It is possible that you have heard or read in the press, that some cryptocurrency attacks had recently taken place.
It is true that the cryptocurrency world is often targeted by hackers.
Is there a particular reason for this?
Let's take stock of the latest onslaught and see if it is possible to remedy these security holes or to bypass them.
The Celer Network attack
Celer Network, is a cryptocurrency whose platform of the same name aims to create decentralized applications that are easy to use and very accessible.
On August 17, 2022, it is Cbridge which has been targeted. The bridge to transfer cryptos between blockchains. These are the DNS (Domain name service) that have been hijacked to create redirections of Internet users to the sites of hackers without users noticing that they are no longer on the same website.
That's how $240,000 disappeared in just 2 hours of time!
The amount is less than some attacksAs you can see in this article, only the users' cryptos were in the hackers' sights, not those in transit on the Cbridge.
The attack of Wintermute
Wintermute, an intermediary of cryptocurrency working in collaboration with the crypto trading platformswas subjected, on September 16, 2022, to a cyber-attack of great magnitude. The amount of cryptos stolen amounted to no less than 160 billion dollars.
Once again, this is a Blockchain attackThis is because the traditional centralized finance elements have not been targeted.
The security flaw comes from an address personalization tool on Ethereum, named Profanity.
Thus, from the public addresses (public keys) that had been personalized, it was possible to deduce the private keys of the users' wallets and thus to steal their cryptos.
This is why it is preferable not to use public key personalization tools and instead to use random address generation.
However, it is important to note that the flaw does not come from the blockchainbut the use of an external tool.
The attack of the 44 platforms
On September 23, 2022, an employee of the dydx cryptocurrency exchange platform has posted npm packages on Github a software hosting and development company that has become the world's largest online code repository.
☠️ [PLEASE SHARE] If you use @dydx
@npmjs packages, DO NOT update them to the latest versions as they were compromised: https://t.co/TDjBIQxwLihttps://t.co/9R3vRLJTU3They exfiltrate credentials and steal sensitive data!#javascript #supplychain #cybersecurity #opensource pic.twitter.com/TDtrylumMK
- Maciej Mensfeld (@maciejmensfeld) September 23, 2022
One of the packages sent was present on no less than 44 digital finance platforms.
An npm package (Node Package Manager) is a program that manages Javascript programming libraries for Node.js, contained in a directory. They allow to add functionalities to applications and scripts.
Node is an execution environment for programs in the Javascript programming language.
The problem lies in the fact thatmalicious code was part of the package content and that its purpose was to retrieve the personal data of users in order to send them to an IP address abroad. It is then easy to imagine that the accounts of a very large number of users could be hacked.
Fortunately, a patch has been deployed in a hurry and dydx was able to reassure its users that their data had not been compromised.
At 6:14AM EST, we identified malicious versions published to a number of dYdX NPM packages that were quickly removed.
🔒 All funds are SAFE
Our websites/apps have NOT been compromised
✅ The attack did NOT impact smart contractsWe will follow up with a post mortem asap
- dYdX (@dYdX) September 23, 2022
According to a study by Chainalysis, the cryptocurrency cyber-attacks are experiencing a increase of 60 % since the beginning of 2022 compared to 2021.
The FTX hack
That's no less than $600 million in crypto losses for the FTX exchange platform, which occurred between November 10 and 12, 2022.
FTX CEO John Ray issued a statement through his lawyer, indicating that there was a hack and that law enforcement had been notified.
As a result of the breach, FTX.com and FTX.us have taken steps to move their assets to cold (offline) wallets.
We don't skimp on security
That's why the use of a highly secure wallet is highly recommended.
We advise you to manage your own wallets in order to ensure their security through an offline data storage technology like the one we have implemented on Legapass.
All of your information will be in a offline safe safe from hackers. Your data will be protected via a military grade cryptography thus making them perfectly untraceable and inviolable.
Minimize the risk of hacking of your keys thanks to a physical wallet coupled with an offline software that will ensure its retransmission to your heirs.
So many reasons to use Legapass! Do not hesitate any longer and open your account !
English 
Français 
Deutsch 
Español 
Italiano 
Русский