In this week’s newsletter, read about how the metaverse may integrate touch and smell. Check out how the nonfungible token (NFT) project Moonbirds plans to become a global brand and how NFT marketplace Magic Eden will refund users affected by a recent exploit. In other news, find out how NFT image hosting issues can be resolved, according to executives within the NFT space. And don’t forget this week’s Nifty News featuring a warning to gamers about a fake Pokemon NFT game spreading malware. Touch and smell become the next big thing for the metaverse at CES 2023 One of the …

Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …

An address related to the $190-million Nomad exploit has moved $1.57 million in Ether (ETH) to the sanctioned crypto mixer Tornado Cash. In an alert, blockchain security firm CertiK flagged that a wallet address affiliated with the Nomad hack has transferred 1,200 ETH into Tornado Cash, suggesting that the attackers may be cashing in the funds. The hacker transferred 12 batches of 100 ETH to the sanctioned mixer. The Nomad bridge hack was one of the ten largest crypto hacks in 2022, with more than $190 million worth of digital assets lost. On Aug 1, hundreds of exploiters flocked to …

It’s no secret that in 2022 the world of Web3 and decentralized finance (DeFi) experienced a slew of major exploits and attacks. From the Ronin bridge attack to the Nomad hack, the top 10 exploits alone saw over $2 billion lost. In the Beosin Global Web3 Security Report 2022, it revealed that of 167 major security incidents over the last year those rooted in DeFi were the most vulnerable. DeFi projects were attacked 113 times, which accounted for approx. 67.6% of recorded attacks. This is followed by attacks on exchanges, nonfungible token (NFT) projects, cross-chain bridges and wallets in that …

Decentralized finance (DeFi) investors should buckle themselves up for another big year of exploits and attacks as new projects enter the market and hackers become more sophisticated. Executives from blockchain security and auditing firms HashEx, Beosin and Apostro were interviewed for Drofa’s An Overview of DeFi Security In 2022 report shared exclusively with Cointelegraph. The executives were asked about the reason behind a significant increase in DeFi hacks last year, and were asked whether this will continue through 2023. Tommy Deng, managing director of blockchain security firm Beosin, said while DeFi protocols will continue to strengthen and improve security, he …

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The end of 2022 saw the least value of stolen funds from DeFi, with $62 million worth of exploits in December. While the figure might seem a relief given the multiple bridge hacks and hundreds of millions of dollars stolen this year, cybersecurity experts have warned that the ecosystem would see no decrease in exploits, flash loans or exit scams in 2023. Lido protocol overtook MakerDAO to have the highest total value locked (TVL) …

In a Jan. 6 tweet, Balancer warned certain liquidity providers to remove their LPs "ASAP" as there is an ongoing issue related to some of the protocol's pools. Other pools have had their fees set to zero by the balancer emergency multisig, which the team claims to have "mitigated" the issue. Not all pools could be mitigated in this way, however. Balancer listed the pools that need to be withdrawn include DOLA / bb-a-USD on Ethereum, It's MAI life and SmellsLike Spartan Spirit on Optimism, and Tenacious Dollar on Fantom. IMPORTANT: Because of a related issue, LPs of the following …

According to a Jan. 5 report published by Chinese blockchain security firm LianAn Technology, decentralized finance, or DeFi, exploits across blockchains worldwide totaled $3.64 billion in 2022. This represented a rise of 47.4% compared to the loss of $2.44 billion in 2021. The incidents increased in quantity despite a steep 80% loss in DeFi total value locked during the year. Out of the 2022 amount, funds lost during cross-chain bridge hacks amounted to $1.89 billion across 12 incidents — the highest in the category. Overall, attacks on the Ethereum, BNB, and Solana chains accounted for the majority of exploits. Out …

200 million Twitter users’ private information, including their email addresses, was put for sale after a breach exposed 400M users’ private information in the last week of December 2022. The hacker behind the December breach has earlier demanded $200,000 from Twitter in a bid to return the stolen data and warned if the demand is not fulfilled, the data will be released for free. The latest set of data posted on the hacker forum has been traced back to the same breach from December 2022. I went to change my email address and Twitter isn't working. This hack puts activists …

In a new update to the Mango Markets exploit saga, the United States District Court for the District of Puerto Rico has issued an order of detention to the infamous Mango Markets exploiter Avraham Eisenberg. After holding a detention hearing, United States Magistrate Judge Bruce McGiverin decided that it was necessary to detain Eisenberg for several reasons. According to court documents, there is no condition or combination of conditions of Eisenberg’s release that will reasonably assure his appearance as required. In addition to this, the court also specified other reasons. This includes Eisenberg being subject to a lengthy period of …

A class action lawsuit has been filed against password management service LastPass following a data breach from Aug. 2022. The class action was filed with the U.S. district court of Massachusetts on Jan. 3, by an unnamed plaintiff known only as “John Doe” and on behalf of others similarly situated. It alleges that the data breach of LastPass has resulted in the theft of around $53,000 worth of Bitcoin. The plaintiff claimed he began accruing BTC in Jul. 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices.” …

Hackers have started the year with another exploit, with several million being taken from a whale holding large amounts of decentralized finance (DeFi) protocol GMX’s native token. On Jan. 3, various community members saw suspicious movements of GMX tokens. Following this, security firms CertiK and PeckShield flagged the transactions as an exploit that drained $3.4 million worth of GMX tokens from a GMX whale. According to data analysis platform Lookonchain, the hackers took control of 82,519 GMX tokens and exchanged the assets for 2,627 Ether (ETH). Then, the attackers cross-chained the assets to the Ethereum network using Hop Protocol and …