Until recently, over $18 million in user funds lay in jeopardy as two crypto exchanges inadvertently exposed thousands of user’s private keys and personal data.
According to research from tech outlet, CyberNews, one of the two exchanges identified by analysts—a Swiss outfit known as Lykke—held over $16.5 million in hot wallets within a public database.
Hackers just tapped China's dForce for $25 million in Ethereum exploit
DForce, a Chinese decentralized finance protocol, today lost $25 million worth of its customers’ cryptocurrency due to a well-known exploit of an Ethereum token. On Tuesday, dForce announced that it had secured $1.5 million in a seed round led by crypto VC fund Multicoin Capital. The money was drained this morning from the contracts of Lendf.Me, a lending protocol that’s part of dForce, a collection of DeFi protocols. The site for Lendf.Me is now offline and its smart contracts have been paused...
After combing the database, analysts uncovered Lykke's API keys, allowing unrestricted access to the exchange's inner workings. Then, they stumbled on a jackpot of around 80,000 private keys laid bare and unsecured. Lykke's “mainnet keys” were also uncovered, which allegedly enabled access to coins staked by the exchange—of which there was $25,000 worth. This means investigators could have fled with millions of dollars in customers' funds, should they have been so inclined.
What is Bitcoin?
—Bitcoin started it all. It was the first cryptocurrency, and it launched an industry that now includes thousands. But who invented it, how does it work, and why is it so important? What is Bitcoin? Bitcoin (BTC) is a peer-to-peer cryptocurrency. Think of it as a digital token. You can't physically touch or hold Bitcoins, and all Bitcoin transactions are logged on a public, decentralized, immutable ledger. The first official purchase using Bitcoin was for pizza in May 2010. Two pizzas from Papa...
Lykke wasn't the only exchange in grave breach of due diligence.
Another exchange similarly utilizing an unencrypted public database was Chinese-based marketplace, Hubdex. The so-called "decentralized" exchange not only left API keys on display but full user and KYC data too.
To top it all off, analysts discovered over 1 million private keys, once again providing unbridled access to customer funds.
According to the report, only Lykke responded to the white hackers, confirming the unsecured database was theirs and quickly amending the exploit. Despite not being able to reach Hubdex, analysts reported that their exploit has been promptly patched up.
The phrase "not your keys, not your Bitcoin" has never been more applicable.
