Cyber Security News

Growth of Web3 Fuled New Opportunities for Threat Actors to Attack Finance Sectors

Web3 and DeFi have been appealing to many threat actors, and there has been a significant boost in heists that have become larger than any they have experienced in more traditional finance.

Mandiant’s investigation into the 2016 Bangladesh Bank heist revealed that the North Korean hackers managed to steal $81 million, which highlights the scale of cybercrime.

Cybersecurity analysts at Mandiant recently identified that the rapid growth of Web3 has significantly fueled up new opportunities for threat actors to attack the finance sector.

However, the 2022 Sky Mavis’ Ronin Blockchain hack enables threat actors to steal $600 million, indicating the escalating danger in DeFi.

Not only that even, more than $12 billion worth of digital currencies has been lost to hackers since 2020.

Web3 Fuled New Opportunities

Threat actors often target crypto exchanges and use sophisticated methods to steal huge amounts of digital assets.

The prominent cases of theft are the Bitcoin Exchange hack of Mt. Gox, which took over 350 million worth of Bitcoins in 2014, and the DMM Bitcoin hack, which led to $300 million of losses in 2024. 

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

While all these attacks often involve a series of coordinated steps known as the “Targeted Attack Lifecycle.”

Fake job opportunity (Source – Mandiant)

Hackers frequently employ social engineering to trick developers into downloading malware disguised as coding challenges or job descriptions. 

Once the malware, like COVERTCATCH or RUSTBUCKET, infiltrates a system, it persists through the following mechanisms:-

  • Launch Agents
  • Enabling attackers to steal credentials
  • Access sensitive environments

In most such cases, they completely drain the cryptocurrency wallets using all these credentials. Madiant’s report also states that smart contracts, which are operational on blockchain technology, are not safe.

These contracts are mainly written in languages like Solidity for Ethereum or Rust for Solana, and can be exploited through flaws in their logic.

Among the many significant events are the DAO hack, carried out in 2016 and using the so-called “reentrancy attack” method to steal $55 million in Ether coins, and the 2023 hack of Curve Finance, which inflicted losses of $70 due to programming faults in the Vyper programming language.

Another standard method of such malicious actors is a “flash loan attack,” where attackers manipulate the pricing oracle and take out an unsecured loan for profit.

The 2023 Euler Finance hack is a prime example, where $200 million was stolen by exploiting a flaw in the donateToReserves function, allowing the attacker to manipulate the collateral and trigger self-liquidation. 

These incidents highlight the need for enhanced security measures and threat detection to protect digital assets in the rapidly evolving crypto landscape.

The DAOs have been known to apply permissionless token-based voting for project marketing, where holders of such tokens get to vote on the project’s future decisions.

Such a system, especially during voting, can be subjected to a takeover, known as a governance attack, in which some people buy out a large percentage of the tokens and take over the whole system.

For instance, there was the Tornado Cash case from May 2023, in which the threat actors bought out the project and stole over TORN 10,000 ($67,056 worth) in less than a week.

Cybersecurity researchers urged users to protect against these evolving threats, and organizations must enhance their security measures.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and their…

25 mins ago

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…

13 hours ago

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…

17 hours ago

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…

17 hours ago

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…

18 hours ago

Metasploit Framework Released with New Features

The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…

20 hours ago