With the development of the crypto market, crypto crimes in this sector appeared on the first pages of different media. We’ve already written about crypto scams in this article. But we would like to tell you about two other high-profile cases that took place this year. So prepare yourself to be amazed because these two hacks are something else!
Crypto Robin Hood: $52 million Cashio hack
March 23, 2022 was the darkest day for the Cashio project. On this day, an unknown person hacked a decentralized platform that is designed to burn native CASH stablecoins. As a result of an attack, $52.8 million was stolen.
The scheme itself was quite ordinary, it involved several stages. Here’s what hacker managed to do:
- Gained access to the protocol using a vulnerability in the code;
- Created several fake accounts and minted 2 billion CASH tokens;
- Burnt part of the assets for getting reward in USDT-USDC tokens;
- Exchanged funds for various types of cryptocurrency and transferred assets to an ethereum wallet.
At first sight, it may seem that this is a usual crypto theft. However, it had an unexpected surprise. Security experts found a hidden message in one of the transactions. The text of the message was: “Accounts with less than 100k have been returned. All other money will be donated to charity." Immediately after that, the hacker began to refund crypto.
Thousands of users have received their assets back. People who had already said goodbye to their funds could not believe that. Developers begged the hacker to return the remaining amount, because many of the 100k+ accounts were customer savings. Moreover administrators admitted that they did not have money to pay off the victims. It’s hard to believe in, but on March 28 the hacker got in touch:
“The intention was only to take money from those who do not need it, not from those who do. will be using the eth gains to return more funds to those affected, even some accounts more than 100k. will not return funds to accounts that already receive refund” – wrote the Crypto Robin Hood.
At this point, Cashio users were shocked. The Internet community was instantly divided into two camps. Someone pointed to the obvious crime and theft, others supported the burglar. In their opinion, not every hacker is able not only to pull off such a scam, but also to bring to life the image of Robin Hood.
Cashio tried to persuade an anonymous hacker to return the money to them in exchange for $1 million. However, there is no confirmation that the hacker accepted these terms. Actually, at the moment it is also unknown how many clients have received funds back. Plus, no one knows if the rest of the money actually was sent to charity accounts.
The 600 Million Game: Axie Infinity hack
To date, the Axie Infinity hack is the largest digital asset theft in DeFi in recent years. On March 29, 2022, one of the users in the popular blockchain game decided to withdraw a large amount of crypto. The user wanted to receive a hard-earned 5 thousand ETH, but soon discovered that there was no cryptocurrency on the account! Afterwards, developers revealed the unauthorized withdrawal of an unbelievable amount – $625 million.
The theft took place on March 23, but the hackers worked quietly and none of the developers noticed the loss of funds for 6 days. The attackers gained access to the Ronin blockchain bridge and took control of the account of one of the developers who could approve transactions without going through the main system.
Then hackers withdrew assets without any problems, including 173.6 thousand ETH and a bunch of USDC stablecoins. In total, $625,500,000 was stolen. The most interesting thing is that the Ronin Bridge was connected specifically in order to speed up transactions and reduce costs.
This accident has demonstrated that some blockchain bridges are not very safe. Although they have become very popular on various platforms, these services are vulnerable to the growing threat of crypto hackers. However, this technology is developing and becoming better every day.