, starting collecting evidence and requesting assistance from relevant agencies in China. The local coordination has already helped BTC.com recover …

While many are still enjoying the holiday season, hackers are hard at work, draining around $8 million in an ongoing BitKeep wallet exploit. On Dec. 26, some users of the multichain crypto wallet BitKeep reported that their funds were being drained and transferred while they were not using their wallets. In their official Telegram group, the BitKeep team confirmed that some APK package downloads have been hijacked by some attackers and have been installed with code that was implanted by hackers. They wrote: “If your funds are stolen, the application you download or update may be an unknown version (unofficial …

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims. Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects. Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, …

Defrost Finance, a decentralized leveraged trading platform on Avalanche blockchain, announced that both of its versions — Defrost V1 and Defrost V2 — are being investigated for a hack. The announcement came after investors reported losing their staked Defrost Finance (MELT) and Avalanche (AVAX) tokens from the MetaMask wallets. Moments after a few users complained about the unusual loss of funds, Defrost Finance’s core team member Doran confirmed that Defrost V2 was hit with a flash loan attack. At the time, the platform believed that Defrost V1 was not impacted by the hack and decided to close down V2 for …