Friday, December 6, 2024
HomeCyber Security NewsGrowth of Web3 Fuled New Opportunities for Threat Actors to Attack Finance...

Growth of Web3 Fuled New Opportunities for Threat Actors to Attack Finance Sectors

Published on

SIEM as a Service

Web3 and DeFi have been appealing to many threat actors, and there has been a significant boost in heists that have become larger than any they have experienced in more traditional finance.

Mandiant’s investigation into the 2016 Bangladesh Bank heist revealed that the North Korean hackers managed to steal $81 million, which highlights the scale of cybercrime.

Cybersecurity analysts at Mandiant recently identified that the rapid growth of Web3 has significantly fueled up new opportunities for threat actors to attack the finance sector.

- Advertisement - SIEM as a Service

However, the 2022 Sky Mavis’ Ronin Blockchain hack enables threat actors to steal $600 million, indicating the escalating danger in DeFi.

Not only that even, more than $12 billion worth of digital currencies has been lost to hackers since 2020.

Web3 Fuled New Opportunities

Threat actors often target crypto exchanges and use sophisticated methods to steal huge amounts of digital assets.

The prominent cases of theft are the Bitcoin Exchange hack of Mt. Gox, which took over 350 million worth of Bitcoins in 2014, and the DMM Bitcoin hack, which led to $300 million of losses in 2024. 

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

While all these attacks often involve a series of coordinated steps known as the “Targeted Attack Lifecycle.”

Fake job opportunity (Source - Mandiant)
Fake job opportunity (Source – Mandiant)

Hackers frequently employ social engineering to trick developers into downloading malware disguised as coding challenges or job descriptions. 

Once the malware, like COVERTCATCH or RUSTBUCKET, infiltrates a system, it persists through the following mechanisms:-

  • Launch Agents
  • Enabling attackers to steal credentials
  • Access sensitive environments

In most such cases, they completely drain the cryptocurrency wallets using all these credentials. Madiant’s report also states that smart contracts, which are operational on blockchain technology, are not safe.

These contracts are mainly written in languages like Solidity for Ethereum or Rust for Solana, and can be exploited through flaws in their logic.

Among the many significant events are the DAO hack, carried out in 2016 and using the so-called “reentrancy attack” method to steal $55 million in Ether coins, and the 2023 hack of Curve Finance, which inflicted losses of $70 due to programming faults in the Vyper programming language.

Another standard method of such malicious actors is a “flash loan attack,” where attackers manipulate the pricing oracle and take out an unsecured loan for profit.

The 2023 Euler Finance hack is a prime example, where $200 million was stolen by exploiting a flaw in the donateToReserves function, allowing the attacker to manipulate the collateral and trigger self-liquidation. 

These incidents highlight the need for enhanced security measures and threat detection to protect digital assets in the rapidly evolving crypto landscape.

The DAOs have been known to apply permissionless token-based voting for project marketing, where holders of such tokens get to vote on the project’s future decisions.

Such a system, especially during voting, can be subjected to a takeover, known as a governance attack, in which some people buy out a large percentage of the tokens and take over the whole system.

For instance, there was the Tornado Cash case from May 2023, in which the threat actors bought out the project and stole over TORN 10,000 ($67,056 worth) in less than a week.

Cybersecurity researchers urged users to protect against these evolving threats, and organizations must enhance their security measures.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials

Researchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...