A wallet suffered a hacker attack, according to blockchain detective ZachXBT. This attack caused a significant loss of US$27 million, or around R$125 million in current values.
The incident mainly involved the theft of USDT, but there is still no evidence of the causes that led to the theft.
According to ZachXBT, a cryptocurrency wallet recently suffered a breach. The attack occurred on November 11th and resulted in the loss of US$27 million from the USDT wallet. The detective stated that the criminals immediately converted the stolen funds from USDT to Ether (ETH).
They then went through a series of transactions on various mixer services, including FixedFloat and ChangeNow. This is a common tactic used by hackers to cover their trail of stolen assets. Finally, the last phase of the theft involved linking these assets to Bitcoin (BTC) through THORChain, a decentralized liquidity protocol.
The origin of the funds adds an intriguing layer to the story. This is because the wallet received the amount through a withdrawal from Binance just a week before the theft.
Delving further into the connection, ZachXBT’s investigation revealed that in May 2019, the same wallet received funds from an address marked by Etherscan as a Binance smart contract implementer. As of the writing of this article, Binance has not yet commented on the theft.
Record losses in 2023
According to the Web3 Security Quarterly report, prepared by CertiK, the third quarter of 2023 saw the most attacks on protocols and wallets. CertiK pointed out that there was more than US$699 million lost in 184 security incidents.
This number exceeds the combined losses of the first two quarters, which saw losses of $320 million in the first quarter and $313 million in the second quarter. In other words, a total of US$633 million in the two periods combined, US$66 million less than in the third quarter.
The report highlights the Lazarus Group, a group linked to North Korea, as one of the most active, responsible for significant losses. The Lazarus Group, known for its sophisticated tactics, targeted the Web3 market this year, resulting in a confirmed loss of at least $291 million. Their strategy relies heavily on social engineering to breach security defenses across multiple platforms.
Finally, another significant factor contributing to this quarter’s losses was private key compromises, responsible for US$204 million across 14 incidents. Incidents involving the Mixin and Multichain networks alone resulted in losses of US$325 million.
Relationship with Binance
Initially, CriptoFácil reported that the wallet in question was related to Binance. However, according to the exchange, “the wallet has absolutely nothing to do with Binance”.
In a note to CriptoFácil, Binance reported that what happened was that the person made a transfer from their Binance wallet to a decentralized wallet and the decentralized wallet was hacked.
“The user made a withdrawal from Binance.com, which was valid and authorized on our platform. Unfortunately, the DeFi wallet that received the withdrawal was compromised. While this is outside of our scope of control, the Binance security team is investigating the matter and we will provide assistance where we can.”
*News updated (11:16 am on 14/11/2023) to include clarification from Binance about its “link” with the wallet in question.