ICYMI - Last week in crypto: Binance Smartchain Hacked, Brazil busts the scammer "Bitcoin Sheikh" and NFT sales reach $1B
Bitcoin Sheikh? More like Bitcoin Shakedown!
In this week's episode of ICYMI, we feature the top stories from the crypto space last week: Binance Smartchain bridge was hacked of a whopping $566M, Bitcoin DeFi protocol Sovryn also suffered a $1M hack while Brazil Authorities clamp down on two notorious scammers—'Bitcoin Sheikh' and 'Bitcoin Pharoah'. Also, Celsius doxxes its customers in a 14,500-page document, and reports from DappRadar show a growing interest in the NFT and GameFi sector.
BNB Chain’s $566M Hack: Binance Chain’s Major Bridge Attack Uncovered
In the late hours of Thursday, the bridge of BNB Chain was hacked for $566 million, and the hacker made off with over $110 million worth of cryptocurrency.
In response to the attack, the BNB Chain team temporarily shut down the network, which says a lot about the centralization problems with the network.
How the BNB Smartchain was Exploited
The nine-figure BNB Chain bridge hack that occurred on Thursday night raised a lot of controversy.
Late on Thursday, an attacker targeted the blockchain network controlled by Binance and was successful in stealing about $110 million worth of cryptocurrency. But even if $110 million seems like a sizable wage for a few hours of effort, the total scale of the exploit is much larger. According to on-chain data, the attacker started the complex breach by tricking the BSC Token Hub bridge of the BNB Chain into delivering them two million BNB tokens, which are valued roughly $566 million.
According to Paradigm researcher samczsun, the attacker effectively forged the bridge's code to make two distinct withdrawals of one million BNB by using a complicated multi-step procedure to exploit a weakness in the bridge. When some residents expressed concerns about the quantity of the withdrawals, the bridge sent the money and carried on as usual. In response, the BNB Chain stopped the blockchain.
Tracking the Hacker's moves
The hacker's actions after the exploit may have been the most intriguing aspect of the attack. Because of the size of the haul, the hacker's options for laundering the money were constrained. This is because larger pots like this usually attract the attention of both authorities and crypto and on-chain investigators. The hacker moved their money around, as evidenced by on-chain data, but they adopted a creative strategy that set them apart from most other comparable crimes.
When it outlawed Tornado Cash in August, the Treasury Department observed that hackers commonly use crypto mixers to siphon off stolen money. The hacker had the option of making a similar maneuver to hide their tracks, but they chose to transfer just under 50% of the proceeds into Venus Protocol, a lending service on the BNB Chain. That might be due to the difficulty they would have had exchanging all of their BNB tokens without affecting the price; Tornado Cash only accepts deposits in ETH, DAI, cDAI, USDC, and USDT, so they would have needed to sell their assets and switch to Ethereum in order to use it.
However on Venus, the hacker was able to borrow almost $150 million in stablecoins by posting BNB as collateral. Because they borrowed centralized stablecoins that can be frozen by their issuers—USDT, USDC, and BUSD—this is an intriguing gamble. At least $6.5 million of the total was blacklisted by Tether, preventing the hacker from withdrawing the USDT they had borrowed. The hacker employed a number of techniques to transfer their assets to other networks, converting a large portion of the loot into ETH.
The hacker transferred approximately $110 million from BNB Chain to six additional Ethereum-compatible networks, including Ethereum, Polygon, Fantom, Avalanche, Arbitrum, and Optimism, according to estimates from blockchain security company SlowMist. Although the hacker left the majority of the takings on the computer, the majority of the transferred cash has not yet been laundered. Given that the stolen BNB might be frozen, they've left a significant amount of money on the table for such a sophisticated attack.
BNB Chain Quick Response to the attack
As news of the attack spread on Crypto Twitter, the BNB Chain team responded to the situation. At 22:19 UTC, the blockchain's official Twitter account acknowledged pausing the network and noted that it had discovered a "possible attack." The team's response was praised by some, with Binance CEO Changpeng "CZ" Zhao expressing his "impression" with the "rapid actions the [team] made." But many have criticized the centralized nature of the blockchain after the decision to stop the chain. The Bitcoin DeFi project Stacks tweeted, "You're meant to be immutable fren." Some people used memes of CZ to infer that he had complete control over the network's validators.
The BNB Chain team claimed in a statement that "decentralized chains are not supposed to be halted," adding that getting in touch with the network's 26 active validators averted further harm.
The network was successfully resumed by BNB Chain after validators were synced early on Friday; the hacker's wallet has since been blacklisted. What will happen to the BNB and centralized stablecoins on BNB Chain, valued at over $426 million at the moment (the hacker still has $254 million in BNB collateralized against $147 million in stablecoins on Venus), is still a mystery. Authorities will probably get involved shortly because of the size of the attack.
In addition to giving a bounty prize of 10% of the recovered assets for identifying the hacker, BNB Chain stated that it will be up to the community to decide whether to freeze the hijacked funds "for the common interest of BNB." In its note, the BNB Chain admitted guilt for the occurrence. "We would like to express our regret to the community for the exploit that took place. This is ours," the message declared.
Bitcoin Defi Protocol Sovryn Gets Hacked for Over $1 Million
Using a price manipulation hack, over $1 million in funds were stolen from Sovryn—a decentralized finance protocol based on Bitcoin, last Tuesday.
Through the hack, the perpetrator was able to steal 44.93 RBTC and 211,045 USDT, totaling over $1 million in cryptocurrency, from the protocol.
The assaults explicitly targeted the old Sovryn Borrow/Lend protocol, according to a blog post on the subject by Sovryn. It had an effect on the USDT and RBTC lending pools.
Cryptocurrency assets with prices correlated to Bitcoin and US dollars, respectively, are RBTC and USDT. They circulate in this instance on Rootstock (RSK), a sidechain designed to increase the scaling, dapp, and smart contract capabilities of Bitcoin. Defi protocol Sovryn is built on RSK.
Since some of the money appeared to have been taken out via Sovryn's AMM swap feature, the attacker obtained a variety of tokens. However, efforts to recover the stolen funds are still active.
“Due to the multi-layered security approach taken, devs were able to identify and recover funds as the attacker was attempting to withdraw the funds,” reads the post. “At this point, through a combined effort, devs have managed to recover about half the value of the exploit.”
After two years of operation, according to Sovryn spokesperson Edan Yago, this is the first successful exploit against the protocol. He insisted that Sovryn had important and ongoing bug bounties and is "one of the most highly inspected Defi systems."
The attack operated by changing the price of Sovryn's iTokens, which are interest-bearing tokens that stand in for a user's holdings of cryptocurrency in a lending pool. Every time a position in the lending pool is acted upon, the price of this token is adjusted.
“The attacker then provided liquidity to the RBTC lending contract, closed their loan with a swap using their XUSD collateral, redeemed (burned) their iRBTC token, and sent the WRBTC back to RskSwap to complete the flash swap,” the post continued.
Throughout the entire procedure, the iToken price was manipulated, allowing the attacker to withdraw more RBTC from the lending pool than was initially deposited.
Sovryn made it clear that the hack had no impact on user funds. Exchequer, the Sovryn Treasury, will replenish any lost value from the lending pools.
Celsius Reveals Names, Transaction Histories of Thousands of Customers in Public Court Document
A court document that surfaced online last Thursday revealed the names of tens of thousands of Celsius users.
The names as well as transaction histories of "tens of thousands" of its customers were made public by the bankrupt cryptocurrency lender Celsius in a court document that is currently making the rounds online. More than 14,500 pages make up the document, which was filed together with a number of other documents as part of the company's continuing bankruptcy proceedings.
The document includes customer names, transaction kinds and amounts, the services the consumer had used, types and numbers of tokens possessed, and more—again, addresses are deleted.
On June 12, the firm temporarily halted withdrawals before declaring bankruptcy a month later.
South Korea's Efforts to Prosecute Terra Employees hit a dead-end
Following the failure of LUNA and UST, South Korea's efforts to prosecute Terra workers may have encountered a major setback last week.
According to reports from Yonhap News on Friday, a local court reportedly dismissed an arrest order for Mr. Yu, who is referred to as a key member of the squad.
It was "difficult to discern the necessity and relevance of the arrest," the court remarked.
On charges of fraud and violating South Korea's Capital Markets Act, prosecutors had asked for an arrest order.
Yu is accused of manipulating the market by artificially inflating trading volumes and changing prices using a bot program.
The prosecution might now start over and think about submitting an arrest warrant application in the future.
South Korea had never before requested an arrest warrant in this instance, and efforts to apprehend Do Kwon are still ongoing.
The co-founder of Terra has less than two weeks to return his passport before it becomes invalid.
Additionally, an Interpol red alert has been issued, giving law enforcement authorities around the world the responsibility of finding and apprehending the 31-year-old.
Brazil Police Busted the ‘Bitcoin Sheikh’ Over $766 Million theft
According to reports last weekend, the Federal Police of Brazil put a stop to a criminal organization run by businessman Francisco Valdevino da Silva, also known as "Bitcoin Sheikh."
In recent years, the perpetrators, according to the authorities, have deceived tens of thousands of people and laundered up to 4 billion Brazilian reals ($766 million).
Another Ponzi Scheme clamped down in Brazil
According to GloboNews, Brazilian law enforcement officers searched the home of da Silva and many of his associates on the assumption that they were responsible for a large cryptocurrency scam that victimized thousands of people both domestically and abroad.
A shady digital asset investment platform purportedly operated by Da Silva (also known as "Bitcoin Sheikh") and his colleagues offered potential investors rewards of up to 20%. The scammers convinced their victims that the organization has a sizable team of crypto experts committed to delivering profits to their investments.
Authorities claim that Da Silva and his group even produced their own tokens, which lacked liquidity or support.
It's interesting to note that some famous people were also victims, including model Sasha Meneghel, who suffered losses of nearly $230,000. Soccer players from Brazil whose names were withheld were also added to the list.
According to the "Operation Poyais" investigation, the scammers have been laundering digital assets worth over $766 million over the previous few years. Along with those possessions, the police seized gold bars, high-end vehicles, and pricey watches from several residences in Sao Paulo, Rio de Janeiro, Santa Catarina, and Parana.
The raid, according to Da Silva's counsel, was "the customary measure in investigations of this sort." Additionally, he said that his client is prepared to clarify his actions "in order to demonstrate the effective regularity and legality of business operations."
Brazilian Authorities Busted 'Bitcoin Pharoah' too
Brazil's Federal Police cracked down on another bogus cryptocurrency platform last summer and detained its executives. Glaidson Acácio dos Santos, also referred to as "Bitcoin Pharaoh," was one of them.
The trading platform offered significant returns to individuals willing to invest their savings in it, similar to the situation discussed above. However, if something sounds too good to be true, it generally is, and the group managed to swindle almost 122,000 people.
The Brazilian government ultimately reached a decision last weekend following protracted judicial proceedings. They mandated dos Santos to pay $3.7 billion in restitution to all defrauded creditors and investors last month.
NFT & GameFi Sectors Show 'Optimistic' Trends —DappRadar
Recent data shows a spike in demand for NFTs and GameFi tokens according to the DappRadar Industry Report released last weekend.
The third quarter's NFT trading volume, which increased to $2.71 billion, is down by 67% from Q2. However, the number of sales has increased by 8.3% since Q2. The most recent DappRadar Industry Report made this information public.
Only in September compared to the previous month, the NFT trading volume increased 10.4%. Additionally, the sales count rose by 21%, showing that there is still strong demand for the NFT industry. On the other side, the total reduction in trading volume might have been influenced by the market value decline of cryptocurrencies.
The introduction of the y00ts collection, which gave Ethereum NFTs a run for their money, was what fuelled the expansion of the latter. Even after a month since introduction, it surpassed NFT giant OpenSea volume charts and generated 435,000 SOL, or approximately $15 million in secondary sales.
Renga is an additional collection that has dominated the NFT market in addition to y00ts.
However, blue chips like Yuga Labs: OtherSide, Bored Ape Yacht Club, Mutant Ape Yacht Club, and CryptoPunks have continued to dominate the market despite significant stagnation throughout the down market. The four projects represent more than 46.21% of the total market capitalization of NFT.
Blockchain-based games have largely been unaffected and have kept making money. Unique address wallet for the week climbed by 8% to 912K from August, indicating a rising trend. According to DappRadar:
“This is an optimistic indication for blockchain games since many have hypothesized that if game dapps cease to be financially advantageous for the ordinary user, they would lose the majority of their player base. It was shown to be false.”