cryptohack

📅 December 24 | Crypto Ecosystem
For many users, the morning started like any other… until it wasn't. Notifications of login attempts, empty balances, and unauthorized closed trades triggered alarms on Polymarket, one of the most widely used decentralized prediction platforms in the crypto ecosystem. What was unsettling wasn't just the loss of funds, but the context: secure devices, emails protected with two-factor authentication, and no prior suspicious activity.

📖During the week, several users reported being victims of a Polymarket account hack, discovering that their positions had been closed and their balances almost completely drained. The reports shared a key element: the access attempts occurred without compromising emails or personal devices, and in some cases even with additional security measures enabled.
According to testimonials shared on X and Reddit, those affected received multiple notifications of login attempts before their funds disappeared. In at least two documented cases, users stated they had not clicked on any suspicious links or interacted with any external sites.
Attention quickly focused on a common factor: the affected users had created their accounts using Magic Labs, an authentication provider that allows login with email and generates non-custodial Ethereum wallets. This system is widely used by new crypto users precisely because it eliminates the friction of managing private keys from the outset.
On Tuesday, Polymarket officially confirmed the incident via its Discord channel. The platform acknowledged that a small number of users were affected by a security issue originating from a third-party authentication provider.
Although it stated that the vulnerability had been fixed and that there are no active risks, the company did not disclose how many users were impacted, the total amount of funds stolen, or publicly identify the provider involved.

Topic Opinion:
In the race to attract massive user bases, many platforms have prioritized ease of access over the resilience of their security model. The result is a hybrid ecosystem, where the risk lies not in the smart contract itself, but in the bridges that connect the user to it.
💬 Who assumes responsibility when the failure is not on-chain?

Leave your comment...
#Polymarket #CryptoHack #defi #BTC #CryptoNews $BTC

🚨 A Global Cybersecurity Wake-Up Call for Crypto Users
A shocking data breach involving over 16 BILLION login credentials has sent shockwaves across the digital world — and crypto holders are among the most vulnerable targets.

This isn’t just another password leak.
This is a systemic exposure that could allow hackers to:
Access crypto exchange accountsDrain hot walletsExploit forgotten smart-contract permissionsHijack API keysExecute coordinated multi-platform attacks
If you’ve ever reused a password, connected your wallet to a dApp, or granted smart-contract permissions months ago — your assets could be at risk.

🔍 Why This Leak Is Especially Dangerous for Crypto Users
Unlike traditional finance, crypto transactions are irreversible.
Once funds are gone, there is no customer support button.
Hackers are now combining:
Leaked credentialsOld wallet permissionsSocial engineeringAutomated scripts
This allows them to bypass basic security defenses without triggering alerts.
This allows them to bypass basic security defenses without triggering alerts.

“Most successful compromises exploit permissions you granted months ago and completely forgot about.”
— Blockchain Security Researcher

Ask yourself:
👉 When was the last time you audited your wallet permissions?

🔐 Critical Security Steps You Must Take Right Now

1️⃣ Audit Smart Contract Permissions (URGENT)
Revoke unnecessary approvals immediately. Many hacks don’t break wallets — they walk in through permissions you already gave.
✔ Remove unused dApp approvals
✔ Revoke unlimited token access
✔ Review wallet connections regularly

2️⃣ Rotate Exchange API Keys
If you use trading bots or external tools:
Delete old API keys
Regenerate new ones
Limit permissions to “read-only” unless trading
This single step can prevent catastrophic losses.

3️⃣ Use Strong, Unique Passwords Everywhere
Credential stuffing attacks rely on reused passwords.
✔ Never reuse passwords
✔ Use a password manager
✔ Enable 2FA on every crypto platform

4️⃣ Enable Multi-Factor Authentication (MFA)
MFA blocks over 99% of automated attacks.
Prefer:
Authenticator apps
Hardware security keys
Avoid SMS-only authentication where possible.

🌐 Beyond the Breach: Why This Changes Everything
This leak marks a new era of crypto threats.
As crypto adoption grows, attackers are shifting from:
❌ Random scams
➡️ Coordinated, professional cyber operations
“The blockchain security landscape now demands holistic protection.”
— Elena Petrovich, Cybersecurity Analyst
Single security steps are no longer enough.
Layered defense is the only solution.

✅ The Good News: You Can Still Stay Safe
Despite the scale of this breach, most risks are preventable.
By practicing:
Regular permission auditsStrong authenticationCold storage disciplineYou can remain secure — even in the face of historic credential leaks.Your crypto represents freedom, opportunity, and future wealth.Protect it like your life savings — because it is.
💬 Final Question for You:
When was the last time you audited your wallet permissions?
Drop your thoughts below 👇
Stay safe. Stay smart. 🚀

#CryptoSecurity #CryptoHack #BlockchainSafety #Web3Security #CryptoWallet

This wasn’t a loud smash-and-grab. This was a surgical, patient takeover.
A multisig wallet was compromised minutes after creation, then slowly, silently drained over weeks. No alarms. No panic. Just a ghost moving in the machine.
⬇️ THIS IS THE NEW FACE OF SOPHISTICATED CRIME:
- They blend in.
- They wait.
- They move funds in batches.
- They even open DeFi positions to look normal.

But here’s what they don’t tell you: Every major hack forces crypto to LEVEL UP. After Mt. Gox, after The DAO, after FTX – security evolved. Tools improved. Awareness grew.

The lesson isn’t that crypto is weak. The lesson is that security is a discipline.

✅ Multisig, done RIGHT, is still a fortress.
✅ Hardware wallets. Isolated signers. Real setups – no shortcuts.
✅ The tech exists. We’re learning to use it better.

⚠️ FINAL WARNING:
Your wallet could be compromised from DAY ONE without a single red flag.

STAY SAFE. STAY ALERT.
Double-check your setups. Trust no shortcuts. Your vigilance is your strongest shield.

👀 EYES ON YOUR WALLET. ALWAYS.
#CryptoNews #CryptoHack #ScamAlert #Security #Multisig #defi #CryptoSafety #BinanceSquare

The U.S. Federal Trade Commission (FTC) is moving to finalize a landmark settlement with Illusory Systems Inc., the company behind the now-infamous Nomad crypto bridge that was drained of nearly all user funds in a massive 2022 hack. The proposed agreement follows a lengthy investigation and includes strong new obligations for the firm.
If approved, Illusory will be permanently banned from misleading users about its security protocols. The company would be forced to implement a formal cybersecurity program, undergo third-party audits every two years, and return any unrecovered funds if found.

A $186 Million Wake-Up Call for the Industry
According to the FTC, the hack resulted in an estimated $186 million in stolen digital assets, with over $100 million in losses absorbed directly by retail users. The attack was made possible by what the agency describes as “severe negligence” in Nomad’s internal response systems.
One of the most startling failures involved a delayed reaction due to the absence of any structured emergency protocol. “At the time of the breach, the platform relied on an engineer sending code via airplane Wi-Fi,” the FTC stated. “That delay proved fatal.”
The incident exposed a critical flaw introduced in a smart contract during a June 2022 update. On August 1st, hackers exploited the vulnerability, draining assets across multiple tokens – including Ethereum (ETH), USDC, DAI, and WBTC – within hours.

FTC: False Security Claims and Ignored Best Practices
The FTC accuses Illusory of marketing Nomad as a “security-first” solution while failing to follow even basic software development standards. Despite publicly claiming that all smart contracts underwent extensive testing, engineers admitted post-hack that proper testing protocols had often been skipped.
Worse yet, the platform lacked any dedicated reporting or escalation procedures for potential exploits. The agency argues this directly violated the Federal Trade Commission Act and left users dangerously exposed.

Settlement Under Review – Public Comments Invited
The FTC’s signed consent agreement is currently open to a 30-day public comment period. If no objections arise, the settlement could soon be finalized. It includes mandatory security reforms, financial restitution, and oversight of Illusory Systems’ future operations.
Nomad, launched in 2021, was a cross-chain bridge enabling token transfers between blockchains like Ethereum and Avalanche. After the breach, the team managed to recover just $22 million of the stolen funds.

Arrest in Israel Adds Another Twist
In a dramatic postscript, Israeli authorities earlier this year arrested Alexander Gurevich, the alleged mastermind behind the Nomad exploit. According to investigators, Gurevich attempted to flee to Moscow shortly after changing his legal name. He was apprehended at the airport before boarding his flight.
The Nomad case underscores a critical need for tighter cybersecurity standards across Web3 infrastructure – and offers a stark reminder that regulators are no longer sitting on the sidelines.

#CryptoHack , #BlockchainSecurity , #CyberSecurity , #Web3 , #DigitalAssets

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

12 грудня 2025 року legacy-волти DeFi-протоколу Ribbon Finance (нині частина Aevo) зазнали експлойту на суму близько $2,7 млн. Уразливість виникла після оновлення оракула 6 грудня, яке дозволило будь-кому встановлювати довільні ціни для певних активів через проксі-контракт.

Хакер створив фіктивні опціонні контракти (oTokens) на активи як wstETH, AAVE та LINK, маніпулюючи цінами на завершення. Це дозволило оселити позиції на користь атакуючого та вивести сотні ETH, тисячі USDC та інші активи з MarginPool. Кошти розподілили по 15 гаманцях.

Aevo негайно зупинила всі Ribbon-волти та оголосила про їх повне закриття. Втрати склали ~32% від активів у волтах, але команда пропонує компенсацію з знижкою лише 19%. Базовий протокол Opyn не постраждав.

Цей інцидент підкреслює постійні ризики оракулів у DeFi та необхідність ретельного тестування оновлень.
Не пропустіть свіжі новини з світу майнінгу та крипти! Підписуйтесь на @Mining Updates
#MiningUpdates .

#RibbonFinance #aevo #DeFiHack #OracleExploit #CryptoHack #BlockchainSecurity #DeFi #CryptoNews #Web3