Tag:

Breach

Unknown Worlds sues former leadership team for breach of employment and "fiduciary duty of care"
Esports

Unknown Worlds sues former leadership team for breach of employment and “fiduciary duty of care”

by admin


Unknown Worlds is suing its former leaders Charlie Cleveland, Adam McGuire, and Ted Gill for breach of equity purchase agreement, breach of implied covenant of good faith and fair dealing, breach of employment agreement, and breach of “fiduciary duty of care” in their capacity as directors.

Parent company Krafton sent GamesIndustry.biz a link to a heavily redacted copy of the filing in which the three former leaders of Unknown Worlds are accused of “openly threaten[ing] Krafton with litigation, and expressly demanding and prioritizing a release date for Subnautica 2, writing: “they demanded the Earnout, not the early access release that would best entice the gaming community into the Subnautica 2 world. Personal (not Company) goals were the priority for [them].”

Details of the legal complaint against Krafton, Inc. by the former leadership of Subnautica 2 developer Unknown Worlds became public last month. The complaint concerns a $250 million bonus payout tied to revenue targets for the 2025 Early Access release of Subnautica 2, which the former shareholders of Unknown Worlds Entertainment, represented by Fortis Advisors LLC – allege owners Krafton, Inc. sought to avoid paying out by delaying the game using “pressure tactics”. The publisher said it had “requested a delay” in releasing the highly-anticipated sequel in early access to “safeguard the quality of Subnautica 2 and maintain player trust.”

This subsequent lawsuit accuses the three former leaders of then threatening to self-publish Subnautica 2, “releasing it without Krafton’s backing, marketing, promotion, or distribution.” This, Krafton claims, left it with “no choice but to terminate their employment.”

The company also alleges that McGuire, Gill, and Cleveland downloaded tens of thousands of “company files” and emails in the lead up to these terminations. “These downloads were, by far, the largest downloads for each of the three Key Employees at any time since at least 2022,” Krafton added, and said the former leadership “refused” to return “or at the very least confirm” what devices and confidential information remained in their possession.

“When pushed, the Key Employees threatened to delete files and again refused to provide access to their devices containing Confidential Information for inspection,” the publisher added.

The 74-page complaint also reiterates Krafton’s former position that Cleveland and McGuire had “checked out” of developing Subnantica 2, leaving Gill unable to “overcome to complete abdication of the Subnautica 2 creative and technical leadership team.”

Read our timeline of the former Subnautica 2 leads versus Krafton here.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
Crypto Trends

Massive Data Breach Hits Billions of Logins Across Google, Facebook and GitHub

by admin



In brief

  • A major data breach has exposed sensitive information, sparking fresh concerns about cybersecurity.
  • The previously unreported data breach has exposed more than 16 billion login credentials.
  • Experts warn that poor adoption of multi-factor authentication and passkeys leaves users vulnerable.

A previously unreported data breach has exposed more than 16 billion login credentials, making it one of the largest compilations of stolen personal data ever discovered.

First reported by Cybernews, the trove of data includes credentials for widely used services, including Facebook, Google, Telegram, and GitHub, as well as access to corporate, developer, and government websites.

Researchers from Cybernews said the information likely comes from a mix of infostealer malware logs, credential stuffing databases, and previously repackaged leaks.

“This is not just a leak – it’s a blueprint for mass exploitation,” Cybernews researchers said in a statement. “With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.”

Google, Facebook parent Meta, and GitHub did not immediately respond to Decrypt’s requests for comment.

An info-stealer is malicious software that secretly collects sensitive data—such as passwords, financial information, and browser activity—and sends it to cybercriminals.

Unlike keyloggers, info-stealers not only capture what a victim types but also scan systems for stored passwords, cookies, autofill data, and other exploitable information.

The researchers identified 30 datasets, each ranging from tens of millions to more than 3.5 billion records. The average dataset contained around 550 million entries.

According to Cybernews, the datasets were briefly exposed online through unsecured cloud storage. While they were quickly taken down, the exposure was enough for the datasets to be collected and analyzed.

The individuals or groups responsible for the leak have not been identified.

In a separate incident, Coinbase disclosed in May that a breach in December affected more than 69,000 customers. That same month, the crypto exchange was targeted by cybercriminals demanding a $20 million Bitcoin ransom for stolen customer data. Instead of complying, Coinbase launched a $20 million bounty to track down the attackers.

“They then tried to extort Coinbase for $20 million to cover this up. We said no,” Coinbase said in a statement at the time.

Experts warn that data breaches pose serious risks to individuals and organizations, particularly those that lack strong cybersecurity practices, such as multi-factor authentication and routine password updates.

“Not all sites force password reset upon breach discovery,” a security expert told Decrypt. “People reuse passwords all the time, or variants of them, making them easy targets.”

The expert, speaking on condition of anonymity, noted that the latest leak will most severely impact smaller websites and individual users with limited cybersecurity resources.



A Preventable Breach?

While the scale of the breach is alarming, the root cause isn’t new or particularly sophisticated, and could have limited impact on those using two-factor authentication, password managers, and passkeys as essential defenses.

“Normal users will be impacted,” the expert said. “Users with 2FA will be fine.”

Multi-factor authentication in the form of mobile apps like Google Authenticator and Microsoft Authenticator adds a critical layer of security by requiring users to verify their identity through an additional method, such as a text message code, app notification, face ID, or fingerprint.

Passkeys, a newer alternative to traditional passwords, eliminate the need for login credentials entirely by using cryptographic keys stored on a user’s device. Passkeys are “origin-bound,” meaning they only work with the specific website or service for which they were created.

Passkeys are considered more secure and less vulnerable to phishing attacks, and are being adopted by industry giants such as Google, Amazon, Apple, and Microsoft.

Edited by Sebastian Sinclair

Generally Intelligent Newsletter

A weekly AI journey narrated by Gen, a generative AI model.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Demonschool is like Into the Breach meets Persona, with a horror twist
Game Updates

Demonschool is like Into the Breach meets Persona, with a horror twist

by admin


Just a couple minutes into the Demonschool demo, I caught myself distracted; this game, developed by indie studio Necrosoft Games, packs such a banger soundtrack and appealing aesthetic that those areas alone warrant your attention. Luckily, Demonschool also thrives on a ton of substance to accompany that flashy style.

Demonschool is an upcoming isometric RPG built on tactical battles and war-like strategy. Battles are split between two phases: planning and action. The planning phase requires players to prepare their attacks on the battlefield, select placement, allocate attack points to damage foes, and position party members to drive back opposing forces, which consist of demons, gangsters, and everything in between; meanwhile, the action phase is what results from the player’s strategic planning and the enemy’s response.

Furthermore, the battles have unique elements; player units can only move on the battlefield in a straight line unless they’re using an ability called Sidestep; attacks often push back other characters upon impact, which can work in your favor, depending on your positioning.

Image: Necrosft Games

A battle reaches its conclusion upon either the player closing a demonic portal and defeating a specific number of demons or the opposition breaching the barrier between the demon hellscape and Earth. If it sounds like there is a lot to the battles in Demonschool, it’s because there is. The mechanics can be a bit challenging to master, and fights can be brutal to win on the first try, so make sure you practice patience in learning this tough yet rewarding combat system. But once things begin to flow, the whole battle experience feels like an old-school strategy puzzle game infused with bits of RPG-flavored mechanics. And, according to Demonschool’s creative director, Brandon Sheffield, that particular feeling was the whole point of the game’s design.

“The core design of the battles came initially from a tactics puzzle prototype – I was trying to devise the smallest tactical game I could,” Sheffield told RPGFan. “Things evolved from there to where the focus became a tactics game where you don’t have to make a lot of clicks or confirmations. That’s how I landed on the idea of moving your character and having them automatically do whatever sort of action is applicable when they reach an enemy.”

Playing the demo reminded me of franchises like Persona with its school setting, a distinctive UI with flared text that recalls Danganronpa, and even Mega Man Battle Network and Into the Breach for the game’s incessant focus on rigid and tactical grid-based combat. Still, even with so much inspiration oozing from this new game, Demonschool manages to create a unique experience that sets it apart from these titles in a fresh, innovative way.

Image: Necrosft Games

The game’s new demo offers a chance to experience both aspects of school life and combat, with the player controlling a girl named Faye, who leads a group of her classmates, Destin, Namako, and Knute, on a mission to retrieve a demonic paintbrush.

While gaining new levels and abilities were not included in the demo, the game drove home the concept of exploring the real world and demon realm while teaching players how to make the best use of their time during a typical school week. Some side quests introduced the ability to build bonds between Faye and her friends, leading to better chemistry on the battlefield.

Oh! And there are even mini-games in the demo showing off a beloved staple of the RPG genre: fishing. While the mini-game is rather cozy, engaging, and somewhat challenging, the fish designs are pretty horrific, perfectly encapsulating what Demonschool is all about.

The game was first announced back in 2022 but Demonschool will finally arrive on PC, Epic Games Store, PlayStation 5, PlayStation 4, Xbox Series, and Nintendo Switch in Q3 2025.





Source link

0 comments
0 FacebookTwitterPinterestEmail
An abstract image of a lock against a digital background, denoting cybersecurity.
Gaming Gear

More than 3 million records, 12TB of data exposed in major app builder breach

by admin



  • Passion.io, a major no-code app-building app, operated a non-password-protected database
  • The archive contained millions of records, with a total size of around 12TB
  • It was since then locked down, but users should still take care

Millions of records containing sensitive, personally identifiable information, were sitting online in yet another unencrypted, non-password-protected database, experts have warned.

Found by security researcher Jeremiah Fowler, who discovered and reported his findings to vpnMentor, the database contained 3,637,107 records, and was 12.2TB in total size.

It belongs to a company called Passion.io, a Delaware-based no-code app-building platform that allows creators, influencers, entrepreneurs, and coaches, to create websites without having any prior coding knowledge. They can also create, and sell, interactive courses.


You may like

View Deal

Locking the archive down

Fowler said that he analyzed a “limited sampling of the exposed documents” and saw internal files, images, and spreadsheet documents marked as “users” and “invoices”.

These files contained people’s names, email addresses, postal addresses, and details about payments or payouts for users and app creators.

This type of information is a treasure trove for cybercriminals. They can use it to create convincing phishing emails, tricking Passion’s users into making rash, dangerous decisions. Besides phishing, the data can be used in identity theft, wire fraud, and other types of scams.

The researcher notified Passion.io about his findings, and got a response on the same day. The database was locked down, and the company confirmed it was working on putting guardrails in place so that mishaps like this one don’t repeat.

“We’re treating this very seriously and moving fast,” the company told Fowler.

So far, there is no evidence the information is circulating on the dark web – and it’s also not known if Passion.io is the one managing the database, or if the job was outsourced to a third party.

Without a thorough investigation, there is no way of knowing for how long the database remained open, or if any threat actors found it already.

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Coinbase Faces Fresh Heat Over Data Breach
Crypto Trends

Coinbase Faces Fresh Heat Over Data Breach

by admin


Major US cryptocurrency exchange Coinbase is facing more criticism stemming from a recent hack incident after it turned out that it had outsourced customer support to TaskUs, a third-party contractor in India.   

Adam Cochran of Cinneamhain Ventures has criticized the company for using contractors instead of their direct employees. 

On Monday, Reuters reported that a TaskUS employee was caught taking photos of her computer in order to potentially sell Coinbase’s customer data. 

This turned out to be part of a coordinated campaign, with a total of 200 employees being fired in response.

Coinbase knew about the breach in January, according to the sources cited by Reuters. However, the incident was disclosed only in May. 

Coinbase has estimated that it could take a $400 million hit from the security breach. The incident could also attract close regulatory scrutiny. 

The hackers were demanding a $20 million payment to cover up the incident, but Coinbase refused to cave in to the extortion attempt. 



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
NFT Gaming

Coinbase Knew of Its Data Breach Months Before Disclosing: Reuters

by admin



In brief

  • Coinbase reportedly learned of a data breach tied to outsourcing company TaskUs in January.
  • Rogue TaskUs employees have been accused of leaking customer info for bribes.
  • Hackers demanded $20 million in Bitcoin from Coinbase, which the company refused.

Coinbase was made aware in January of a customer data breach involving its third-party contractor TaskUs months before publicly disclosing the incident, Reuters reported Monday, citing six sources familiar with the matter.

According to five former TaskUs employees, the breach was traced to an India-based TaskUs support agent who had been photographing her work computer screen with a phone. 

The employee and an alleged accomplice were suspected of selling Coinbase user information to hackers in exchange for bribes. 

“We immediately reported this activity to the client,” TaskUs told Reuters, adding that it had terminated two employees for illegal access and believed the breach was part of a wider, coordinated campaign targeting Coinbase and other service providers.

Decrypt has approached Coinbase and TaskUs for comment.

Coinbase disclosed the breach in an SEC filing on May 14 and followed up with a blog post on May 15. 

The company said hackers obtained customer names, addresses, masked bank details, and identity documents via compromised support staff. No funds or passwords were taken. On May 11, Coinbase received a $20 million Bitcoin ransom demand, prompting it to go public with the information.

It additionally said that the threat actor had obtained the information by paying multiple contractors or employees in support roles for information from internal Coinbase systems and that “these instances of such personnel accessing data without business need were independently detected by the Company’s security monitoring in the previous months.”



Reuters reported that at least part of the breach was linked to TaskUs, a U.S. outsourcing firm with over 61,000 employees across 12 countries. 

“They then tried to extort Coinbase for $20 million to cover this up. We said no,” the company wrote. CEO Brian Armstrong responded by offering a $20 million bounty for information leading to the arrest of the attackers. “We are not going to pay your ransom,” he said in a video statement.

The company said the breach affected less than 1% of its users. Coinbase has since cut ties with TaskUs and other overseas agents involved in the incident and claims to have strengthened internal controls.

The breach sparked a shareholder lawsuit filed May 22 in federal court in Pennsylvania. Investor Brady Nessler accused Coinbase of violating securities laws by failing to disclose the breach promptly and alleged the company also concealed prior regulatory issues. 

Coinbase’s stock dropped 7% following the disclosure but has since rebounded, bolstered by its inclusion in the S&P 500.

Edited by Sebastian Sinclair

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
NFT Gaming

Coinbase Faces Investor Lawsuit Over Alleged Damages From Data Breach

by admin



In brief

  • Coinbase is fielding a lawsuit from an investor that claims to have suffered “significant losses and damages” due to the company’s alleged “misleading” statements.
  • The investor took issue with Coinbase’s revelation in mid-May that it had suffered a data breach, several months after the leak of the company’s user data began.
  • Coinbase stock is up 7% since it revealed that “less than 1%” of its customers’ data had been stolen on May 15.

Coinbase is facing a lawsuit over allegations it violated securities laws and issued “misleading” statements to its shareholders, roughly a week after the crypto exchange drew criticism for revealing it had suffered a large data breach.

In a legal complaint filed on May 22 in the U.S. District Court for the Eastern District of Pennsylvania, Coinbase investor Brady Nessler alleges he suffered “significant [financial] losses and damages” due to the public company’s “wrongful acts and omissions.” Coinbase failed to promptly disclose that its customers’ data had been leaked, beginning in December 2024— a revelation that finally came to light on May 15 and caused the company’s stock to immediately drop 7% and close at $244 later that same day, according to the lawsuit. 

The lawsuit also alleges Coinbase similarly declined to disclose information related to its dealings with U.K. regulators in 2020, roughly a year before the trading platform went public in the U.S. 

“As a result of Defendants’ wrongful acts and omissions, and the precipitous decline in the market value of the Company’s common shares, Plaintiff and other Class members have suffered significant losses and damages,” Nessler’s lawyers said in the filing.



Coinbase did not immediately respond to Decrypt’s request for comment, which was sent on a U.S. public holiday. Nessler’s attorney likewise did not respond to a request for comment.

In the U.S., anyone can file a lawsuit, and it is relatively easy and inexpensive to do so. 

“While almost anyone can try to sue for many reasons, there are important rules and limits,” Andrew Rossow, a reputation management attorney and founder of legal firm Rossow Law, told Decrypt. “For example, courts can quickly dismiss cases that have no legal basis, even if everything the person says is true.” 

Rossow added that individuals who bring lawsuits against others must “show that [they] are directly affected by the problem and have suffered a real injury” in order for their cases to be heard in court.

The allegations come as Coinbase stock continues to recover following the trading platform’s revelation almost two weeks ago that its customers’ data had been compromised. The company’s shares are trading at $263 as of writing time, up 7% since Coinbase first publicized its data leak.

Coinbase reported the data breach in a May 15 blog post, noting that “less than 1%” of its users’ names, addresses, masked bank details, identity documents and other sensitive information had been leaked. The exchange revealed it had received a demand for $20 million in exchange for the stolen data, prompting it to publicize the leak and offer a bounty for information leading to the arrest of those behind it. 

Although Coinbase shares experienced a near-double-digit drop following the publication of the blog post, the stock’s price quickly recovered. The negative impact of the data breach on Coinbase stock was largely buffeted by the firm’s announcement earlier that week that it had joined the S&P 500—a major milestone for publicly traded companies in the U.S. 

Nessler’s lawyers did not specify the amount of damages their client is seeking. The complaint calls for a trial by jury.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
crypto, coinbase
Crypto Trends

Coinbase Faces New Lawsuit Following $400M Data Breach

by admin


Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

Coinbase is facing a new class action lawsuit claiming that investors suffered significant losses over the years due to the crypto exchange’s “omissions,” which have affected the company’s stock price.

Coinbase Accused Of Key ‘Omissions’

Last week, a Coinbase investor filed a class action lawsuit in the US District Court for the Eastern District of Pennsylvania against Coinbase, CEO Brian Armstrong, and CFO Alesia Hass, alleging that the company’s shareholders have suffered “significant losses and damages” over the past four years.

In the May 22 complaint, investor Brady Nessler, on behalf of persons or entities who purchased or otherwise acquired publicly traded Coinbase securities between April 14, 2021, and May 14, 2025, claims that the exchange has a long list of “wrongful acts and omissions” that have led to the “precipitous decline in the market value of the Company’s common shares” affecting the Plaintiff and other Class members.

New lawsuit against crypto exchange Coinbase, Armstrong, and Hass. Source: CourtListener

Among the omissions, the lawsuit lists the company’s recent data breach and its failure to disclose that it breached its 2020 agreement with the UK’s Financial Conduct Authority (FCA).

In October 2020, the company’s UK subsidiary, Coinbase Payments (CBPL), signed a voluntary agreement to prevent onboarding clients considered “high risk” by the regulator and reduce potential criminal activity on the CBPL platform.

The lawsuit alleges that the company made several “materially false and misleading” statements at the time that omitted that Coinbase Payments, Ltd. (CBPL) had been found guilty by the UK regulator of having “inadequate anti-money laundering focused systems to prevent high-risk individuals from using its platform, and that CBPL then breached the Agreement designed to address those deficiencies, creating legal exposure.”

Notably, the price of the company’s common stock reportedly fell by $13.52 per share, a 5.52% decline, when a Reuters article titled “Coinbase UK unit fined for breaching financial crime requirements” was published during market hours on July 25, 2024. The FCA fined Coinbase’s UK subsidiary a $4.5 million penalty for breaching the voluntary agreement.

Data Breach Leads To Class Action Lawsuits

Moreover, the Class action suit argues that the recent data breaches also resulted in significant losses and damages for stockholders, highlighting the May 15 statement from the crypto exchange.

As reported by Bitcoinist, Brian Armstrong shared that threat actors bribed a handful of customer support contractors to access Coinbase’s internal tools, resulting in the breach of names, email addresses, limited transaction records, and partial Social Security numbers of 1% of the exchange’s users.

The hackers attempted to blackmail the exchange, demanding $20 million in Bitcoin (BTC) to return the sensitive customer data. However, Armstrong revealed they refused to pay the ransom.

The lawsuit states that, following the news, the price of Coinbase’s common stock fell by $19.85 per share, a 7.2% decline, to close at $244 on May 15, 2025. Since then, multiple lawsuits have been filed against the crypto exchange, and a US Department of Justice Investigation has been opened.

Based on this, Plaintiff seeks to “recover compensable damages caused by Defendants’ violations of the federal securities laws under the Securities Exchange Act of 1934 (the ‘Exchange Act’).”

Bitcoin trades at $109,638 in the one-week chart. Source: BTCUSDT on TradingView

Featured Image from Unsplash.com, Chart from TradingView.com

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.



Source link

0 comments
0 FacebookTwitterPinterestEmail
The full story behind the $260 million breach
NFT Gaming

The full story behind the $260 million breach

by admin



What triggered the $260 million Cetus Protocol hack, and how did the Sui exploit spread into a chain-wide crisis?

Cetus Protocol hack wipes $260M in latest Sui exploit

On May 22, Cetus Protocol (CETUS), the primary decentralized exchange and liquidity provider on the Sui (SUI) blockchain, experienced a major security breach. The exploit drained an estimated $223 million, triggering an immediate disruption in DeFi activity across the Sui ecosystem.

Since its 2023 launch, Cetus has become a core part of Sui’s infrastructure, enabling token swaps and yield farming for more than 62,000 active users and generating over $7.15 million in daily trading fees.

SUI, the native token of the Sui blockchain, fell sharply from $4.19 to $3.62 as of this writing on May 23, a nearly 14% drop within a day.

SUI price chart | Source: crypto.news

CETUS, the native token of the affected protocol, declined from $0.26 to $0.15 during the immediate aftermath of the breach. Its current price of $0.17 marks only a partial recovery.

Tokens across the wider ecosystem reacted with similar volatility. Memecoins native to Sui, including LOFI, HIPPO, SQUIRT, SLOVE, and MEMEFI, saw losses ranging from 51% to 97%. Although prices have stabilized since, investor confidence remains shaky.

Among the top 15 assets listed on Cetus, more than 75% of total value was erased. Some tokens, such as LBTC and AXOLcoin, saw their prices collapse to near zero.

The broader impact went beyond token prices. Sui’s total value loced dropped from $2.13 billion to $1.92 billion at the time of writing, reflecting a contraction in a matter of hours.

Let’s understand how the exploit was carried out, what structural flaws it exposed, and how the community is preparing its response.

Sui hacker triggers liquidity drain on Cetus Protocol

The breach targeting the Cetus Protocol began in the early hours of May 22. At 3:52 AM PT (11:52 UTC), blockchain monitors detected irregular movements in the SUI/USDC liquidity pool, initially flagged as a possible $11 million outflow.

Ongoing investigation quickly expanded the scope, revealing that total losses across multiple pools may have ranged around $260 million.

The attack focused on a vulnerability in the smart contract system behind Cetus’s pricing mechanism.

At the core was the protocol’s oracle design, responsible for feeding real-time price data into the platform to enable fair trading across token pairs. In this case, the oracle served as the entry point for the exploit.

The wallet address involved, identified as “0xe28b50,” deployed spoof tokens such as BULLA to manipulate pricing curves and distort reserve balances.

Although these tokens carried little real liquidity, they were used to skew internal pool metrics, making valuable assets like SUI and USDC appear undercollateralized. After destabilizing the pricing logic, the attacker extracted real tokens from the pools without contributing proportional value.

On-chain analysts tracked the attacker moving around $63 million in USDC from Sui to Ethereum (ETH) in the hours following the exploit.

Conversion data showed that $58.3 million was swapped for 21,938 ETH at an average rate of $2,658 per coin. The pace of execution, estimated at roughly $1 million per minute, pointed to a coordinated and pre-planned operation.

Cetus initially referred to the issue as an “oracle bug,” a term that drew immediate scrutiny from developers and security experts. The scale and precision of the exploit raised doubts about that framing.

Cetus coin exposed in Sui exploit

The root of the Cetus breach wasn’t a single line of malicious code, but a structural flaw in how the protocol managed pricing and pool logic.

Cetus used an internal oracle system that depended on concentrated liquidity pool data to generate real-time price feeds. The intention was to reduce reliance on external oracles and limit vulnerability to outside manipulation. In doing so, however, the mechanism introduced new risks.

The vulnerability centered on the “addLiquidity,” “removeLiquidity,” and “swap” functions within the smart contracts. These functions were built to calculate token ratios and pool values, but failed to properly validate inputs when interacting with assets that held little or no economic value.

The attacker exploited this gap by introducing spoof tokens such as BULLA, which imitated the structure of legitimate assets but had no real liquidity or pricing history.

Introducing these tokens into the pool distorted the automated calculations that governed how much value could be added or removed, effectively allowing manipulation of the protocol’s internal accounting.

Using these spoofed assets, the attacker provided almost no real liquidity while extracting significant amounts of SUI and USDC at artificially favorable rates.

Cybersecurity firms classified the incident as a textbook example of oracle manipulation, where the protocol’s internal design became its own vulnerability.

The scale of the damage was reflected in transaction volumes. On-chain activity on Cetus surged from $320 million on May 21 to $2.9 billion on May 22, showing how quickly funds were moved and swapped once the exploit began.

Move, the programming language used for building on Sui, includes security protections that guard against low-level threats like reentrancy. In this case, the failure occurred above the language layer.

Smart contract execution was not the issue. The contracts performed exactly as instructed — the real problem was that those instructions were permitted at all.

Cetus had no filters or verification steps to ensure only tokens with actual liquidity could influence pricing. It lacked safeguards to reject assets with no market validation.

No caps were enforced on price deviation during short windows, and no circuit breakers were present to pause abnormal activity once volumes began spiking.

Once the spoof tokens entered and distorted the pricing engine, the rest of the system followed through exactly as designed — ultimately enabling the exploit to unfold without resistance.

Sui hack freeze raises decentralization doubts

Cetus moved quickly to contain the damage once the exploit was identified. Smart contract operations were paused around 4:00 AM PT on May 22 to prevent further outflows from the protocol.

A public statement followed shortly after on the project’s official X account, acknowledging the incident and pledging a full investigation. As of May 23, no detailed post-mortem has been released.

A broader response unfolded across the Sui ecosystem. The Sui Foundation, in coordination with validators and key partners, blacklisted the attacker’s addresses and froze approximately $162 million worth of stolen assets on the Sui network.

Efforts to recover the remaining funds, estimated between $60 million and $98 million, have encountered challenges. Roughly $60 million to $63 million in USDC was bridged out of Sui and converted into 21,938 ETH shortly after the exploit.

To encourage the return of the funds, Cetus has extended a $6 million white-hat bounty offer. The proposal targeted the converted ETH and included a firm condition: any attempt to launder or off-ramp the assets would void the offer. No response from the attacker has been made public as of now.

Tracing efforts have involved multiple cybersecurity firms and regulatory bodies. Inca Digital is leading the negotiation process, with forensic support from Hacken and PeckShield.

The Sui Foundation has also coordinated with agencies including FinCEN and the U.S. Department of Defense to explore additional recovery and legal options.

Exchange support has been mixed. Binance founder Changpeng Zhao expressed solidarity on X and confirmed that Binance is assisting with recovery coordination, although no technical interventions or account freezes have been publicly confirmed.

The wallet freeze triggered a broader discussion around decentralization. Several users on X highlighted that Sui validators coordinated to block transactions from the attacker’s addresses, freezing over $160 million in assets.

SUI froze $160M from the Cetus hacker, on-chain, out of over $220M. The $60M gap was bridged to ETH.

While this is good in this case, this shows SUI network can freeze your funds on demand.

Decentralization is just marketing outside of BTC/ETH. pic.twitter.com/IO9b4h3NUq

— Duo Nine ⚡ YCC (@DU09BTC) May 22, 2025

While effective in this instance, the move raised concerns about how much control validators can exercise over network behavior.

Critics argue that such coordination challenges the principle of decentralization and suggests validator-driven censorship is possible, raising doubts over whether networks like Sui are truly decentralized or only claim to be.

Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.





Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
GameFi Guides

Coinbase Data Breach Will ‘Lead to People Dying,’ TechCrunch Founder Says

by admin



In brief

  • TechCrunch founder Michael Arrington has claimed that a recent data breach at Coinbase “will lead to people dying.”
  • Arrington’s claim comes amid a wave of kidnap attempts targeting high-net-worth crypto holders.
  • Former Coinbase CTO Balaji Srinivasan argued that the fault lies with state-mandated KYC data collection.

The founder of online news publication TechCrunch has claimed that Coinbase’s recent data breach “will lead to people dying,” amid a wave of kidnap attempts targeting high-net-worth crypto holders.

TechCrunch founder Michael Arrington added that this should be a point of reflection for regulators to re-think the importance of know-your-customer (KYC), a process that requires users to confirm their identity to a platform. He also called for prison time for executives that fail to “adequately protect” customer information.

I am a long time investor in and champion of @coinbase. Something that has to be said though – this hack – which includes home addresses and account balances – will lead to people dying. It probably has already. The human cost, denominated in misery, is much larger than the $400m… pic.twitter.com/ruSYKAGH7x

— Michael Arrington 🏴‍☠️ (@arrington) May 19, 2025

“This hack—which includes home addresses and account balances—will lead to people dying. It probably has already,” he tweeted. “The human cost, denominated in misery, is much larger than the $400 million or so they think it will actually cost the company to reimburse people.”

On Thursday, Coinbase announced that cybercriminals tried to blackmail the exchange into paying $20 million in Bitcoin over the stolen customer data—which it refused to pay. Instead, the company put out a $20 million award for any information that would lead to the “arrest and conviction” of the attackers. The crypto exchange has also pledged to reimburse any customers that were tricked into sending funds to the attackers.

The U.S. Justice Department has since opened a probe into the data breach, Bloomberg later reported.

But for Arrington, who also founded venture capital firm CrunchFund and hedge fund Arrington Capital, this isn’t enough. He believes that people are in immediate physical danger following the breach, which exposed data including names, addresses, phone numbers, emails, government-ID images, and more.

Arrington said that he was a “long time” investor in Coinbase but did not respond to Decrypt’s request for comment in what capacity this investment was made. Coinbase also did not respond to Decrypt’s request for comment.

Crypto kidnap attempts

A number of high-profile kidnapping attempts has heightened concerns over the safety of crypto owners with significant holdings.

In January, Ledger co-founder David Balland was abducted from his home in France alongside his wife. The pair were held captive for roughly 24 hours, with the kidnappers “mutilating” Balland’s hand as part of their ransom demand, before local law enforcement recovered the executive and his wife.

In March, popular streamer and OnlyFans personality Kaitlyn “Amouranth” Siragusa was the victim of a home invasion by three armed attackers who physically assaulted her while ordering her to transfer her Bitcoin to them. She managed to fire her gun, causing the attackers to flee the scene.

In May, the father of a crypto millionaire was rescued by French authorities after being held hostage for days—but not without having his finger severed by the kidnappers. A week later there was an attempted but failed kidnapping of a woman and her child, relatives of a leading figure in France’s crypto industry.

As a result of these and other incidents, an Amsterdam-based physical security firm told Bloomberg that it had noticed an uptick in clients with large crypto holdings, prior to the Coinbase breach.

The risks of KYC data

Arrington believes that in the wake of these attacks, crypto companies that handle user data need to be much more careful than they currently are.

“Combining these KYC laws with corporate profit maximization and lax laws on penalties for hacks like these means these issues will continue to happen,” he tweeted. “Both governments and corporations need to step up to stop this. As I said, the cost can only be measured in human suffering.”

I disagree the problem is execs. The problem is the state.

The state forces companies to collect KYC data that they do not want to collect. This issue is much bigger than crypto, and regulation is the actual thing to target.

With ZK, no need for KYC.https://t.co/kszGEy2tuZ

— Balaji (@balajis) May 20, 2025

Former Coinbase chief technology officer Balaji Srinivasan pushed back on Arrington’s position that executives should be punished, arguing that regulators are forcing KYC onto unwilling companies.

“When enough people die, the laws may change,” Arrington hit back.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.





Source link

0 comments
0 FacebookTwitterPinterestEmail
Close