Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Cryptohack Roundup: Uranium Finance, LayerZero, MiCA

Also: Ledger Faces Backlash on Seed Phrase Recovery Solution
Cryptohack Roundup: Uranium Finance, LayerZero, MiCA
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.

See Also: 2021 Analysis of Geographic Trends in Cryptocurrency Adoption and Usage

Uranium Finance

The Uranium Finance hacker on Tuesday moved ETH coins worth $1.18 million to sanctioned crypto mixer Tornado Cash. The hacker in March laundered funds worth $3.35 million after lying low for more than 21 months. Web3 security firm PeckShield said the hacker currently holds a total of $124,000 worth of crypto in their wallet. On April 28, the hacker exploited a coding vulnerability on the Binance Smart Chain-based platform to steal funds worth $50 million at the time, likely forcing the company to cease operations and ask users to withdraw funds from the platform.

LayerZero Labs

LayerZero Labs on Wednesday announced a $15 million bug bounty program in partnership with bug bounty platform Immunefi. Touted as the "largest bug bounty reward in the software industry," it will offer a "maximum reward of $15M for each new vulnerability found by participants who uncover vulnerabilities at the highest severity level," LayerZero said.

MiCA

The European Union on Tuesday adopted a cryptocurrency regulation intended to protect consumer interests by preventing high-profile crashes such as FTX and Terra Luna and by mandating tougher cybersecurity requirements. Finance ministers representing all 27 member countries voted unanimously to enact the Markets in Crypto-Assets regulation. The rules for stablecoins are set to be implemented in July 2024, and those for other crypto assets will take effect in January 2025. The legislation holds crypto asset service providers liable for losses stemming from cyberattacks, thefts or malfunctions, details anti-money laundering provisions that can limit hackers' ability to off-ramp stolen crypto, and comprises a travel rule to ensure traceability of crypto assets and prevent sanctioned addresses from carrying out unlawful transactions (see: EU Adopts Comprehensive Crypto Regulation).

Ledger

Ledger's new recovery tool for hardware crypto wallets allows users to reclaim their lost and forgotten seed phrases. The company's announcement sparked a backlash among security and privacy experts, who say the solution undermines security. Called Ledger Rover, the solution splits a seed phrase into three encrypted parts and shares them with different third parties for safekeeping. Polygon Labs CISO Mudit Gupta, who called it a "horrendous idea," said the issue isn't the key split. The concern, he said, is that the three corporations who store the encrypted keys can easily reconstruct the whole phrase.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.