said Michael Egorov, founder of Curve Finance. Decryption That “employment” hacker has coordinated cross-platform attacks, making it increasingly difficult to secure Defi projects.
An example is the attack on curve finance against last month’s DNS attack. The front-end website of distributed finance protocols was compromised, allowing an attacker to redirect users to malicious sites.
“The different hackers can coordinate efforts between platforms and compromise on them at the same time, making greater impact and benefits,” Egorov said. Decryption In a posthumous interview.
Egorov detailed how recent attacks on curves have been successful despite the team using strong passwords and two-factor authentication. This happened when their registrar “transferred ownership of (Curve’s Domain) to someone else without email notification,” Egorov explained.
Yet, threat actors can engage in the increasingly common “calculated behavior.”
Someone may even take a bribe to target a particular project. If someone wants to pay with willingness,” Egorov argued, adding that hackers can “align their efforts across the platform and at the same time compromise them for impact and profit.”
Compared to legacy infrastructure such as traditional banking, Egorov said methods such as SMS-based two-factor authentication are “fundamentally unsafe and should be avoided.”
But in the case of the crypto sector, interests can vary dramatically as all transactions end almost instantly,” said Curve founder. He pointed out that once the attack begins, it becomes “irreversible by design.”
“The standards for security standards are much higher (…), and today’s Internet infrastructure is not built to meet these requirements.”
“Interesting abnormality”
Egorov’s warning comes as blockchain security company Certik’s May Security Report revealed that code vulnerabilities are the most common type of attack in the crypto space.
This was an “interesting abnormality.” Decryptionsaid the code’s vulnerability “represents a large portion of the funds exploited,” causing more than $229 million in losses.
In the context, this figure includes the damage done to the Cetus protocol late in the month, equivalent to about $225 million, representing the largest single attack in May.
Across the Crypto sector, hackers siphoned around $303 million in nine major breaches in May, down about 16% from the total $364 million in April, Certik’s report shows.
The attacker used the CETUS protocol spoofing token to manipulate prices and exploited the vulnerability that emits liquidity. The exploit was classified as an “oracle-operated attack,” he told blockchain security company Cyvers Decryption at that time.
Edited by Stacy Elliott.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
