Crypto scams are on the increase as the general crypto market enters a bull cycle. Bitcoin broke above the psychological $20,000 level and surged as high as $23,800 on December 17. As the flagship cryptocurrency surged, the general crypto market followed.
In the heat of a bull run, the scammers have not been left behind. Recent reports say that the decentralized finance (DeFi) protocol, Warp Finance, has allegedly suffered a flash loan attack. This loan attack resulted in the loss of around $8 million in digital assets.
December 17 reports from DeFi Prime stated that an attacker stole $1 million – $8 million. These losses come after a series of flash loans that experts say have managed to exploit weaknesses in the Warp Finance protocol.
Warp Finance was announced in early November. The new DeFi platform lets users deposit liquidity provider (LP) tokens from different protocols and get stablecoin loans in return.
At first, the Warp Finance Twitter feed only highlighted this scam by writing this:
“We are investigating irregular stablecoin loans taken out in the last hour, we recommend that you do not deposit anymore stablecoins until we have clarity on the irregularities.”
One user [@Swind11001] alleged to have lost 40,000 DAI;
“Please help me. This is the first time that I use defi. I have invested 40000 Dai in total. This money is all my savings. I can’t live without it.”
DeFi Prime, a decentralized finance analysis portal, highlighted these suspicious transactions:
⚠️ Flash loan attack on a Warp protocol ⚠️
About $8m stolen 🤦♂️
This TX ⤵️https://t.co/CMEPxk4838
— defiprime (@defiprime) December 17, 2021
Currently, White hat hackers are relentlessly investigating the spurious transactions that resulted in this breach. Marqet Exchange co-founder, Emiliano Bonassi, has looked into the matter and said:
“This is the second attack which uses multiple flash liquidity, flash swaps via Uniswap and flash loans via dYdX.”
How These Crypto Scams Happen
He explained that the attacker requested three wrapped Ether loans through flash swaps to three different pools operating on Uniswap and two others live on the dY dX trading network. The funds in question were later used in the minting of WETH/DAI liquidity pool (LP) tokens. In turn, these tokens were used as collateral on Warp Finance to clear outs its DAI and USDC vaults.
By description, a flash loan is when cryptocurrency collateral is borrowed and repaid within one transaction. In that context, the smart contract audits like that done for Warp by Hacken, never protect against them because they primarily exploit the design of the system.
In 2021, the attack vector has been the preferred weapon of choice for the crypto scams that target DeFi protocols. So far, multiple protocols including Origin Protocol, bZX, Akropolis, Balancer, and Harvest Finance have already been victimized. Now, Warp Finance seems to be the latest victim.
Nexus Mutual Hacker Asks For $2.6M Ransom
The Nexus attacker demanded ten times the $300K bounty that was offered after he managed to launder 33% of the stolen funds. On December 14, the criminal stole $8.3 million from Nexus Mutual CEO Hugh Karp’s private wallet.
Later, he sent a ransom demand for $2.66 million in ETH embedded in the input data of a single Ethereum transaction. In his poorly-worded December 16 message, the scammer addressed Karp directly. He somewhat suggested that he would stop selling off the stolen NXM until its price rebounds or Karp sends 4,500 ETH. The message read:
“Hello Hugh. I will not sell wNXM any more until wNXM recovers his value or you send me 4.5k ETH. If you need any negotiation with me, send msg to my eth address. Following are your addresses. You are rich, Hugh […]”
The hacker never clarified whether he would return the remainder of the stolen NXM. However, that is expected to be the condition that Karp sets if he chooses to send the ransom.
All negotiations are requested to be directed through the attacker’s Ethereum address. Some crypto scams are strange and in this case, the hacker’s message concludes by listing three wallet addresses alleged to belong to Karp, followed by an assertion that he is ‘rich.’
Reports revealed that the cybercriminal purportedly installed a compromised version of Metamask that tricked Karp into signing a transaction that transferred all his 370,000 NXM to the criminal’s wallet.
Karp complemented the attacker in a tweet and termed his strategy as some “next level stuff.” He also said that it would be quite challenging to cash out that much NXM, and he offered a $300,000 bounty in the case that these tokens were returned in total.
Nonetheless, the attacker was undeterred and managed to launder up to $2.7M worth of the stolen NXM. Currently, he demands a similar amount to not sell off the rest.