Over the last 24 hours, hackers broke into the accounts of AscendEX, a crypto exchange, and the Vulcan Forged marketplace, exploited a critical vulnerability in the Apache Log4j logging library, and gained access to the personal Twitter account of the Indian Prime Minister.

Hot Wallet Hacks, Pirate Mining, and India Adopting Bitcoin

Monday morning was quite eventful: 

  1. AscendEX suffered a hack for over $77 million. Ethereum, Polygon and Binance Smart Chain hot wallets were affected. The message about this appeared in the official Twitter account. Exchange representatives promised to cover any losses to customers. Official data on the amount of damage has not yet been published, though PeckShield estimated losses of around $77,7 million.
  2. Vulcan Forged, an NFT marketplace, announced that 148 wallets have been compromised. Attackers have withdrawn more than 4,5 million PYR tokens (~$100 million at the current exchange rate). Representatives reported this on Twitter. The investigation is underway. The site’s representatives promised to compensate all impacted customers. Moreover, the development of a fully decentralized solution for the wallet setting has been started. The price of PYR tokens has already fallen by more than 17% amid the news. 
  3. Hackers weaponed a vulnerability in the Apache Log4j Java-based logging library, experts from Netlab 360 reported. The Log4Shell exploit was used to install hidden miners, organize large-scale DDoS attacks, and search vulnerable servers. The exploitation of the vulnerability was not detected. The attack was planned to target Linux devices. Users are advised to update Log4j or use a “vaccine” released by Cybereason to avoid attacks. 
  4. Indian Prime Minister Narendra Modi’s personal Twitter account has been hacked. On his behalf, they declared India had adopted Bitcoin as legal tender and the purchase of 500 BTC by the government for distribution to citizens. Users were invited to follow a scam link to receive a share of the purchased cryptocurrency. Twitter quickly took all necessary steps to delete fake messages.
Author: Mark Wallerstein