terça-feira, 19 de abril de 2022

Attacker Steals $182 Million From Ethereum-based Beanstalk Stablecoin Protocol

By Deeba Ahmed  - April 18, 2022 in Hackread


Money Times


Interestingly, the attacker donated $250,000 of the stolen funds to an address used for raising donations for the Ukrainian government.

According to security firm PeckShield, a credit-focused, Ethereum-based stablecoin protocol known as Beanstalk is the latest target of cybercriminals. The DeFi protocol was exploited this Sunday in a flash-loan attack due to which Beanstalk lost around $182 million in crypto assets.

Resultantly, the market for Beanstalk’s stablecoin, BEAN, collapsed. As per CoinGecko, the token’s market went down by 86% from its $1 peg.

It is worth noting that the incident is the second massive nine-figure DeFi exploit reported in a month. In March, Ronin Blockchain of Axie Infinity was targeted, allegedly by North Korean hackers, causing a loss of $625 million.

How was the Attack Carried Out?

Regarding how the attack was carried out, Beanstalk referred to a post on its Discord server, noting that the exploiter utilized a combination of governance tokens obtained via a flash loan for creating a fake protocol improvement proposal.

The attacker used the proposal to gift funds stored in Beanstalk. When the attacker received voting power from the Stalk tokens, they could drain all protocol funds into their personal Ethereum wallet.

Details of Losses

PeckShield took to Twitter to disclose details of the attack. According to its tweet, the attacker took away at least $80 million in crypto while causing significant losses to the protocol.

Attacker Steals $182 Million From Ethereum-based Beanstalk Stablecoin Protocol.

Reportedly, the attacker obtained 24,830 ETH and 36M BEAN, equivalent to $75.8 to $80 million. The rest of the funds were connected to the protocol’s governance token in the form of drained liquidity. The attacker funneled the stolen $80 million in crypto via Tornado Cash. It is a cryptocurrency mixer protocol that facilitates private transactions.

Funds Donated to Ukraine Relief Fund

Interestingly, the attacker donated $250,000 of the stolen funds to an address used for raising donations for the Ukrainian government.

“The initial funds to launch the hack are withdrawn from @SynapseProtocol and most of the result gains are deposited to @TornadoCash. Currently, 15,154 ETH still stays in the hacker’s account. Note the hacker donates 250k USDC to Ukraine Crypto Donation,” PeckShield tweeted.

Beanstalk didn’t provide more details such as there’s no clarity on whether the protocol will reimburse funds to users or not.

More Cryptocurrency Hacks

  1. Phishing scam: NFTs Worth $1.7M Stolen from OpenSea Users
  2. Ex-Crypto CEO accused of 2016’s $11 billion Ethereum DAO hack
  3. “Ethical Hacker” Stole Half a Million in Crypto Form Elderly Person
  4. HubSpot Data Breach – Major Cryptocurrency Companies Impacted
  5. $3.6 billion worth of Bitcoin seized from crooks tied to 2016’s Bitfinex hack

domingo, 13 de fevereiro de 2022

A good test program Tweakeze

 Itu, February 13, 2022.


I'm testing a program called Tweakeze and anyone who wants to test the link follows below. I would like whoever tested it to give me feedback on what they found.

Here is the definition of the program according to the MajorGeeks website:

"Tweakeze monitors any changes made in your Microsoft Windows file systems, registry databases, and more.


Tweakeze (Tweak Easy) is designed to monitor your machine in real-time and execute pre-defined or custom scripting actions when these events happen. It also includes several junk cleaning options to round its feature set out. You can create custom watchers specifying the triggers, like when an executable starts/stops. It permits you to organize them into neat categories or by name with the corresponding action to be carried out. There is no Help section included, or at the author site, so a bit of trial and error will be needed.

These actions can trigger regular file/folder and Registry operations (i.e., delete, move, copy, set) or run a script to capture changes, filter their execution, or execute a completely different task. All Active Script Languages installed on your machine (i.e., VBScript, Jscript, PHP, etc.) and PowerShell scripting is currently supported.

Tweakeze can also delete browser data, permitting you to remove temp data, history traces, download history, and completed forms history. It can also activate/deactivate the old classic volume control. It will additionally provide you with cursory system information.

Tweakeze is a well-rounded monitoring tool providing you with many valuable options for keeping a handle on what goes on with your machine in real-time.

Tweakeze Features:

  • Keystroke Logger
  • Real-Time Monitoring
  • Keywords Alerts
  • Monitor Multiple PC
  • Message Monitoring

  • https://tweakeze.com/