Weekly Crypto Hack Update: Hackers Exploit Mixers, PlayDapp, and Other Targets

The world of cryptocurrencies has been abuzz with activity this week as hackers continue to evolve their tactics. While some infamous groups stick to their traditional methods, others are embracing new and advanced techniques.

Let’s dive into the events of the past week in the thrilling world of crypto hacks, where millions of dollars are being siphoned. Staying informed might just save you!

YoMix Takes Center Stage

In 2023, there was a significant decline in funds flowing into mixers from illegal sources, dropping from $1.0 billion in 2022 to $504.3 million in 2023. This decline can be attributed to the global crackdown on hacking activities, which included the sanctioning and shutdown of well-known mixers like Sinbad and Tornado Cash.

However, the Lazarus Group, a notorious hacking group from South Korea, has cleverly adapted to the changing landscape. With Sinbad no longer in operation, the group seamlessly shifted to YoMix, a Bitcoin-based mixer. This transition showcases the resilience and adaptability of malicious actors who effortlessly pivot to alternative services when their preferred platforms face closure.

PlayDapp: A Double Blow to Blockchain Gaming

It has been a tumultuous week for the blockchain gaming platform PlayDapp, as it faced not one, but two devastating exploits. The first cyber attack resulted in a loss of $31 million, followed by a subsequent attack that saw the theft of a staggering $290 million worth of PLA tokens, the native cryptocurrency powering PlayDapp’s gaming platform and NFT marketplace.

[Notice: PlayDapp Mitigates Secondary Attack] There was a malicious secondary attack involving the additional minting of 1.59 billion PLA tokens. (1/3) — PlayDapp (@playdapp_io) February 13, 2024

The perpetrator behind the PlayDapp heist executed a sophisticated plan, compromising a private key to mint 200 million PLA tokens worth $36.5 million. Undeterred, the hacker struck again on February 12, creating an additional 1.59 billion PLA tokens valued at $253.9 million. This audacious move not only exposed vulnerabilities in PlayDapp’s security but also highlighted the hacker’s persistent access to the company’s systems.

Angel Drainer: Stealing from the Shadows

In a bold move, Angel Drainer targeted 128 crypto wallets, stealing over $400,000. The attack cleverly utilized Etherscan’s verification tool to disguise the malicious nature of a smart contract. Blockaid, a blockchain security firm, discovered that the assault began with the deployment of a malicious safe vault contract.

Today our researchers discovered yet another emerging attack vector from the Angel Drainer group — this time phishing users and leading them to a single Safe Vault contract where 128 wallets have been drained of $403k+ so far. All Blockaid-protected users are safe. pic.twitter.com/niffQDlciG — Blockaid (@blockaid_) February 13, 2024

Duelbits Drama: Suspicious Transactions in the Spotlight

Cyvers, a blockchain security analytics firm, flagged several suspicious transactions originating from Duelbits. This incident, which involved a loss of wallet access control, resulted in a suspicious address receiving $4.6 million from Duelbits wallets on both the Ethereum and BNB chains.

ALERTOur system has detected multiple suspicious transactions with @Duelbits!! Suspicious address received $4.6M from @Duelbits wallets on $ETH and $BNB chains! Please contact us! More information will follow soon! #CyversAlert pic.twitter.com/59ByDLjvrc — Cyvers Alerts (@CyversAlerts) February 13, 2024

The hacker’s attempt to transfer assets from BNB to Ethereum encountered a problem, ultimately exposing vulnerabilities in the system’s gas fees. The hacker used FixedFloat to acquire the necessary funds for the bridging transaction.

And that concludes our roundup for the week. Stay tuned for the next one!

Tags: Hack