Idelto

Cryptocurrency news website

Dmytro Volkov

Hackers Paradise: Yet Another Defi Protocol Exploited for Nearly $20 Million in DAI

by

Hackers Paradise: Yet Another Defi Protocol Exploited for Nearly $20 Million in DAI

Decentralized finance (defi) protocol Pickle Finance was hacked for $19.7 million of the stablecoin DAI over the weekend, as the defi industry appears to be turning into a hackers paradise.

Pickle’s native token (PICKLE) plunged 62% on the news, falling from $23.27 to $8.70 when the hack was first reported on Nov. 21. At the time of writing, the token has since rebound 29% in 24 hours to $18.51, according to Coingecko data.

This is the fourth hack to hit the defi space in just two weeks. Akropolis, Value Defi and Origin protocol were exploited for a combined total of $15.7 million in flash loan attacks.

Pickle Finance is a yield aggregation service that rewards users who provide liquidity to its various pools of stablecoins with interest and token disbursements in ether, other stablecoins or its native digital asset PICKLE.

It is not clear whether Pickle Finance suffered a flash loan attack, but management admitted in a blog post that “this was a very complicated attack and involved many components of the Pickle protocol.” It took the protocol’s dev team of 10 people more than four hours to figure it out.

The hacker targeted Pickle Finance’s DAI pjar product, a concept akin to yearn.finance’s vaults, and drained 19,759,355 of the U.S.-dollar-pegged stablecoin DAI. This specific jar harvests yield from DAI deposits made via the decentralized lending protocol Compound.

Cyber-security expert Dmytro Volkov told news.Bitcoin.com that the defi hacking frenzy was a result of hurried project development.

“Most of the defi projects’ hacks are based on vulnerabilities connected to errors in the source code. Errors in applications occur for various reasons, and it is errors that cause vulnerabilities and subsequent hacks of these applications,” said Volkov, who is also chief technology officer at crypto exchange Cex.io.

“Cybercriminals look for errors in the defi protocols and exploit them for their own ends. As defi projects become more popular and the greater the amount of capital that flows through them grows, the more this field will attract hackers, and the more hacks there will be,” he added.

Pickle Finance said in a Nov. 24 tweet that it has a “small chance” of recovering the stolen money.

What do you think of defi industry’s latest hack? Let us know in the comments section below.

The post Hackers Paradise: Yet Another Defi Protocol Exploited for Nearly $20 Million in DAI appeared first on Bitcoin News.

CEX.IO Cryptoexchange Makes CryptoCompare Top 10

by

The international cryptocurrency exchange CEX.IO made it into the CryptoCompare top 10 July 2020 report, with an overall A grade. The CryptoCompare Exchange Benchmark rating evaluates over 165 exchanges around the world on aspects like adherence to regulations, platform security, liquidity, asset diversity, senior management team, API connectivity stability and performance, and number of negative events, while ensuring the necessary transparency in crypto asset trading.

CEX.IO, one of the world’s largest crypto exchanges, is based in London. It has been in operation since 2013 and has over 7 years’ experience in the digital currency market. It currently has offices in the UK, USA, Ukraine, Gibraltar, Cyprus and Singapore. CEX.IO is aimed at a broad target audience, from novice private traders to professional financial institutions.

CEX.IO’s highest score in the rating, at 12.5 points out of 15, was in the Security category, putting it in the third place among all the competing exchanges. The evaluation took into account security certificates, two-factor authentication, SSL rating, percentage of cold wallet usage, distribution of keys, and the number of hacking attempts. According to CryptoCompare’s data, in 2020 CEX.IO did not experience a single negative event.

“The security of our customers and their funds is CEX.IO’s top priority,” comments Dmytro Volkov, the exchange’s CTO. “We use a comprehensive, thoroughly thought-through system of protection measures to ensure it. High-level certificates protect the platform against phishing, while constant monitoring allows us to track both suspicious activity within the system and manipulations on the market and catch them in time.”

To increase its level of security, CEX.IO decided to minimize its use of third-party services. All the key components and decisions, including KYC and AML, wallet operations, server maintenance, and trading, are proprietary intellectual property, developed by the CEX.IO’s internal outstanding R&D department.

In particular, for the sake of security hot wallets hold only the amount necessary for the exchange’s normal operations, while 95%+ of funds are kept in cold storage; transactions are reliably secured using a system of multiple signatures and two-factor authentication. The platform’s operations also include several additional measures to protect against hacking, including a ban on withdrawals for several days after changing important account security settings, as well as confirmation of important transactions via multiple independent channels.

In addition to security, the exchange earned high scores in Market Quality (11.2), Team/Exchange (11.0), Data Provision (10.1), and Legal/Regulation (9.2). The exchange team’s expertise in cryptocurrency regulation in various world countries has frequently given them a seat at the table in task forces working on developing and implementing industry standards.

“We appreciate this evaluation of our work and our competence. July was a fruitful month for us: in addition to the CryptoCompare rating, CEX.IO also made into the Coin Metrics list of trusted exchanges” notes Oleksandr Lutskevych, the exchange’s founder and CEO.

The analytics platform developed by Coin Metrics makes it possible to gather data from exchanges, evaluate real trends and trading volume, as well as identify exaggerations in public metrics. Successfully passing independent verification by this platform is an additional important indicator of an exchange’s reliability.

Press Contact Email Address
[email protected]

Supporting Link
https://cex.io

This is a press release. Readers should do their own due diligence before taking any actions related to the promoted company or any of its affiliates or services. Bitcoin.com is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in the press release.

The post CEX.IO Cryptoexchange Makes CryptoCompare Top 10 appeared first on Bitcoin News.

Peter Schiff’s Bitcoin Hack Comment Invites Ridicule

by

Euro Pacific Capital CEO, Peter Schiff’s comment suggesting Bitcoin might be the next target following a hack of multiple VIP Twitter accounts has been ridiculed by bitcoiners.

Seemingly relishing the prospect of a bitcoin hack, Schiff a gold bug and a well-known bitcoin critic, signs off his Twitter post by urging his followers to stick with gold. The criticism from Schiff took place after a number of popular Twitter accounts were hacked on Wednesday afternoon.

Some members of the bitcoin community immediately reacted to the old nemesis by pointing to Schiff’s apparent ignorance.

Dmytro Volkov, CTO at Cex.io explains that the request to transfer bitcoins, rather than dollars, stems from the popularity, prevalence, and ease of transferring cryptocurrency.

In particular, Volkov questioned the logic used by Schiff in his latest attack:

“What actually did happen? Twitter got hacked and perpetrators asked to transfer funds. If they had asked to transfer dollars, then, following the logic of Mr. Schiff, should we have said that the dollar is doomed? It is, at least, illogical to link causes and effects in such a way.”

Volkov suggests that the hacking of accounts “is only related to the vulnerability of Twitter’s infrastructure” and the ways people interact with it.

There is no connection with the reliability of bitcoin.

Volkov’s sentiments are shared by several Twitter users that reacted to Schiff’s initial comment. One comment asked why hackers had not asked for gold.

Also attacking Schiff’s comment is George Donnelly, Business Development Manager at Bitcoin ABC. Donnelly says the comment once again exposes his ignorance.

“Peter Schiff, as usual, demonstrates he knows next to nothing about bitcoin. I’d like to see him send some verified gold online. You can send the provably scarce, real Bitcoin Cash online, which gives it greater utility than Peter’s clumsy, if beautiful, gold,” asserts Donnelly.

Meanwhile, Volkov also sought to make clear what this hacking might mean and how this is not feasible.

“It means hacking the cryptographic algorithm on which bitcoin works. If this algorithm ever gets hacked, and the hacker becomes capable of completing a transaction without the original private key, then it will mean trouble not so much for bitcoin, but for everyone who uses such algorithms,” Volkov stressed. “These are HTTPS-secured websites, bank payments, authorizations, etc. Hacking the algorithm would be a global problem, and bitcoin is hardly a priority target for hackers here.”

Volkov concludes that there is no reason to believe that “the algorithm can be cracked with the current level of development in mathematics and computing devices.”

What do you think about Peter Schiff’s latest comments? Tell us your thoughts in the comments section below.

The post Peter Schiff’s Bitcoin Hack Comment Invites Ridicule appeared first on Bitcoin News.