Rho Markets, a liquidity layer and lending protocol on Scroll, has been hit by an exploit. The damage? A cool $7.6 million in USD Coin. Ouch. The hack happened on July 19. A bad actor got their hands on the protocol's blockchain oracle. Cyvers, a blockchain security firm, spilled the beans on X. "Rho Markets has announced that they have detected unusual activity on their platform on #Scroll chain and paused the platform!" Cyvers said. "Root cause of this incident seems to be an oracle access control by a malicious actor!" Rho Markets didn't waste time. They've already hit pause on their platform. Better safe than sorry, right? This hack isn't an isolated incident, it's part of a bigger, messier picture. Just days ago, WazirX, an Indian crypto exchange, got taken for a ride. The damage there? A whopping $230 million in crypto. That's the second-largest crypto heist of 2024 so far. Crypto hackers are having a field day. This week has been their second most profitable in 2024. Let's break it down: July 18: WazirX loses $230 million. The attacker has already moved $149 million worth of Shiba Inu. Talk about a dog with a bone. July 16: Li.Fi protocol gets hit. $10 million in crypto goes poof. It was a smart contract exploit, but they've got it under control now. And if that wasn't enough, players of Hamster Kombat, a viral Telegram-based clicker game, are getting targeted too. Kaspersky, a cybersecurity firm, says phishing attacks and fake crypto airdrops are trying to steal user credentials. It's like whack-a-mole out there. Let's zoom out for a sec. Crypto hacks are a massive thorn in the side of decentralized finance. They're putting a real damper on widespread crypto adoption. The numbers are eye-watering: Since June 19, 2011 (the date of the first known crypto hack), nearly $19 billion in digital assets have been nicked. That's spread across 785 reported hacks and exploits. It's not pocket change, folks. February 2024 saw a real doozy. PlayDapp got hit with a $290 million security breach. That's the biggest single crypto heist in the past two years. Makes you wonder about their security setup, doesn't it? And 2024? It's shaping up to be a banner year for the wrong reasons. The first quarter alone saw $542.7 million in stolen funds. That's up 42% compared to the same period in 2023. At this rate, 2024 might just top 2023 in the crypto theft league. The Rho Markets hack is just the latest in a long line of crypto heists. It's a stark reminder that in the world of digital assets, security can't be an afterthought. It needs to be baked in from the ground up. For now, Rho Markets users are left holding the bag. The platform's paused, and there's no word yet on if or when they'll get their funds back. It's a familiar story in the crypto world, and one that's likely to keep repeating until the industry gets serious about security. As for the hackers? They're probably laughing all the way to their digital banks. But here's hoping their winning streak comes to an end soon. The crypto world could use a break from all this drama. In the meantime, crypto enthusiasts are left with a familiar mantra: "Not your keys, not your coins." Maybe it's time to add another line: "Not your security audit, not your peace of mind." The crypto rollercoaster keeps on rolling. Buckle up, folks. It's going to be a bumpy ride.

The crypto world's got a fresh headache. LiFi protocol, a nifty tool for swapping and bridging cryptocurrencies, just got walloped. Hackers made off with over $10 million in digital assets. Ouch. Here's the deal. The bad guys found a loophole in LiFi's contract approvals. They used it to drain both the contracts and users' wallets. Talk about a double whammy. Cyvers Alerts, a crypto watchdog, sounded the alarm. They spotted some fishy transactions targeting LiFi. The culprit? A specific contract address. LiFi's team jumped into action. They warned users to steer clear of LiFi-powered apps for now. "If you didn't set infinite approval, you're not at risk," they tweeted. Small comfort for those who did, eh? Meir Dolev, Cyvers' tech guru, didn't mince words. "Hackers can exploit these approvals to drain assets," he said. No kidding, Sherlock. LiFi's not alone in this mess. The DeFi space has been taking hits left and right. Pike Finance lost $1.6 million to a smart contract bug. Dough Finance got burned for $1.8 million in a flash loan attack. It's been a rough year for crypto security. Over $1 billion in digital assets vanished in the first half of 2024. Phishing attacks, key compromises – you name it, they've seen it. But it's not all doom and gloom. The crypto market's showing some grit. They managed to recover 77% of stolen funds in Q2. Not too shabby. Still, scams are alive and kicking. X (that's Twitter for you oldies) is losing nearly $50 million a month to account impersonation. It's a jungle out there. So, what's the takeaway? Be careful with those approvals, folks. And maybe keep an eye on those Twitter accounts. You never know who's really sliding into your DMs.

Several decentralized finance (DeFi) apps have fallen victim to a domain registry attack. Blockchain security platform Blockaid raised the alarm on July 11. The attacker seized control of Compound Finance's DNS registry. They also tried and failed to hijack Celer Network's registry. Blockaid's initial probe points to Squarespace domains being the target. This puts any DeFi app using Squarespace at potential risk. The attack came to light when compound.finance started redirecting users to a dodgy site. This malicious site housed a drainer app, aiming to steal users' tokens. Celer Network dodged a bullet. Their domain monitoring system caught the takeover attempt in time. At 3:38 pm UTC, Blockaid dropped a bombshell. "Multiple DeFi front ends are at risk of hijacking," they tweeted. They fingered Squarespace's domain name registry as the likely culprit. DefiLlama developer 0xngmi shared a list of potentially affected domains. It's a who's who of DeFi, featuring over 100 protocols. Big names like Pendle Finance, dYdX, and LooksRare made the cut. MetaMask, a popular Web3 wallet, is stepping up. They're working to warn users about potentially compromised apps linked to the attack. This isn't the first rodeo for the Web3 industry. Domain-name hijacking is just one of many attacks they've faced in the past year. Remember the Ledger Connect library hack in December? That one hit almost the entire Ethereum Virtual Machine ecosystem. Talk about a headache. It's clear that security remains a hot-button issue in the DeFi space. As the old saying goes, with great innovation comes great responsibility – and apparently, great risk.

Cryptocurrency hacks and fraud escalated in the second quarter of 2024. Losses nearly doubled compared to the same period last year. Immunefi, a crypto bug bounty platform, reported $509 million in losses. This marks a 91% increase from Q2 2023. May 2024 saw record-breaking losses of $107 million. June losses decreased to $78 million across 12 incidents. This represents a 27% drop from June 2023's $107 million. DMM Bitcoin, a Japanese centralized exchange, suffered the largest loss. Hackers stole $305 million. The exchange has since implemented customer reimbursement measures. Other significant exploits targeted BtcTurk, Hedgey, Lykke, Gala Games, and SonneFinance. These attacks resulted in combined losses of $164.2 million. Centralized crypto financial institutions bore the brunt of successful attacks. They accounted for two-thirds of all incidents. Grace Dees, a cybersecurity analyst at Resonance Security, explained the trend to Decrypt. "CEFi entities often manage larger pools of assets compared to DeFi platforms. This makes them more lucrative targets," she said. Dees highlighted the vulnerability of centralized systems. "This centralization can create single points of failure," she noted. Regulatory scrutiny has forced DeFi platforms to enhance security. This may have made them less attractive targets, according to Dees. Ethereum emerged as the most exploited blockchain. It accounted for 44.4% of attacks. BNB chain followed at 25%, with Arbitrum at 5.6%. Jonah Michaels from Immunefi explained Ethereum's vulnerability. "Ethereum is the main hub for DeFi activity and currently has the highest amount of funds locked within its ecosystem," he said. Ethereum's connection to privacy chains facilitates quick laundering of stolen funds. This makes it an attractive target for hackers. Only 5% of stolen funds were recovered in Q2 2024. This amounted to $26,736,000 across four specific situations. The crypto industry faces ongoing security challenges. As the market evolves, so do the tactics of malicious actors.

BtcTurk, a leading Turkish cryptocurrency exchange, has fallen victim to a cyber attack. The incident resulted in unauthorized access to some of its hot wallets. The exchange reports asset losses for some users. But the overall financial stability remains intact, the BtcTurk officials claim. The hack occurred on June 22. It raised concerns in the crypto community. The total amount lost remains undisclosed. BtcTurk stated that only hot wallets of 10 cryptocurrencies were compromised. Cold wallets, holding the majority of assets, remain secure. The exchange has disabled all withdrawal and deposit transactions. Binance CEO Richard Teng announced a joint investigation with BtcTurk. It has led to the recovery of $5.3 million in stolen assets. Teng stated: "Binance is assisting BtcTurk with investigations and has frozen over $5.3M in stolen funds so far. Our investigations & security teams work around the clock as part of our proactive efforts to protect the ecosystem from bad actors. We will provide further updates as relevant." On-chain investigator ZachXBT provided insights into the potential hackers. He linked them to an address that recently transferred 1.96 million AVAX ($54.2 million) to Coinbase and THORChain. This transfer caused a 10% decline in AVAX price. ZachXBT's theory is based on BtcTurk's market AVAX address on the Avalanche X-chain. The exchange has not confirmed or denied this theory. BtcTurk assures users of their assets' safety. It claims the hack has not affected its robust financial position. This incident marks the second crypto exchange hack in 2024. In May, Japanese platform DMM Bitcoin lost $305 million in BTC. Crypto exchange hacks draw attention due to their custodial nature. These platforms control users' private keys. They often hold larger funds than decentralized finance (DeFi) counterparts. For perspective, Binance records 13 times the daily trading volume of Uniswap, the largest decentralized exchange. This data comes from Coingecko.