Another crypto firm has suffered another major hack

Audio player loading…

In another stellar example of why “not your keys, not your money” should be the mantra of virtually every cryptocurrency enthusiast – more than $140 million worth has been stolen in another serious security incident.

The funds were stolen from a company called Vulcan Forged – a mishmash of an NFT marketplace, blockchain games host, and a decentralized exchange (DeX). Unlike centralized exchanges, DeXes rely on their users to provide the liquidity needed to make trades, and the users that do provide the liquidity earn staking rewards in return.

In a series of tweets, the company explained that someone managed to obtain the private keys to 96 wallets, and cleared some 4.5 million PYR (VulcanForged’s cryptocurrency, to be used within its ecosystem) from those wallets – worth around $140 million when the news broke – although at the time of going to press time, this had fallen to around $99.5 million. 

Not your keys, not your money

When a user creates a Vulcan Forged accounts, they get a couple of different wallets, including one for Ether and one for Polygon. The private keys are managed by the wallet management service Venly, and not the users themselves. 

Speaking later on Discord, Venly’s CTO did not want to take responsibility for the breach, saying:  “Over 4m PYR has been stolen from users’ wallets. It was premature to say this is Venly’s end: we simply don’t know the cause.” 

In a statement given to The Block, the CTO said the company’s services were not compromised, and that all stolen funds will be replaced, once the investigation completes. At press time, most of the funds have already been compensated.

Given that the private keys were taken, there’s very little users, or the company, can do, to stop the crooks from getting away with the digital cash. Vulcan Forged called for the users to remove their liquidity from the DeXes, to make it more difficult for the perpetrators to cash out. 

Centralized exchanges, who can block the transactions to some extent, as faking an identity there is basically impossible, have also been notified, and certain funds have been stopped, it was said. 

How the theft happened, and whether or not any malware was involved, is still unknown.

You might also want to check out our list of the best firewalls right now

social experiment by Livio Acerbo #greengroundit #techradar

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: