On the night of February 14, hackers targeted the cryptocurrency casino Duelbits, extracting $4.6 million by compromising a private key, according to CertiK analysts.
Last night @Duelbits was exploited and assets worth ~$4.6m were taken in a possible private key compromise (PKC).
All assets were swapped for ETH which currently sits in EOA 0x0428 ? pic.twitter.com/MzNqAzBExb
— CertiK Alert (@CertiKAlert) February 14, 2024
Researchers indicated that the perpetrators withdrew assets stored on the platform, converted them to ETH, and transferred them to another address.
According to Cyvers Alert, the breach was facilitated by a loss of wallet access. The attack affected the Ethereum and BNB Chain networks.
Root cause seems to be loss of wallet access control.
Address already swapped $USDT, $APE, $SHIB to $ETH. Some of the digital assets are bridged from $BNB to $ETH.We tried to reach the team but no response were given!
Attacker address: https://t.co/nEHiNTfZasPlease reach to…
— ? Cyvers Alerts ? (@CyversAlerts) February 13, 2024
Duelbits representatives have yet to respond to the incident or to cybersecurity firms’ warnings.
Meanwhile, Blockaid reported the discovery of a new phishing scheme orchestrated by the Angel Drainer group.
Today our researchers discovered yet another emerging attack vector from the Angel Drainer group — this time phishing users and leading them to a single Safe Vault contract where 128 wallets have been drained of $403k+ so far. All Blockaid-protected users are safe. ? pic.twitter.com/niffQDlciG
— Blockaid (@blockaid_) February 13, 2024
Analysts reported that hackers deployed a smart contract in Safe Vault, which steals user funds. The new scheme has already victimized 128 wallets, collectively losing approximately $403,000 in cryptocurrency.
Earlier, on February 12, a hacker exploited the PlayDapp gaming blockchain platform again, issuing 1.59 billion PLA tokens valued at $253.9 million at market price.
The first incident occurred on February 9, when an unknown party minted 200 million PLA ($36.5 million) from an unauthorized wallet.
In January, the crypto industry suffered losses of approximately $126.8 million from hacks and fraud, according to Immunefi.