32 C
Friday, May 24, 2024
HomeExchange NewsUniswap and Lendf.me Are the Latest Crypto Exchanges to Be Compromised

Uniswap and Lendf.me Are the Latest Crypto Exchanges to Be Compromised


Related stories

It’s happened again, folks. Another cryptocurrency theft is in the books. This time, the victims are the Uniswap exchange and the Lendf.me lending platform, both of which are reporting combined total losses of more than $25 million.

Uniswap and Lendf.me Have Been Compromised

Cryptocurrency theft is nothing new, but what’s arguably the most frustrating about stories like these is that while many companies and organizations in the industry are seeking to improve their security protocols, hackers are finding new ways to get their fingers on funds that don’t belong to them. Thus, for every step forward the cryptocurrency industry takes, hackers move alongside it.

Several cryptocurrency exchanges have been hacked or compromised over the past six years. Arguably the two biggest examples that come to mind are Mt. Gox and Coincheck. Both occurred in Japan approximately four years apart from each other. Mt. Gox took place in February of 2014, while Coincheck happened in January of 2018.

The former saw more than $400 million in BTC funds disappear overnight, while Coincheck saw more than half-a-billion in altcoin funds drift into hacker-owned accounts. Other exchanges compromised over the past few years include Bithumb and Binance, arguably the largest and most popular crypto exchange in the world.

In addition, crypto theft can occur in different (sneakier) ways. A common method includes crypto jacking, in which a hacker takes over a person’s computer or digital device without their knowledge or consent. Once in, the hacker uses the person’s computing power to mine crypto, typically Monero given its quasi-anonymous properties.

The hacker ultimately makes a mint using the person’s energy, while the original owner gets nothing minus hefty energy bills that show up in their mailbox at the end of each month.

The attack on both Uniswap and Lendf.me took place over the weekend. The incident is now being investigated by law enforcement. It is believed that the attacks on both platforms occurred through the same individual(s), who appear to have instigated what’s known as a “reentrancy attack,” which allows the malicious actor in question to repeatedly withdraw funds before transactions are approved.

Thus, the hacker can get their talons on multiple funds before the transaction closes out. In a statement, Tokenlon – a decentralized exchange – commented:

The ERC-777 token standard has, to our knowledge, no security vulnerabilities. However, the combination of using ERC-777 tokens and Uniswap/ Lendf.me contracts enables… reentrancy attacks.

Both Companies Are Pretty Similar

Both ventures report several similarities in their overall structures and operations. For example, both Lendf.me and Uniswap were decentralized platforms and utilized imBTC, an Ethereum-based token that has virtually the same value as bitcoin.

At the time of writing, both companies have temporarily shut themselves down as the investigation continues. All additional transactions have also been halted to prevent the hackers from garnering further funds.

Nick Marinoff
Nick Marinoffhttps://www.livebitcoinnews.com/
Nick Marinoff is currently a lead news writer and editor for Money & Tech, a San Francisco-based broadcasting station that reports on all things digital currency-related. He has also written for a number of other online and print publications including Black Impact Magazine, EKT Interactive, Seal Beach USA and Benzinga.com, to name a few. He has recently published his first e-book "Take a 'Loan' Off Your Shoulders: 14 Simple Tricks for Graduating Debt Free" now available on Amazon. He is excited about the potential digital currency offers, particularly its ability to finance unbanked populations and bring nations together financially.


Latest stories