WOO X temporarily froze withdrawals, before reopening accounts after a security review. They offered a 10% "" to the thief.
Customers of WOO X lose $14 million after exchange compromise
Attackers who compromised devices belonging to a WOO X employee stole $14 million from users of the Taiwanese WOO X cryptocurrency exchange. The phishing attack on the employee gave the hackers access to a development environment, according to statements from WOO X, and the hackers were then able to make withdrawals from customer accounts.
CoinDCX hacked for $44 million
The Indian cryptocurrency exchange CoinDCX was hacked, with attackers stealing around $44 million. The company announced the breach the following day, attributing it to a "sophisticated server breach" and claiming that only company funds were impacted.
BigONE hacked for over $27 million
The BigONE cryptocurrency exchange was hacked for more than $27 million, which the hacker quickly swapped for various other tokens. The attacker compromised one of the exchange's after gaining access to the company's production network. BigONE stated they would fully cover the loss.
Blockchain security researcher zachxbt responded to the hack by saying, "I do not feel bad for the team as this CEX processed a good bit of volume from , romance, investment scams." Elsewhere he suggested that hacks of "sketchy offshore exchanges" would be a positive for the crypto industry, serving as a "natural cleanse".
Arcadia Finance exploited for $3.5 million
The Arcadia Finance margin protocol was exploited for $3.5 million after an attacker found a vulnerability in a project . The attacker quickly swapped the stolen tokens and bridged them from Base to the Ethereum mainnet. The attacker stole the funds in two separate transactions that were more than four hours apart.
Arcadia is backed by Coinbase Ventures. The project acknowledged the hack, encouraging users to revoke permissions.
MoonPay apparently gets scammed out of a $250,000 donation to Trump inaugural fund
In a seizure request filed by the DC Attorney General, the Justice Department outlined how a Nigerian scammer used the classic "lowercase Ls look like uppercase Is" trick to steal $250,000 — apparently from the MoonPay crypto exchange. Using the email address steve_witkoff@t47lnaugural.com, the scammer directed "Ivan & Mouna" to deposit $250,000 in Tether to a specified wallet address. Mouna then replies to confirm the transaction, providing a link to a blockchain explorer. The FBI was only able to recover around 16% of the stolen funds, issuing seizure requests to Tether and Binance that regained control of $40,353.
As it happens, "Ivan & Mouna" match the names of MoonPay CEO Ivan Soto-Wright and CFO Mouna Siala. The crypto address used to send the transaction also appears to be one of MoonPay's company crypto wallets.
MoonPay had told Fox Business shortly before the transaction that they intended to contribute an undisclosed amount to the Trump inaugural fund.
Only weeks after the botched donation, MoonPay was selected as a payment processor for Trump's $TRUMP memecoin.
- "The DOJ Seemingly Outed Top Crypto Executives as Falling for a Nigerian Crypto Scam", NOTUS [archive]
- Complaint in US v. Approximately 40,353 USDT.ETH Cryptocurrency [archive]
Kinto token crashes; community claims rug pull, Kinto claims hack
The price of Kinto's $K token suddenly crashed 90%, sparking accusations of a . A tranche of investor tokens had just been unlocked recently, leading some to speculate that investors dumped their tokens on retail buyers.
However, Kinto blamed the token crash on the exploit that was recently disclosed by VennBuild, claiming on Twitter that "we got hacked by a state actor". Venn seemed to corroborate Kinto's explanation that the crash was related to the exploit, tweeting that although they had tried to warn all vulnerable projects before publicly disclosing the bug, "Sadly the Kinto token was not found despite being vulnerable, and exploited without time to mitigate."
Kinto has announced a plan to try to fundraise to cover a $1.4 million loss in liquidity, then create a new $K token based on a snapshot of previous token holdings.
$2.2 million in user funds stolen from Texture; hacker returns 90%
An attacker exploited the Solana-based lending protocol Texture, stealing $2.2 million in user funds from one of the project's vaults.
Shortly after the attack, Texture sent a message to the thief: "We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%. You made an opsec mistake, but it’s not too late to avoid escalating the situation."
The threat and "" offer apparently worked, and the hacker returned $1.98 million, keeping $220,000 as a so-called "greyhat bounty". "As the hacker has fulfilled their side of the agreement, we will not pursue the matter further," wrote Texture.
Security researchers disclose exploit that put over $10 million across multiple protocols at risk
On July 9, security researchers at VennBuild and other firms disclosed a "critical backdoor" affecting thousands of , which one of the researchers said left "over $10,000,000 at risk for months". The researchers suggested that the backdoor was likely created by Lazarus, a North Korean state-sponsored hacking group.
According to the researchers, they found thousands of contracts affected by the exploit, and worked with multiple protocols to upgrade contracts or withdraw vulnerable funds. The researchers theorized that the attackers were "likely a sophisticated group waiting for a bigger target, not small wins."
GMX exchange hacked for $42 million
The decentralized perpetual exchange GMX has been exploited for $42 million. The exploit involved a vulnerability in one version of the exchange's price calculation . GMX paused some trading while they investigated the hack, and placed other temporary restrictions on the platform.
GMX offered a 10% "" to the hacker if they returned the funds. The attacker later returned $40.5 million in stolen assets; unusually, this is more than the 90% return requested by GMX.
Resupply stablecoin lender exploited for $9.3 million
An attacker was able to exploit a vulnerability in a smart contract used by the Resupply stablecoin lender to extract about $9.3 million from the project. After depositing around $200,000, they were able to inflate the price of another token and borrow almost $10 million.
Resupply announced the theft shortly afterwards, and stated that they had paused the vulnerable contract.
Resupply is a fairly new project, having officially launched on March 20 — about three months before the exploit.