Total Tests:

Nomad Crypto Bridge Drained of Nearly $200 Million in “Chaotic” Attack

Thursday, August 4, 2022 By Read Time: 2 min.

Read also: More than 8K Solana wallets compromised in yet another hack, thousands of mobile apps leak Twitter API keys, and more.


Nomad Crypto Bridge Drained of Nearly $200 Million in “Chaotic” Attack

Nomad is the latest victims of a multimillion-dollar hack

Nomad, a bridge protocol for transferring crypto tokens across different blockchains, has been robbed of nearly $190 million in various cryptocurrency in what has been described as one of DeFi’s most chaotic attacks ever seen. This is one of the most extensive hacks to date.

Nomad has acknowledged the incident on Twitter and said that the attack is being investigated. While the details on the heist has been scarce, a security researcher pointed to a recent update to one of Nomad’s smart contracts that allowed users to spoof transactions. As blockchain security firm Certik explained, the exploit occurred when a routine upgrade allowed verification messages to be bypassed on Nomad, which allowed attackers to copy/paste transactions and thus drain the bridge of almost all funds.

A day after the attack hackers returned $9 million to Nomad.

Thousands of Solana crypto wallets compromised, millions stolen

In a similar, but separate incident, hackers targeted Solana, a popular blockchain known for its speedy transactions, with users reporting that funds have been drained from Solana “hot” wallets.

Solana said in a tweet that the attack affected nearly 7,767 wallets, impacting users of both mobile and browser extensions. At the same time, other reports indicate that over 8,000 wallets have been affected, with estimated loss of nearly $8 million.

It’s unclear at this point how exactly the attack was carried out, although some researchers suggest that a supply chain attack could be involved that allowed thieves to obtain users’ private keys. Solana said that there is no evidence that the Solana protocol and its cryptography was compromised.

Luxembourg energy supplier Creos hit with ransomware

A cybercrime group behind the AlphV\BlackCat ransomware operation has claimed responsibility for the attack on Creos, a company that manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. On their dark web leak site the group announced they stole over 150 GB of corporate data.

Creos’ parent company Encevo Group said that the incident took place on the night of July 22-23, 2022 and that files were exfiltrated from its computers or rendered inaccessible as a result of the cyber-attack. The company also said that there was no impact on gas and electricity supply. The investigation into the breach is still ongoing and has yet to determine what data was compromised.

In a separate incident, German power electronics manufacturer Semikron has reportedly been hit with an LV ransomware attack, with the hackers claiming to have stolen 2TB worth of documents from the company’s systems.

An ongoing large-scale AiTM phishing campaign is targeting enterprise email accounts

Security researchers have warned of a new, large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) and other techniques to bypass email security and network security solutions and compromise corporate email accounts.

First observed in June 2022, the campaign is aimed at users in enterprises that use Microsoft's email services. Key targets include fintech, lending, insurance, energy, manufacturing, and federal credit union verticals in the US., UK, New Zealand, and Australia. At the time of writing, the campaign is still active, with the threat actor behind it registering new phishing domains almost every day.

Over 3,000 apps are leaking Twitter API keys

Researchers have found that more than 3,000 mobile applications were leaking Twitter API keys, exposing users of the apps to the risk of hijacking their Twitter accounts. By gaining access to the accounts, threat actors could create an army of bots to spread the mis/disinformation, malware, or spam through Twitter.

A total of 3,207 apps were identified that leaked valid Twitter Consumer Key and Secret Key information. 230 of the observed apps were found leaking OAuth access tokens and access secrets as well.


What’s next:


Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential