The hackers who stole $190 million from cross-chain bridge Nomad stand to keep up to 10% of the loot and escape civil liability and criminal prosecution. The only caveat: They must return the rest of the money. Then, the firm says, it will label them as white hats and won't pursue legal action.
In the latest weekly update, four editors at Information Security Media Group discuss key takeaways from ISMG's recent Government Summit, how hackers siphoned nearly $200 million from cryptocurrency bridge Nomad and how midsized businesses are the new frontier for ransomware.
Multiple individuals returned a total of $11.4 million of the $190 million worth of cryptocurrency drained from cross-chain bridge Nomad on Wednesday, blockchain security firm PeckShield tells ISMG. Three cryptocurrency wallets currently hold $95 million of the stolen funds, it says.
Hackers are using an unknown exploit to draw down internet-connected wallets on the Solana blockchain. So far, thieves have made off with about $8 million worth of cryptocurrency, predominantly from mobile wallet users of Phantom and Slope. Solana is working to identify the root cause.
Cryptocurrency trading platform Robinhood Crypto will pay $30 million to the state of New York after an investigation revealed deficiencies in its cybersecurity and anti-money laundering programs. The company will also retain an independent consultant who will monitor remediation efforts.
Attackers drained crypto assets worth nearly $200 million on Monday from cross-chain bridge Nomad, a "security-first cross-chain messaging protocol." Experts say the attack occurred after Nomad updated its smart contracts and inadvertently made it easy to spoof transactions.
Commodity markets have created a cryptocurrency bloodbath that may not be over, but Richard Bird of SecZetta says economic patterns in history show that crypto "is not invalidated as a mean of commerce and exchange." He discusses the blockchain and the possible future uses of crypto.
Michael Alan Stollery, the chief executive of Titanium Blockchain, pleaded guilty in U.S. federal court to securities fraud in a scheme involving a fraudulent cryptocurrency initial coin offering in which $21 million was stolen. Stollery faces up to 20 years of imprisonment.
A music streaming blockchain service patched a bug on a smart contract that had gone undetected since 2020. An attacker used it to steal $AUDIO crypto tokens worth nearly $6 million and sold them for more than $1 million. The vulnerability wasn't detected by multiple smart contracts security audits.
The U.S. Department of Justice unsealed its first insider trading case involving cryptocurrency markets, marking an escalation of traditional oversight. The case comes as a federal jury convicted a New York man for defrauding investors who bought into his supposed cryptocurrency.
Halborn raised $90 million to expand its audit and penetration testing services and more effectively safeguard the crypto industry. The proceeds will bolster its protection for cryptocurrency lending protocols and better defend the money flowing into and out of the cryptocurrency ecosystem.
Premint NFT platform users became victims last weejend of one of the biggest NFT attacks ever. The company says an open-source vulnerability led to the compromise of its website, resulting in its users losing about $500,000 worth of blockchain assets.
Thieves behind a phishing campaign targeting investors into a cryptocurrency exchange got away with at least $8 million. The attack took advantage of human credibility, not a cybersecurity exploit in the Uniswap protocol, experts say. The stolen funds are being laundered in a cryptocurrency mixer.
Crema Finance has published its compensation and recovery plans following last week's $8.8 million hack on the Solana blockchain-powered concentrated liquidity protocol. The hacker has returned the stolen funds in exchange for a bounty offered by the company.
A new Android malware that can steal financial data, credentials, crypto wallets, personal data and cookies; bypass multifactor authentication codes; and remotely control infected devices is targeting online banking customers and financial institutions, cybersecurity researchers at F5 Labs say.