The latest crypto scams, hacks and exploits, and how to avoid them: Crypto-Sec
DMM Bitcoin will reportedly liquidate after $320 million hack
DMM Bitcoin has given up on continuing operations under its current business structure and will liquidate, according to a report from Nikkei Asia. However, customer accounts and assets will be acquired by its parent company, SBI Group.
The liquidation comes after DMM Bitcoin suffered a $320 million hack in May.
The Nikkei report states that DMM Bitcoin will transfer customer deposits to SBI VC Trade, an exchange operator under SBI Group.
The transfer, expected to happen in March 2025, will also include cryptocurrency stocks held by DMM Bitcoin.
The May 31 hack was one of the largest of 2024. The attacker stole the exchange’s private key to one of its hot wallets, allowing them to drain it of 4,502 Bitcoin (BTC).
Blockchain analytics platform Whale Alert initially reported the massive transfer but did not speculate on its cause. DMM Bitcoin later revealed there had been a cybersecurity incident.
In June, the exchange announced that it would raise funds to pay customers back.
Rug pulls are on the rise
Rug pulls, or exit scams, were on the rise in November, according to a Nov. 27 report from blockchain security firm TenArmor. The firm is cautioning Web3 users to be especially careful when considering new investment opportunities, as the number of rug pulls seems to be increasing.
Using its blockchain analytics program, TenArmor looked back at the previous month and found an alarming trend.
While its system had only detected four to six rug pulls per day in mid-October, the number rose to an eye-watering 31 incidents on Nov. 14.
Rug pulls from Oct. 16 to Nov. 14. Source: TenArmor
According to the report, many of the new exit scams involved honeypot tokens with faulty transfer functions, allowing the developer to steal coins belonging to users. TenArmor suggested that users inspect the transfer function on a token’s contract before purchasing it, as this will often reveal scam tokens.
Some of the incidents also involved scammers who created fake versions of popular tokens, the report stated. Users can often avoid fake tokens by checking the official channels of a project to ensure that the token contract address is the same as the one they are interacting with.
DEXX memecoin platform exploited for $21 million
Solana memecoin trading platform DEXX was exploited for $21 million on Nov. 16, according to multiple reports on social media and a detailed analysis from blockchain analytics platform SlowMist.
Memecoin enthusiast Hope reported the attack on X:
Source: Hope
SlowMist shared the post through its MistTrack account and asked victims to report their “stolen addresses” to the platform.
On Nov. 18, SlowMist revealed that it had received over 1,100 reports. From this data, it identified over 900 unique victims, one of which had lost over $1 million, while at least two others had lost over $500,000.
The exchange hasn’t revealed the exact cause of the attack, but some users have speculated that it was caused by a private key leak.
In a post to X, the DEXX team stated it would “immediately provide full compensation” if all the assets were recovered through law enforcement actions.
If the full amount cannot be recovered, then “the specific compensation plan will depend on the amount recovered.”
Judges squash Tornado Cash sanctions
In a victory for both malicious users and privacy advocates, a United States Federal Appeals Court overturned a lower court decision to allow the US Office of Foreign Assets Control (OFAC) to sanction crypto mixing app Tornado Cash.
The panel ruled that OFAC lacks the authority to sanction non-upgradeable smart contracts because they do not fit the definition of “entity” as described in the law, as they are merely lines of code not under the control of an individual or group.
The ruling means that Ethereum nodes operating in the United States and other countries that comply with OFAC sanctions are now free to process Tornado Cash transactions, potentially making them faster to process.
Previously, US nodes only confirmed the transactions after they were first confirmed by nodes in territories where they were legal. This reduced the number of nodes that could include the app’s transactions in a block, sometimes causing users to experience delays.
Tornado Cash is a crypto mixer used to obscure the origin of funds for an account. It is popular with hackers, scammers and other illicit actors, as it can be used to help prevent analytics platforms from determining where an attacker got their funds.
However, it is also used by ordinary individuals who simply want their transactions to be private and are not doing anything illegal.
Tornado Cash has been controversial since its inception. One of its developers, Alexey Pertsev, was found guilty of money laundering by a Dutch court for his role in creating the software. Another, Roman Storm, is scheduled to be tried for money laundering and sanctions violations in April. Storm is currently out on bail while preparing his defense.
Crypto influencer JRNY reportedly hacked for $4 million
Crypto influencer JRNY was the victim of a hack, causing him to lose his private key and $4 million worth of Apecoin (APE), USDC (USDC), HYVE, KARRAT, Ether (ETH) and BYTES, according to a report from blockchain analytics platform Cyvers.
JRNY private key leak data. Source: Cyvers
Cyvers discovered the attack when the victim’s account was flagged for “abnormal behavior” and “suspicious receiver.”
JRNY is a pseudonymous influencer with over 760,000 followers on X and 590,000 on YouTube, who often posts about non-fungible token collections, including Bored Ape Yacht Club. Cointelegraph could not find an acknowledgment of the attack on JRNY’s profiles.
