...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
Created by Molly White. Subscribe to her newsletter for weekly recaps.
The malicious video chat software attack vector has been widely used in the crypto world, with a victim losing cryptocurrency to an attacker using the same technique and impersonating an Andreessen Horowitz partner last month.
So far, the MonoSwap attacker has laundered $1.3 million via the Tornado Cash cryptocurrency mixer.
The affected domain was hosted on Squarespace, which could connect this compromise to similar events earlier in the month affecting domains registered there.
In a stroke of luck for the RHO team, the MEV bot operator sent RHO an on-chain message indicating they were willing to return all of the funds, although they first demanded that RHO "admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again."
RHO is built on the Scroll Ethereum layer-2 network. Scroll temporarily paused the chain as RHO investigated the loss.
WazirX is the largest cryptocurrency exchange in India. The company was acquired by Binance in 2019, but the two companies re-separated in 2023 after a bizarre public dispute.
WazirX's June 2024 proof-of-reserves reported around $500 million in total holdings, making the $235 million theft a substantial portion of the assets held at the exchange.
Blockchain sleuth zachxbt observed that the theft had some of the hallmarks of the Lazarus Group, a North Korean hacking group that has perpetrated other 9-figure heists including the $625 million Axie Infinity theft in March 2022, and the theft of more than $100 million from Atomic Wallet users.
Minterest paused the supply and borrow portions of their protocol after the attack, and attempted to contact the attacker to negotiate a return of some of the funds.
Dough Finance sent an on-chain message to the attacker, asking them to return the "misappropriated funds", threatening that they would "pursue all criminal, legal, and administrative avenues available" in the event that the attacker did not do so.
Somewhat ironically, the "Unstoppable Domains" web3 domain service was also impacted, and their site was offline for a while before they regained control.
The hijacking appears to be thanks to an attack on Squarespace's domain registry. Crypto founder Bobby Ong has suggested that the attack is affecting domains acquired through Google Domains, which sold its business to Squarespace several months ago. "Tthe forced migration of domains to Squarespace removed 2FA causing all these domains to be vulnerable and several have been hijacked," he wrote. "Best thing to do is to not interact with crypto and rest for the next couple of days until everything is resolved."
Web2 is going just great!
The attacker appeared to have only marginal success, as the token reached a market cap of around $500,000 before collapsing by 96%.
Hackers have compromised a string of celebrity Twitter accounts to promote memecoins recently, including those of Hulk Hogan and Metallica.
Bittensor is among the artificial intelligence-focused cryptocurrency projects that have become popular recently amid the AI hype. Although the project website boasts that "Bittensor is creating a new future for humanity, where new economies and new commodities are decentralized by design and where no single entity is a sole authority," the group unilaterally halted the chain in the wake of the attack.
No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.
