Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: Shibarium Plans to Reimburse Victims, $1.8M Abracadabra Hack
Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, hackers stole $21 million from SBI crypto, Shibarium planned reimbursement for $4 million bridge exploit victims, Abracadabra lost $1.8 million in a hack and North Korean threat actors have set a new record stealing $2 billion this year so far.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
$21M SBI Crypto Heist
Blockchain investigator ZachXBT reported that about $21 million in cryptocurrency was stolen from SBI Crypto, a subsidiary of Japan’s SBI Group. The stolen assets, including bitcoin, ethereum, litecoin, dogecoin and bitcoin cash, were traced to Tornado Cash, the crypto-mixing service that’s a favorite of hackers for obscuring transactions.
The exploit bears hallmarks of North Korean-linked cyberattacks, according to ZachXBT, who worked with blockchain security firm CyVers on the analysis. Investigators said there were overlaps in tactics and laundering patterns seen in prior operations tied to Pyongyang’s hacking groups, suggesting the incident may be part of the regime’s ongoing campaign to finance illicit activities through digital heists.
Shibarium Plans Reimbursement After $4M Bridge Exploit
Developers behind Shibarium said they are preparing to restart the platform’s ethereum bridge and are working on a reimbursement plan for users affected by a $4 million exploit that forced an emergency shutdown in mid-September.
The team said in a post-mortem that they rotated the validator keys, migrated more than 100 contracts to secure wallets and recovered 4.6 million bone tokens from the attacker’s contract. The breach began on Sept. 12, when a hacker submitted fake data to Shibarium’s bridge contracts, triggering an automatic safety halt.
The attacker also tried to take control of the network by staking large amounts of bone tokens and ultimately drained $4.1 million in crypto. Despite outreach efforts, including a 50 ETH bounty offer, the hacker did not return the funds and the stolen assets have since been moved.
Abracadabra Loses $1.8M in Exploit
Decentralized finance lending platform Abracadabra, which is behind the Magic Internet Money stablecoin, lost $1.8 million after an attacker exploited a flaw in one of its smart contracts.
BlockSec Phalcon said the hacker bypassed solvency checks to drain 1.79 million MIM, funding the exploit via Tornado Cash before swapping the stolen tokens for ETH and sending them back through the mixer.
Decentralized Autonomous Organization contributor 0xMerlin said the vulnerability was found in deprecated contracts and has since been patched. No user funds were impacted, the team said. Abracadabra, which holds $154 million in total value locked and a circulating supply of 44 million MIM, is now reviewing its internal processes to prevent similar incidents. The team has not yet issued a formal public statement.
North Korean Hackers Stole Record $2B This Year
North Korean cybercriminals have stolen about $2 billion in cryptocurrency this year, marking their largest annual haul on record and nearly triple the total from 2024, said blockchain analytics firm Elliptic. The thefts bring North Korea’s confirmed crypto loot to over $6 billion – funds believed to support its nuclear weapons program.
Elliptic attributed 30 crypto heists this year to North Korean groups, including the $1.46 billion Bybit hack in February – the single largest theft this year – and smaller breaches at LND.fi, WOO X, Seedify and BitoPro.