DeFi
Hacker used same bug to exploit other cryptocurrency exchanges weeks ago – DL News
- A new twist in the CertiK white hat hacking saga.
- Onchain logs show that at an earlier date, someone tried to exploit the same bug the auditor discovered in Kraken.
According to several crypto security experts, the bug that Kraken said it fixed had been used to exploit other centralized exchanges as early as last month.
It is the latest development in the saga of two major crypto players, US exchange Kraken and auditor CertiK.
On Wednesday, Kraken said it had fixed a “critical” bug that allowed millions of dollars in cryptocurrency to be mistakenly withdrawn from the U.S.-based exchange.
CertiK was heavily criticized after admitting to being behind the exploit, and the company withdrew $3 million from Kraken over several days in early June.
After a public exchange, CertiK returned all funds taken and called their actions a white hat operation, meaning they ostensibly acted as ethical hackers with the intention of identifying and fixing security vulnerabilities rather than exploiting them for malicious purposes.
The first Onchain recordings identified by the Hexagate security platform, and confirmed to DL News by several other security researchers, show that a hacker attempted to exploit other cryptocurrency exchanges – Binance, OKX, BingX and Gate.io — using the same bug as early as May 17.
These attempts took place three weeks before CertiK announced it had discovered the bug on Kraken on June 5.
“We have no evidence that these exchanges were impacted,” Hexagate posted on X. “We have only traced on-chain evidence for similar activity.”
Join the community to receive our latest stories and updates
Centralized cryptocurrency exchanges hold a gargantuan amount of cryptocurrencies on behalf of their customers. The top five cryptocurrency exchanges that have publicly disclosed their wallet addresses hold a combined $172 billion worth of cryptocurrencies, according to DefiLlama data.
CertiK did not immediately respond to DL News” request for comment.
Exploit attempts
Logs uncovered by Hexagate show that a hacker attempted to use a so-called “return” attack to trick centralized exchanges into letting them withdraw funds.
To do this, the hacker created a smart contract that contains a transaction to deposit funds to a centralized exchange. The contract is designed so that the main transaction succeeds, but the deposit is canceled.
This tricks the platform into believing that a user has deposited funds when they have not. The hacker then requests a withdrawal from the platform, debiting the false deposit amount.
Chain records show multiple attempts The use of such a contract when depositing funds on Binance took place on BNB Chain on May 17.
Between May 29 and June 5, the same address, as well as another one funded by it, made similar attempts on OKX, BingX and Gate.io on the BNB channel, the Arbitrum and Optimism.
Is CertiK involved?
Although CertiK was the first to publicly reveal the comeback attack, there is no evidence that he was involved in these earlier attacks.
Each function of smart contracts has a signature hash by which it can be identified.
In the case of the return attack contract, the signature hash is not available, meaning the name of the function is not publicly known, said a security researcher who wished to remain anonymous. DL News.
This means that the name of the function for the return attack is known on CertiK or that someone else has also used the exact same name, the researcher said.
Tim Craig is DL News’ DeFi correspondent based in Edinburgh. Feel free to give him tips at tim@dlnews.com.