Tag:

Exploit

Shiba Inu Developers Respond To $4 Million Exploit With Detailed Update

by admin October 4, 2025

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

Following a significant exploit that compromised its Shibarium bridge, developers behind Shiba Inu (SHIB) have released a detailed update outlining their response to the incident.

Shibarium Team Implements New Security Measures

According to a post-mortem report, the malicious attack involved a perpetrator submitting three fraudulent checkpoints to Shibarium’s Ethereum mainnet contracts, disrupting the continuity between Heimdall’s local state and the on-chain state.

After the attack was detected, Shibarium’s Kaal Dhairya announced on social media platform X (previously twitter) that authorities had been alerted, while also expressing a willingness to negotiate with the attacker in exchange for the return of the stolen funds.

However, no agreement was reached, and the attacker has since moved the stolen assets, leaving the Shibarium team to focus on recovery and security enhancements for the platform.

In light of this, Heimdall intentionally halted operations, pausing legitimate checkpoint submissions to prevent further damage. They also described the attacker’s method, which included a short-lived stake amplification strategy through a 4.6 million BONE delegation.

This tactic allowed the attacker to cross operational thresholds and attempt to gain unauthorized control over the system. To address these issues, the Shibarium team organized their response into multiple overlapping workstreams, functioning around the clock in collaboration with Hexens.io, an independent reviewer.

Their approach included daily stand-ups, continuous monitoring of changes, and strict separation of duties among team members responsible for infrastructure, contracts, validator operations, and testnets.

This aimed to eliminate any single points of failure, employing hardware custody for keys and ensuring every critical change was rehearsed off-chain or on testnets prior to implementation.

Shiba Inu Dev’s Strategy To Compensate Affected Users

As part of their actions, Shiba Inu devs introduced a rescue method in the StakeManager to recover at-risk BONE tokens. They executed the AdminConsumeLegacyBound function to clean up legacy unbond states associated with the attacker’s contract.

This response verified that the staking ledger updates were successful, ultimately rescuing the 4.6 million BONE and removing the malicious delegation. Looking ahead, Shiba Inu developers detailed their plans for the near future, which include implementing blacklisting measures in the Plasma Bridge.

These controls aim to prevent malicious actors from initiating or completing bridge transactions. Once these measures are in place and thoroughly verified, the team intends to restore full bridge functionality.

In addition to these technical updates, Shiba Inu developers are designing a comprehensive plan to ensure that affected users are made whole.

This plan will incorporate gating, phased limits, and coordination with partners to facilitate safe bridging and withdrawals. Specific details will be communicated only when it is deemed secure to do so.

The daily chart shows SHIB’s price trending upwards. Source: SHIBUSDT on TradingView.com

Featured image from DALL-E, chart from TradingView.com

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Source link

October 4, 2025 0 comments

Game Updates

Surprise Unity Exploit Gets Pillars Of Eternity 2 And More Yanked From Steam

by admin October 3, 2025

Obsidian Entertainment is pulling Pillars of Eternity II: Deadfire, Pentiment, and more from Steam and other digital storefronts on Friday after Unity, the game engine used to make them, was revealed to have a years-old security flaw. The company behind it is now urging developers to update their games to avoid any issues.

“A security vulnerability was identified that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems,” former Xbox mascot Larry “Major Nelson” Hryb wrote on the Unity forum earlier today. “There is no evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers.”

Hryb added that the company “proactively provided fixes that address the vulnerability, and they are already available to all developers” and is encouraging all of them to update their products as soon as possible. Windows, Steam, and others already implemented fixes at the platform level today. Now some studios are taking their games down while they get them patched. One of them is Grounded 2 maker Obsidian Entertainment.

A security vulnerability affecting our games that use Unity has recently been identified.

As a precaution and to keep you safe, we have temporarily removed the following titles and products from digital storefronts while we implement the necessary updates to address the issue:…

— Obsidian (@Obsidian) October 3, 2025

“As a precaution and to keep you safe, we have temporarily removed the following titles and products from digital storefronts while we implement the necessary updates to address the issue,” it wrote on X. In addition to Pillars of Eternity II: Deadfire and Pentiment, it also includes certain versions of Grounded 2 and Avowed which include artbooks made with Unity.

“We apologize for any inconvenience this may cause,” the studio wrote. “Our team is working on a fix and will restore these games as soon as possible. We will provide additional information once they are available again. We also encourage players who have already downloaded these games to update them as soon as a patch becomes available.”

Hey everyone,

We’ve rolled out a quick patch to address the Unity security vulnerability.

Your saves and gameplay are safe! Just hit update and you’re covered. And if you haven’t joined yet, No Rest for the Wicked is 30% off on Steam right now. This is the perfect moment to…

— No Rest for the Wicked (@wickedgame) October 3, 2025

Other developers have also started rolling out updates, some without temporarily removing their games from digital store shelves. Pillars of Eternity II: Deadfire and Pentiment, both great games, were currently discounted for Steam’s autumn sale. Hopefully, they’re back soon.

Source link

October 3, 2025 0 comments

GameFi Guides

Hyperliquid-based Hyperdrive resumes services after exploit

by admin September 29, 2025

Hyperdrive has restored operations and compensated users after a June exploit drained funds from two markets on the Hyperliquid blockchain.

Summary

Hyperdrive exploited for ~$700K on Sept. 27.
Attack traced to router contract permissions.
Users reimbursed, markets fully restored.

Hyperdrive, a decentralized finance protocol on the Hyperliquid blockchain, has resumed full operations and restored funds to affected users after an exploit drained nearly $700,000 from two markets.

According to the project’s Sept. 29 update on X, all accounts impacted by the attack have been remediated and market functions are now back online. The team confirmed that the exploit was limited to the Primary and Treasury USDT0 markets and did not spread to other assets or contracts.

Details of Hyperdrive exploit

On Sept. 27, attackers took advantage of Hyperdrive’s router contract, which had been granted operator permissions during lending processes. This made it possible to manipulate collateralized positions and make arbitrary function calls to whitelisted contracts. Two accounts were drained, losing 672,934 USDT0 and 110,244 thBILL tokens.

The stolen money was tracked to Ethereum (ETH) and BNB (BNB) Chain, where some of it was laundered using Tornado Cash. External auditors and forensic specialists were enlisted by Hyperdrive, who verified the vulnerability was fixed and created a patch in a matter of hours. All markets were paused during remediation, with operations resuming only after compensation was completed.

Ongoing investigation and security response

Hyperdrive stated that the attack was carried out by a known threat actor previously linked to high-profile protocol exploits. A full post-mortem report will be published in the coming days. While reiterating that user accounts are now secure, the team cautioned against scams and unofficial communications.

Despite the setback, Hyperdrive says its long-term strategy is still the same, concentrating on yield strategies like tokenizing Treasury bills with partners like Theo Network. The team aims to strengthen user trust while pushing for more extensive security audits throughout the ecosystem.

The incident highlights risks facing the Hyperliquid (HYPE) ecosystem, which recently saw a $3.6 million rug pull at HyperVault, another protocol built on the chain. Since Hyperliquid only runs a small number of validator nodes, issues with centralization and system security remain.

Source link

September 29, 2025 0 comments

Crypto Trends

Hyperdrive Exploit Leads to $782K Loss on Hyperliquid Network

by admin September 29, 2025

Hyperdrive, a lending protocol built on the Hyperliquid (HYPE) blockchain, suffered a smart contract exploit on Saturday night that resulted in losses of around $782,000. This marks the third major security incident tied to the rapidly growing Layer 1 network.

According to blockchain security firm CertiK, the attacker repeatedly exploited an arbitrary call in Hyperdrive’s router. This flaw allowed them to drain funds from two pools, the Primary USDT0 Market and Treasury USDT Market.

The attacker stole 673,000 USDT0 stablecoins and 110,244 thBILL tokens, later converting the assets into BNB and ETH before moving them off-chain.

Hyperdrive’s team responded quickly by pausing the protocol to stop further damage. In an update on X, the team said it had already identified and fixed the root cause. It also confirmed that affected accounts had been identified and promised a compensatory plan, although details of that plan remain unclear.

Hyperliquid’s track record of incidents

This is not the first time Hyperliquid’s ecosystem has faced trouble. In March, a whale manipulated the price of Solana-based memecoin JELLYJELLY, forcing the protocol to absorb $12 million in losses. An earlier manipulation event had also cost a Hyperliquid vault around $4 million.

Despite these challenges, Hyperliquid continues to gain traction in the DeFi space. Data from DeFiLlama shows Hyperdrive currently holds about $14.5 million in total value locked (TVL).

Market reaction

At the time of writing, Hyperliquid’s HYPE token of Hyperliquid is trading at $47.14, which is up 4.20% in the last 24 hours, and has a market cap of approximately $15.8 billion and a trading volume of over $3 billion, according to the CoinMarketCap Data.

The Hyperdrive hack underscores the current security risk in DeFi, including on rapidly expanding networks such as Hyperliquid. While their team has acted quickly to contain the issue, users will be watching closely for the promised compensatory measures and postmortem report.

Also Read: James Wynn: Hyperliquid Will Die ‘Slow & Painful Death’ As ASTER Soars

Source link

September 29, 2025 0 comments

NFT Gaming

DeFi Project Hyperdrive Hit by $773,000 Exploit

by admin September 28, 2025

According to blockchain security firm PeckShield, Hyperdrive, a decentralized finance (DeFi) project that operates on the Hyperliquid blockchain, recently suffered a compromise of two accounts in its thBILL markets.

$773,000 worth of stolen funds

It is worth noting that “thBill” is a tokenized version of Treasury Bills (T-Bills) issued by Theo Network. It allows users to earn yield or interest.

As a result of the recent security breach, roughly $773,000 worth of crypto got stolen. However, it is worth noting that neither the thBILL token nor the HYPED liquid staking token (LST) were affected by the security incident.

Hyperdrive’s response

In response to the recent hack, Hyperdrive paused all money markets as a precaution during an investigation.

Later, the DeFi project clarified that it had identified the root cause and fixed the issue that made the recent security incident possible.

Moreover, the project is currently working on a compensatory plan for the affected accounts.

“We confirm our earlier statement that the issue is limited in scope, affecting only two Hyperdrive markets,” it added.

Scam warning

The project has also urged users to be wary of scams, stressing that they have to rely only on official communication.

Hyperdrive has also warned against interacting with the protocol or sending funds to its smart contracts.

Source link

September 28, 2025 0 comments

GameFi Guides

Critical Chrome Exploit Could Drain Your Crypto, CTO of French Hardware Wallet Giant Warns

by admin September 18, 2025

Charles Guillemet, chief technology officer at Ledger, has issued a security warning about a major Chrome vulnerability that could potentially allow hackers to drain one’s crypto wallet.

The “Type Confusion” bug, which was recently discovered by security researchers, makes it possible for bad actors to run malicious code by treating one type of data as another. It has been found within V8, the engine that executes JavaScript and WebAssembly.

Simply visiting a malicious website could make it possible for attackers to steal highly sensitive data, including private keys, seed phrases, or wallet files.

Google’s urgent response

Within just 48 hours of the critical vulnerability being detected, Google swiftly moved to publish an emergency update. Chrome users have to make sure that they are using the fixed version (140.0.7339.185).

It is worth noting that all Chromium-based web browsers have been affected, including Brave, Opera, and Vivaldi.

Source link

September 18, 2025 0 comments

GameFi Guides

NGP Protocol Hit by $2M Exploit, Funds Sent to Tornado Cash

by admin September 18, 2025

New Gold Protocol (NGP), a decentralized finance (DeFi) project built on the BNB Chain, became the latest target of a sophisticated exploit on Wednesday. The attacker drained nearly $2 million worth of assets from the project’s liquidity pool before moving the stolen funds through Tornado Cash, making them nearly impossible to trace.

How the exploit happened?

According to Web3 security firm Blockaid, the attacker zeroed in on NGP’s smart contract vulnerability within its getPrice() function. This function works out the price of NGP tokens by simply looking at the reserves in its Uniswap V2 pool.

Blockaid explained that relying on a single decentralized exchange (DEX) pool for price data left the protocol exposed. “A spot price from a single DEX pool is insecure because an attacker can easily and dramatically manipulate the pool’s reserves within a single atomic transaction using a flash loan,” the firm said.

The exploit began when the attacker initiated a flash loan, temporarily borrowing a large number of tokens. They then executed a swap to manipulate the mainPair pool, which boosted the USDT reserve while draining NGP tokens. This trick made the getPrice() function show a much lower token value than it really was.

With the system fooled, the attacker slipped past the contract’s transaction limits and managed to buy a huge amount of NGP tokens at a cheap, manipulated price.

Aftermath of the hack

Once the tokens were drained, the attacker quickly swapped them into Ethereum and pushed the funds through Tornado Cash, the Ethereum mixer often linked to hacks. Once the hacker pushed the money through Tornado Cash, the trail went cold. That means the money trail is basically gone, and getting the funds back is next to impossible.

Word of the hack got around quickly and put the DeFi community on edge. NGP’s token price crashed within hours, and investors were left unsettled. So far, NGP has not laid out any plan on how it will recover the stolen money or compensate users who lost out.

Bigger lessons for DeFi

The NGP exploit is another reminder of how dangerous it is for protocols to depend on a single-price source. Flash loans, which allow attackers to borrow and use large sums in one go, continue to be a major tool in these kinds of attacks.

Experts believe projects should focus on building safer systems by using more than one price feed, carrying out regular audits, and adding stronger protections to their contracts.

For now, the $2 million loss is another entry in the long list of DeFi hacks that have happened this year. Recently, DeFi platform Nemo Protocol on Sui revealed that its $2.6M exploit on September 7, 2025 stemmed from unaudited code pushed to mainnet via a single-signature upgrade. Hackers exploited a public flash loan function and faulty query to mint tokens and drain the SY/PT pool.

It shows once again that, in this space, security is still the weakest point, for both builders and investors.

Also Read: Radiant Hacker Moves $26.7 Million in Stolen Funds to Ethereum

Source link

September 18, 2025 0 comments

GameFi Guides

BONE Price Surges 40% After Shibarium Flash Loan Exploit

by admin September 14, 2025

Shiba Inu’s layer-2 network, Shibarium, was hit by a coordinated exploit that saw an attacker use a flash loan to gain control over a validator, drain assets from its bridge and trigger a temporary shutdown of staking operations.

The attacker, according to Shibarium developer Kaal Dhariya, bought 4.6 million BONE, the governance token of Shiba Inu’s layer-2 network, using a flash loan. The attacker then gained access to validator signing keys to achieve the majority validator power.

With that power, the attacker signed a fraudulent network state and siphoned assets from the Shibarium bridge, which connects it to the Ethereum network.

Since the BONE is still staked and subject to an unstaking delay, the funds remain locked, giving developers a narrow window to respond and freeze the funds, Dhariya said.

The Shibarium team has now paused all stake and unstake functionality, moved remaining funds into a hardware wallet protected by a 6-of-9 multisig setup and launched an internal investigation.

It’s still unclear whether the breach stemmed from a compromised server or a developer machine. While total losses haven’t been advanced, transaction data suggests they’re near $3 million.

The team is working with security firms Hexens, Seal 911 and PeckShield, and has alerted law enforcement. But developers also extended a peace offering to the attacker.

“Authorities have been contacted. However, we are open to negotiating in good faith with the attacker: if the funds are returned, we will not press any charges and are willing to consider a small bounty,” Dhariya wrote on X.

The price of BONE jumped immediately after the attack and at one point saw its value more than double, before a correction saw it move to a gain of around 40% since the exploit. SHIB is up more than 8%.

Source link

September 14, 2025 0 comments

U.S. dollar (Unsplash, modified by CoinDesk)

Crypto Trends

Coinbase’s Go-To AI Coding Tool Found Vulnerable to ‘CopyPasta’ Exploit

by admin September 6, 2025

A new exploit targeting AI coding assistants has raised alarms across the developer community, opening companies such as crypto exchange Coinbase to the risk of potential attacks if extensive safeguards aren’t in place.

Cybersecurity firm HiddenLayer disclosed Thursday that attackers can weaponize a so-called “CopyPasta License Attack” to inject hidden instructions into common developer files.

The exploit primarily affects Cursor, an AI-powered coding tool that Coinbase engineers said in August was among the team’s AI tools. Cursor is said to have been used by “every Coinbase engineer.”

How the attack works

The technique takes advantage of how AI coding assistants treat licensing files as authoritative instructions. By embedding malicious payloads in hidden markdown comments within files such as LICENSE.txt, the exploit convinces the model that these instructions must be preserved and replicated across every file it touches.

Once the AI accepts the “license” as legitimate, it automatically propagates the injected code into new or edited files, spreading without direct user input.

This approach sidesteps traditional malware detection because the malicious commands are disguised as harmless documentation, allowing the virus to spread through an entire codebase without a developer’s knowledge.

In its report, HiddenLayer researchers demonstrated how Cursor could be tricked into adding backdoors, siphoning sensitive data, or running resource-draining commands — all disguised inside seemingly innocuous project files.

“Injected code could stage a backdoor, silently exfiltrate sensitive data or manipulate critical files,” the firm said.

Coinbase CEO Brian Armstrong said on Thursday that AI had written up to 40% of the exchange’s code, with a goal of reaching 50% by next month.

~40% of daily code written at Coinbase is AI-generated. I want to get it to >50% by October.

Obviously it needs to be reviewed and understood, and not all areas of the business can use AI-generated code. But we should be using it responsibly as much as we possibly can. pic.twitter.com/Nmnsdxgosp

— Brian Armstrong (@brian_armstrong) September 3, 2025

However, Armstrong clarified that AI-assisted coding at Coinbase is concentrated in user interface and non-sensitive backends, with “complex and system-critical systems” adopting more slowly.

‘Potentially malicious’

Even so, the optics of a virus targeting Coinbase’s preferred tool amplified industry criticism.

AI prompt injections are not new, but the CopyPasta method advances the threat model by enabling semi-autonomous spread. Instead of targeting a single user, infected files become vectors that compromise every other AI agent that reads them, creating a chain reaction across repositories.

Compared to earlier AI “worm” concepts like Morris II, which hijacked email agents to spam or exfiltrate data, CopyPasta is more insidious because it leverages trusted developer workflows. Instead of requiring user approval or interaction, it embeds itself in files that every coding agent naturally references.

Where Morris II fell short due to human checks on email activity, CopyPasta thrives by hiding inside documentation that developers rarely scrutinize.

Security teams are now urging organizations to scan files for hidden comments and review all AI-generated changes manually.

“All untrusted data entering LLM contexts should be treated as potentially malicious,” HiddenLayer warned, calling for systematic detection before prompt-based attacks scale further.

(CoinDesk has reached out to Coinbase for comments on the attack vector.)

Source link

September 6, 2025 0 comments

Gemini co-founders Cameron and Tyler Winklevoss at White House (Jesse Hamilton/CoinDesk)

NFT Gaming

Venus Protocol Restores Services, Recovers Stolen Funds After $27M Exploit

by admin September 3, 2025

Venus Protocol, a major lending platform on BNB Chain, said it fully restored operations after suspending withdrawals and liquidations in response to a suspected exploit on Tuesday.

The protocol confirmed on Wednesday that lost funds had been recovered and that the pause allowed security teams to complete full checks to ensure its front end was not compromised.

The incident, which stemmed from a malicious contract update that drained an estimated $27 million, prompted Venus to halt key functions while investigating.

Update: Venus Protocol has been fully restored (withdrawals and liquidations resumed) as of 9:58PM UTC. ✅

The lost funds have been recovered under Venus’ protection. ✅ https://t.co/y2uUwPqmtb

— Venus Protocol (@VenusProtocol) September 2, 2025

On-chain sleuths had initially flagged suspicious movements from the platform’s Core Pool Comptroller contract, which seemed to route user assets including vUSDC and vETH to the hacker’s wallet.

Despite the platform’s reassurance that funds are safe, Venus’ native token, XVS, remains down 2.69% over the past 24 hours, following a sell-off on Tuesday.

Venus said it will release a full post-mortem of the incident in due course while expressing its gratitude to the community for support during a “critical moment” on X.

It emphasized that the pause was “necessary not just to secure the phished funds, but to conduct full security checks.”

Source link

September 3, 2025 0 comments