Cryptocurrency

Hacker Actively Laundering Stolen Crypto After Exploiting Liquidity Provider for $6,700,000: PeckShield

Hacker Actively Laundering Stolen Crypto After Exploiting Liquidity Provider for $6,700,000: PeckShield

A hacker has started laundering digital assets that were part of the $6.7 million theft from the liquidity provider TrustedVolumes, says cybersecurity firm PeckShield.

PeckShield says that new data shows the hacker has started moving hundreds of thousands of dollars worth of Ethereum (ETH).

“The TrustedVolumes exploiter has laundered $278,000 in stolen funds so far: they deposited 10.2 ETH ($23,600) to TornadoCash and laundered 110 ETH ($250,000) via THORChain to BTC; they also attempted to deposit 0.5 ETH to Railgun but changed their mind and sent it back. TrustedVolumes was exploited for ~$6.7 million on May 7th.”

TrustedVolumes says that it is willing to negotiate a resolution with the hacker. The firm also lists three wallet addresses with two holding approximately $3 million and one $700,000 worth of the stolen crypto assets.

“We were recently exploited…

We are open to constructive communication regarding a bug bounty and a mutually acceptable resolution.”

Blockchain security firm QuillAudits says that the hacker was able to drain millions in a single transaction by exploiting a design flaw in the platform’s custom order-settlement system.

“TrustedVolumes operates as a 1inch market maker and resolver, providing on-chain liquidity through a custom Request-for-Quote (RFQ) proxy…

In an RFQ model, a maker pre-signs orders, quoting a specific price for a specific token pair. A taker presents that signed quote to the settlement contract, which verifies the signature and executes the swap atomically.The system relies on three guarantees working in concert, the maker must have authorized who can sign orders on its behalf, each signed order must be filled only once (replay protection), and the token source for the fill must be the authenticated maker’s own inventory, not an arbitrary third-party address.

In the TrustedVolumes implementation, all three guarantees failed simultaneously, and the attacker exploited them in a single composed transaction.” Follow us on X, Facebook and Telegram
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Surf The Daily Hodl Mix

 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney

The post Hacker Actively Laundering Stolen Crypto After Exploiting Liquidity Provider for $6,700,000: PeckShield appeared first on The Daily Hodl.

Read More

Related Posts

Banking Africa – Cantor8 Moves Deeper Into Africa’s Mobile Money Sector via Yiksi Limited

Banking Africa – Cantor8 Moves Deeper Into Africa’s Mob...

Mike Novogratz’s Galaxy and Sharplink Launch $125M Ethereum-Powered DeFi Yield Fund

Mike Novogratz’s Galaxy and Sharplink Launch $125M Ethe...

SNC Scandic Coin (SNC) Project Launch – Real Assets Meet Digital Utility

SNC Scandic Coin (SNC) Project Launch – Real Assets Mee...

Aptos Pushes Encrypted Mempool Upgrade to Protect Users From Frontrunning and Censorship

Aptos Pushes Encrypted Mempool Upgrade to Protect Users...

Roaring Kitty’s Deleted X Post Triggers 90% Crash in RKC Meme Coin

Roaring Kitty’s Deleted X Post Triggers 90% Crash in RK...

BASIS.pro Is Live: Base58Labs Officially Launches Crypto Arbitrage Platform

BASIS.pro Is Live: Base58Labs Officially Launches Crypt...