Weekly Crypto Hack Update: Hackers Exploit Mixers, PlayDapp, and More

The cryptoverse has been buzzing with activity this week, as hackers evolve their tactics from the old to the cutting-edge. While some notorious groups stick to their traditional ways, others embrace new and advanced methods.

Join us as we unravel the events of the past week in the thrilling world of crypto hacks, where millions are siphoned. Being in the know just might save you! 

YoMix Takes the Stage

2023 witnessed a notable decline in funds flowing into mixers from illicit addresses, plummeting from $1.0 billion in 2022 to $504.3 million in 2023. A significant contributor to this change has been the global crackdown on hacking activities, including the sanctioning and shutdown of notorious mixers like Sinbad and Tornado Cash.

The Lazarus Group, a notorious hacking outfit from South Korea, has ingeniously adapted to the changing landscape. With Sinbad out of commission, the group seamlessly shifted to the Bitcoin-based mixer, YoMix. This transition underscores the resilience and adaptability of malicious actors who effortlessly pivot to alternative services when their preferred platforms face closure.

PlayDapp: A Double Blow to Blockchain Gaming

In a tumultuous week for the blockchain gaming platform PlayDapp, it faced not one but two devastating exploits. The first cybersecurity breach resulted in losses of $31 million, followed by a subsequent attack that saw the theft of a staggering $290 million worth of PLA tokens, the native cryptocurrency powering PlayDapp’s gaming platform and NFT marketplace.

The perpetrator behind the PlayDapp heist executed a sophisticated plan, compromising a private key to mint 200 million PLA tokens worth $36.5 million. Undeterred, the hacker struck again on February 12, creating an additional 1.59 billion PLA tokens valued at $253.9 million. The audacious move not only exposed vulnerabilities in PlayDapp’s security but also highlighted the hacker’s persistent access to the company’s systems.

Angel Drainer: Stealing from the Shadows

In a daring move, Angel Drainer targeted 128 crypto wallets, pilfering over $400,000. The attack cleverly utilized Etherscan’s verification tool to mask the malicious nature of a smart contract. Blockaid, a blockchain security firm, revealed that the assault began with the deployment of a malicious safe vault contract.

Duelbits Drama: Suspicious Transactions in Focus

Cyvers, a blockchain security analytic firm, flagged several suspicious transactions originating from Duelbits. The incident, involving a loss of wallet access control, led to a suspicious address receiving $4.6 million from Duelbits wallets on both the Ethereum and BNB chains.

The hacker’s attempt to bridge assets from BNB to Ethereum encountered a hiccup, ultimately revealing vulnerabilities in the system gas fees, the hacker used FixedFloat to acquire the necessary funds for the bridging transaction.

Thus we complete the roundup for the week, stay tuned for the next one!