Hackers Exploiting Crypto Liquidity Pools to Execute Trades

Crypto pool liquidity is the total assets locked in a decentralized finance liquidity pool.
Hackers manipulate the pool liquidity to create artificial imbalances that allow them to control prices and execute profitable trades.
Cybersecurity researchers at Check Point recently reported that their Threat Intelligence system flagged pool manipulation, causing a 22,000% token surge.
In this manipulation, the attacker managed to steal $80,000 by exploiting the liquidity pool.
During the analysis, researchers found two wallets created by the scammer, and here below we have mentioned those:-.
The wallet one deployed WIZ token and its liquidity pool with WETH and WIZ reserves.
The wallet two created malicious contract, exploiting a backdoor for WIZ token price manipulation, leading to an $80,000 theft.
Imagine a digital reservoir holding Token A and Ethereum.
Users freely swap these tokens, affecting their values.
The scammer manipulates the pool by burning Token A, boosting its value through supply and demand dynamics.
The reduction in Token A increases Ethereum's value, causing a significant surge in the token price, especially for WIZ in the WIZ/WETH pool.
This strategy inflates token prices in liquidity pools temporarily by burning one side.
Decentralized exchanges, relying on pool ratios, are vulnerable to exploitations like rug pulls.
To reach the burn function, the scammer bypasses checks by setting limitsEnabled to False, achieved through running 'removeLimits.
Running public functions with the scammer's contract address as input verifies these conditions.
Examining the WIZ token, experts find a backdoor where the scammer, who is likely the creator, set the ExcludedForMaxTxAmount to True for the malicious contract address.
This link suggests the same individual who designed both the WIZ token and the scam.
The scammer temporarily boosts token prices in the liquidity pool, manipulating balances to impact decentralized exchange rates.
This tactic exposes the vulnerability in liquidity pools tied to different contracts.
Exploiting backdoors, scammers manipulate liquidity pools, underscoring the need for vigilance in decentralized finance against fraudulent schemes.


This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 06 Dec 2023 14:15:10 +0000


Cyber News related to Hackers Exploiting Crypto Liquidity Pools to Execute Trades

Hackers Exploiting Crypto Liquidity Pools to Execute Trades - Crypto pool liquidity is the total assets locked in a decentralized finance liquidity pool. Hackers manipulate the pool liquidity to create artificial imbalances that allow them to control prices and execute profitable trades. Cybersecurity ...
1 year ago Cybersecuritynews.com
Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000% - Deceptive actors are manipulating pool liquidity, sending token prices soaring by a shocking 22,000%. 80,000 Heist Unveiled: The manipulation of pool liquidity resulted in a swift and calculated theft of $80,000 from unsuspecting token holders. Check ...
1 year ago Blog.checkpoint.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com
CVE-2018-2682 - Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows ...
5 years ago
CVE-2024-21281 - Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged ...
2 months ago Tenable.com
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
11 months ago Infosecurity-magazine.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media
China's biggest lender ICBC hit by ransomware attack - Industrial and Commercial Bank of China Ltd Nov 10 - The Industrial and Commercial Bank of China's U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ...
1 year ago Reuters.com
The Week in Ransomware - January 20th, 2023 Crypto Exchanges Under Attack - The week of January 20th, 2023 brought yet another wave of ransomware attacks targeting crypto exchanges. Crypto exchanges all around the world have been hit by a barrage of sophisticated and well-planned ransomware campaigns. From high-profile ...
1 year ago Bleepingcomputer.com
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
11 months ago Bleepingcomputer.com
Rug Pull Schemes: Crypto Investor Losses Near $1M - Check Point's Threat Intel Blockchain system has revealed a new scam, shedding light on the persistent threat of Rug Pulls - a deceptive tactic causing financial losses for investors. The company's system recently identified suspicious activities ...
1 year ago Infosecurity-magazine.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com
CVE-2018-2720 - Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low ...
5 years ago
CVE-2020-2891 - Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low ...
4 years ago
CVE-2020-2945 - Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). Supported versions that are affected are 8.0.7 and 8.0.8. ...
4 years ago
CVE-2020-2943 - Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable ...
4 years ago
CVE-2020-14691 - Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low ...
4 years ago
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
11 months ago Bleepingcomputer.com
Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
1 year ago Bleepingcomputer.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
1 year ago Bloomberg.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
1 year ago Bleepingcomputer.com
Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023 - As per crypto security firms, this was the first time since 2020, that the trend has been declining. Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company ...
11 months ago Cysecurity.news
Industrial and Commercial Bank of China dealing with LockBit ransomware attack - One of the world's largest banks is dealing with a ransomware attack, according to media reports on Thursday. The Financial Times first reported that the state-owned Industrial and Commercial Bank of China - China's biggest, with revenues of $214.7 ...
1 year ago Therecord.media
Android/SpyNote Moves to Crypto Currencies - Affected Platform: AndroidImpacted Users: Android users with mobile crypto wallet or banking applicationsImpact: Financial LossSeverity Level: Medium. It has grown into one of the most common families of malware for Android, with multiple samples, ...
10 months ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)