Rain Exchange Saw $14.1M in Suspicious Transactions 2 Weeks Ago

According to ZachXBT, the Rain crypto exchange was very likely exploited on Apr. 29 after $14.1 million in cryptocurrencies were transferred under suspicious circumstances.

The Rain crypto exchange was recently hit by a suspected security breach when $14.1 million in cryptocurrencies were transferred under suspicious circumstances, according to on-chain investigator ZachXBT. Meanwhile, $71 million in crypto stolen during a wallet poisoning scam earlier this month was returned by the attacker. CertiK was also able to prevent a $5 million potential loss on the Wormhole bridge. Traditional finance is also under scrutiny with a big surge in the amount of counterfeit U.S. Dollars circulating throughout North America.

ZachXBT Reports $14.1M Suspicious Outflows on Rain Exchange

The Rain crypto exchange, based in Bahrain, was hit with a likely exploit on Apr. 29, which resulted in the unauthorized transfer of $14.1 million in cryptocurrencies including Bitcoin, Ether, Solana, and XRP. According to on-chain investigator ZachXBT, the funds were moved to a new wallet, then quickly exchanged and redirected to two specific addresses on the Bitcoin and Ethereum networks.

Currently, one of the destination addresses holds about 137.9 BTC valued at $8.6 million, and the other one holds approximately 1,881 ETH which is worth $5.5 million. Preliminary tracing by Arkham Intelligence links these funds to a series of transactions that originated from Bitgo multisignature wallets, which have not been explicitly connected to Rain.

The transactions on Apr. 29 involved multiple cryptocurrencies being sent to an address ending in d609, which then converted these funds into ETH using Uniswap. This seems to be a clear attempt to liquidate and transfer assets rapidly across different platforms. In addition, the account associated with these transactions also received large amounts from a Binance hot wallet.

This incident now only adds to the growing list of security concerns in the crypto space. Earlier in the month, Gnus.AI reported a loss of over $1.27 million because of a compromised Discord server. Additionally, cybersecurity firm Kaspersky recently uncovered a new malware campaign by North Korea-linked hackers that is actively targeting crypto firms.

Attacker Returns $71 Million

Sometimes, things still take a turn for the better after an exploit. $71 million worth of crypto that was stolen in a wallet poisoning scam on May 3 was returned to the victim. The scam involved an attacker creating a bait wallet address that resembled the victim’s address and convinced the victim to transfer a large sum of Wrapped Bitcoin (WBTC). The victim unknowingly sent the funds to the fraudulent address. The transferred funds were about 97% of the victim’s assets.

The incident originally went unnoticed, but later attracted a lot of attention after multiple blockchain security firms, including SlowMist, began investigating. SlowMist’s report revealed that the attacker used Hong Kong-based IPs and also suggested that VPNs might have been used, which made tracing the origins of the attack very difficult.

After the release of the report, the attacker surprisingly came into contact with the victim and returned all the stolen funds in the form of ETH, totaling $71 million. Before this, the attacker converted the stolen WBTC to ETH and began dispersing it across wallets in what seemed to be an attempt to launder the money.

The motives behind the return of the funds are still not clear, but there are some speculations about whether the attacker was acting as a white hat hacker, or simply got scared of the legal consequences after the release of SlowMist's findings.

What is a White Hat Hacker?

A white hat hacker is someone who uses their hacking skills to help improve security by identifying vulnerabilities in hardware, software, or networks. Unlike their counterparts known as black hat hackers, white hat hackers operate in the boundaries of the law. They often work to discover security flaws in software or systems that they own, have permission to test, or are part of an organized bug bounty program, which rewards the hacks if they point out security vulnerabilities.

Black hat hackers, on the other hand, exploit security vulnerabilities for personal gain or to cause harm. Gray hat hackers exist somewhere in the middle of this ethical spectrum. They see themselves as benefactors but may operate without explicit permission, bending the rules to achieve their own goals. While they may not have malicious intentions, their actions are legally and ethically questionable.

Wormhole Patches $5M Security Flaw

Another win against crypto crime happened when a critical security vulnerability on the Wormhole bridge in the Aptos blockchain network was recently identified and quickly fixed before any funds could be stolen. The issue was discovered by blockchain security firm CertiK and involved a misconfiguration in the use of the MOVE programming language. If things were to go wrong, the issue could have allowed unauthorized token transactions mimicking transfers of up to $5 million. This bug was found in the implementation of the 'public(friend)' and 'entry' modifiers in a function essential for announcing token transfers.

The MOVE language was originally developed by Facebook for the Libra project. Most people like it because of its safety compared to other languages like Ethereum's Solidity. The flaw exploited these modifiers by allowing unrestricted access to the 'publish_event' function, which should have been callable only by specified entities.

CertiK reported the flaw to the Wormhole team on Dec. 5, 2023, and after a quick investigation, a patch was applied in just three hours. The patch not only fixed the vulnerability but it also introduced a lower withdrawal limit from Aptos, setting it at $1 million per day to mitigate any future risks.

Wormhole has been extra focused on security after a breach in 2022 on its Solana operations that led to a loss of more than $321 million. Since then, Wormhole has made many improvements to its security framework and in doing so, managed to regain some user trust and recover $1 billion in total value locked.

Flood of Forgeries

Although there is a lot of crime happening in the crypto space at the moment, traditional finance also has its fair share of illegal activities. In fact, there has been a surge in counterfeit United States dollar bills being reported across North America, stretching from Texas to Hawaii and even into Canada.

On May 8, police in Brownsville, Texas, arrested a 45-year-old man on seven counts of forgery, after local businesses reported receiving fake bills. This was, however, not confined to Texas. Other similar incidents happened in other places, including a case in Ohio where counterfeit money was used at a baseball field and in Hawaii where $1 bills were altered to look like $100 bills.

The increase in counterfeit money comes at a time when paper currency is being scrutinized, especially by the crypto community. In particular, people have been pointing out the weaknesses of traditional fiat money, especially with regards to central bank policies that involve money printing. Even Elon Musk likened the U.S. central bank to the game Monopoly for its ability to endlessly produce money.

Despite these issues with fiat, the crypto space is certainly not without its challenges. Scams involving worthless testnet BTC and fake tokens still plague the industry.