Cryptohack Roundup: KyberSwap Hacker Demands Control

Nigerian Politician Arrested for Crypto Wallet Heist

The Nigeria Police Force apprehended former electoral candidate Wilfred Bonse for alleged involvement in the theft of approximately $246,153 from Patricia Technologies’ crypto wallet. According to Public Relations Officer Olumuyiwa Adejobi, Bonse is accused of assisting hackers in laundering $61,538 from the stolen funds. Bonse faces charges related to theft, conversion of cryptocurrency wallets and unauthorized fund diversion. The arrest is linked to the Patricia Technologies heist in May. Patricia Technologies has faced scrutiny after the hacking incident and has since introduced measures including the conversion of customer assets to its native Patricia Token for future repayment, according to local media reports.

Indexed Finance Thwarted Hijacking Attempts

Ethereum-based project Indexed Finance thwarted two hijacking attempts on its decentralized autonomous organization. Former core contributor Laurence Day shared the community’s efforts in overcoming the attacks, in which both assailants aimed to control the DAO’s approximately $120,000 in digital asset holdings through malicious proposals.

The first proposal, which has no title or description, was defeated with coordinated votes against it. The proposal came from North Korea, Day said. To prevent a potential copycat attack, the Indexed DAO approved a “poison pill” proposal, giving it the authority to burn the remaining funds if needed. The anticipated second attack involved negotiations, in which the attacker initially sought 50% of the treasury. After a warning about burning the entire treasury, the attacker accepted an offer of $10,000 worth of Dai cryptocurrency. The DAO’s control will now return to its founders, who plan to compensate victims of a 2021 hack with the remaining treasury funds.

Scam-as-a-Service Wallet Drainer Shuts Down

Inferno Drainer, a crypto wallet-draining service, announced its permanent shutdown after aiding phishing scammers in pilfering almost $70 million in crypto this year. The team declared on Telegram that it’s “time to move on.” Operating since early 2023, Inferno Drainer, like its predecessor Monkey Drainer, took a 20% cut of users’ stolen funds. Web3 anti-scam platform Scam Sniffer calculates Inferno Drainer has stolen nearly $70 million from over 100,000 victims since February.

Hounax Scam Costs $18.9 Million

Hong Kong authorities disclosed Monday that 145 users have fallen victim to a scam orchestrated by the unlicensed cryptocurrency exchange Hounax, resulting in a loss of approximately $18.9 million. The Hong Kong Securities and Futures Commission received 18 complaints by Nov. 27, ranging from $1,539 to $1.2 million, according to local media. Hounax falsely claimed to be licensed and established ties with legal financial institutions. This incident follows the JPEX exchange scandal in Hong Kong earlier in the year, which prompted regulators to tighten crypto regulations.

Record $3M Bitcoin Transaction Fee Connected to Cold Wallet Hack

A Bitcoin user claiming to be the victim of a recent record-breaking $3 million transaction fee has alleged a hack. The user, who accidentally paid an 83.65 BTC fee worth more than $3.1 million, created a new account, @83_5BTC, and stated that 139 BTC had been, transferred to a new cold wallet, which was immediately moved to some other wallet. The user suggested a script with a peculiar fee calculation might have been running on the wallet. Verification by developers including Mononaut and Casa Co-Founder Jameson Lopp, authenticated the user’s ownership of the funds. The incident likely resulted from a low-entropy wallet, making it susceptible to hacking. The fee paid was precisely 60% of the total stolen funds, indicating an automated script strategy. Mononaut advised against entropy shortcuts and recommended using Multisig for large sums.