Fintechs.fi

Fintech & Crypto News

$27 Million in Tether Stolen from Binance-Linked Wallet: Revealed by ZachXBT

Web3 Security Breaches Reach Alarming Heights in Q3 2023

The cryptocurrency world has been rocked again as a hacker successfully stole $27 million worth of Tether (USDT) from a wallet linked to the popular exchange Binance. This audacious breach, which occurred on November 11, 2023, has raised serious concerns about the security of digital assets and the rising sophistication of cybercriminals in the crypto space.

The Intricate Crypto Heist

The theft came to light thanks to the diligent efforts of on-chain investigator ZachXBT, who uncovered the details of the $27 million heist. According to ZachXBT’s analysis, the stolen funds were quickly converted from Tether (USDT) into Ethereum (ETH). To further obfuscate the stolen assets’ origins, they were sent through various cryptocurrency services, including FixedFloat and ChangeNow—a tactic commonly used by hackers to conceal the trail of illicitly obtained funds. The final step involved funnelling these assets into Bitcoin via the decentralised liquidity protocol THORChain.

What makes this heist particularly intriguing is the origin of the stolen funds. Just one week after the breach, the wallet received the sum as a withdrawal from Binance, a leading player in the cryptocurrency exchange ecosystem. In a twist of fate, ZachXBT’s investigation unveiled that the same wallet had received funds from an address previously marked by Etherscan as a Binance smart contract deployer in May 2019.

Web3 Security in Shambles

This brazen heist is not an isolated incident but rather part of a disturbing trend. According to Certik’s Web3 Security Quarterly report for Q3 2023, this quarter has witnessed a staggering $699 million lost across 184 security incidents. This astronomical figure surpasses the combined losses of the first two quarters, which amounted to $320 million in Q1 and $313 million in Q2.

The report highlights the North Korean state-affiliated Lazarus Group as a significant threat actor responsible for substantial losses in the cryptocurrency space. Employing sophisticated tactics, the Lazarus Group has targeted Web3 personnel throughout the year, resulting in confirmed losses of at least $291 million. Their modus operandi heavily relies on social engineering to breach security defences across multiple platforms.

Another alarming trend contributing to the Q3 losses has been private key compromises, accounting for $204 million across 14 incidents. Notably, incidents involving Mixin and Multichain alone resulted in $325 million in losses.

Binance Responds

In response to the incident, Binance issued a statement confirming the legitimacy of the withdrawal made by the user, emphasising that it was validly unauthorised on their platform. They expressed their commitment to assisting in the matter, even though the compromise occurred outside their control. Binance’s deployer wallet, linked to the stolen funds, has been inactive since December 2020.

THORChain’s Troubled Waters

THORChain, a decentralised liquidity protocol, is at the centre of several high-profile hacks this year. In June, hackers utilised the network to mask the theft of $35 million from Atomic Wallet. More recently, THORSwap temporarily suspended its platform operations after a series of trades connected to last year’s FTX hack.

The cryptocurrency world remains a fertile ground for hackers, with exchanges often being prime targets. Last week, Poloniex fell victim to a hack that lost $125 million from the exchange’s hot wallets.

As the cryptocurrency landscape evolves, the need for enhanced security measures and proactive protection against cyber threats becomes increasingly critical. The $27 million heist serves as a stark reminder that the battle between cyber criminals and defenders in the digital realm is far from over, and vigilance is paramount in safeguarding the assets of the crypto community.

Read Also: