Crypto Hacks of the Week: Breaches, Scams, and Rug Pulls Rock the Market

The world of cryptocurrency took a wild ride this week, with a series of high-profile hacks, phishing attacks, and even a rug pull causing millions in losses. From corporate giants to individual investors, no one was immune.

Want to know how these attacks unfolded and what lessons can be learned? Dive into our weekly crypto hack roundup and discover the stories behind the chaos.

Corporate Bitcoin Holder’s Nightmare

In a shocking turn of events, hackers infiltrated the largest corporate holder of Bitcoin, obtaining unauthorized access to the coveted X credentials. The fallout was immense, with the malevolent actors posting malicious phishing links. Though the links were promptly deleted, the losses amounted to nearly half a million dollars.

Scam Sniffer, the Web3 anti-scam platform, shed more details and revealed that the hacker stole multiple altcoins and that the exact loss was $424,786 worth of $wBAI, $wPOKT and $CHEX. What is surprising is that a single user lost all this crypto, highlighting the intensity of the hack.

Token Drain

A misleading airdrop post lured unsuspecting users into a trap, directing them to a fake “official” Ethereum-based MSTR token airdrop. Clicking the link led to a counterfeit MicroStrategy page, tricking users into connecting their wallets and, in turn, allowing attackers to drain their tokens.

Serenity Shield’s Soaring Fall

The Serenity Shield token once hailed as a “crypto legacy solution” has witnessed a staggering decline of almost 99% in its value after approximately 6.9 million SERSH tokens worth $5.6 million at the time were reportedly siphoned off from one of the team’s MetaMask wallets.

Serenity Shield confirmed the breach in a tweet on February 27th, announcing to its community that they are temporarily halting all trading, deposits and withdrawals of SERSH on centralized exchanges.

The team assured the community that they are actively working to restore liquidity to all new token contracts and will replace all liquidity lost due to the exploit.They are also launching a new SERSH token through a robust smart contract to safeguard the whole of their ecosystem.

Seneca’s Chamber Breach

On Wednesday, 28th of February, Seneca’s Chamber contracts, previously audited by Halborn Security, were affected by a bug approval and user’s funds were compromised. In the attack, Seneca’s Chamber.sol contract was implicated. The attacker exploited Chamber’s performOperations() function, allowing calls to functions in other contracts using the Chamber contracts to send tokens to their address.

$6.4 million were stolen during the attack and 80% of funds approximately $5.3 million were recovered through a Whitehat request while keeping 20% valued at $1.04 million as bounty. The good news was that the breach didn’t affect funds directly deposited into Seneca but rather targeted assets held in users’ wallets.

Grayscale’s Unwanted Gift

Capital Killer, an anti-capitalist hacker group, revealed on twitter that they have attacked the Grayscale official website, claiming it as a gift to the AVAV community in support of fairness and anti-capitalism. Currently, the Grayscale official website is inaccessible, but the page for Grayscale’s Bitcoin ETF GBTC remains accessible.

Aleo’s KYC Mishap

On 26th February, Aleo, a blockchain project that advertises it’s a place for fully private applications with built-in privacy emailed private identification documents such as selfies and photographs of government identification cards to the wrong users. 

Aleo released a statement regarding the Know Your Customer (KYC) information exposure addressing the issue. The zero-knowledge platform blamed the leak on a copy/paste error in email metadata.

Aleo said in a post on X that the KYC information leak affected only about 10 participants from its recent Aleo Learn and Earn events. Aleo stated that it removed the exposed information, investigated the cause and informed the affected individuals.

Shido Network’s Ethereum Exodus

In a final twist, the decentralized cross-chain protocol Shido Network executed a rug pull on the Ethereum blockchain. The owner of the SHIDO token staking contract upgraded the contract, withdrew a substantial amount of SHIDO tokens, and dumped them for 692 ETH, equivalent to $2.1 million.

A Week of Crypto Turbulence

As we wrap up this tumultuous week in the realm of crypto hacks, keep a vigilant eye out for our next weekly roundup, specially curated for you. Stay tuned for more updates like this.