top of page

Cybersecurity and Crypto

  • Writer: Dr. Jane LeClair
    Dr. Jane LeClair
  • Nov 21, 2024
  • 3 min read

Crypto Compromise…Again

by Charles Parker


Everyone is talking about cryptocurrency. Some of this is good with chatter on how much each

may be worth in six months, when they potentially will be multi-millionaires, etc. There also has been

the less than favorable press with the dark web uses of this and ransomware payments (i.e., buzzkill).

While these do hold vast volumes of wealth, there are other significant issues with the technology used.

Recently Binance had a little problem with their bridge. Well, as with most things, this wasn’t the first

and it won’t be the last. Our latest example of “This should be fine. What could go wrong?” involves the

decentralized exchange Level Finance.


What happened now?

With all the compromises in the last couple of years, all I can think is “What happened now?”

and give myself a face-palm. It must be compromise fatigue. They had a little bug/feature with their

code. This was discovered on May 2 nd . The “feature” was exploited and allowed approximately $1M of

its native token (LVL) to be stolen from the platform. Once this was detected, the activities were paused,

and the platform was taken offline. Curiously the issue was announced on Twitter.

Attack Vector


With this fun attack, the vector was the Referral Controller Contract. Of all the different forms

attacks can take, this is one of the newer ones. The post-attack response included a blockchain security

firm being contracted to review the incident.

It turns out the Level Finance Referral Controller Contract V2 had a bug/feature. This allowed

the attacker to mint the coins without depositing any collateral (e.g., money). This allowed for

approximately 214K LVL tokens to be stolen. Once this was done, the attackers traded the LVL into

Finance coins (BNB) worth over $1.1M.


Fix

Obviously, this needed to be fixed ASAP. This is a quick route to the platform to be closed and

bankruptcy filings and court. There have been many breaches in recent years with the cryptocurrencies.

Generally, the compromises have a high dollar value. This draws the attackers in much like blood in the

water drawing the sharks in.


What’s the big deal? There was an error with the code, they fixed it, <sarcasm> the issue won’t

happen again </sarcsasm>, and we are all good. This reaches more to a systemic problem. The Dev

group has their timeline to work with. At times, this isn’t easy to deal with. You still need to code the

updates, and re-scan or test them. There needs to be more emphasis the importance of testing and

follow-up. Security pentesters need the time and scope to do their jobs. When you don’t, you have

issues (e.g., losing $1.1M). They are working to recover the funds, but you know what will probably

happen.


Resources

Ebosele, L. (2023, May 2). DeFi protocol level finance hacked for $1 million.

Hill, T.M. (2023, May 2). Level finance confirms $1M exploit due to buggy smart contract.

contract

Khatri, A. (2023, May 2). Level finance loses over $1M as DeFi hit by yet another hack.

SC Staff. (2023, May 3). Nearly $1.1M stolen in level finance hack.

Shaheen, H. (2023, May 2). Level finance confirms $1M exploit due to buggy smart contract.

Toulas, B. (2023, May 2). Level finance crypto exchange hacked after two security audits.

after-two-security-audits/

</>


About the author-

Charles Parker II has been working in the info sec field for over a decade, in the banking,

 medical, automotive, and staffing industries. Charles has matriculated and attained the MBA,

 MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security

 (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and

 SCADA.

 
 
 

Comments


Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Archive
Search By Tags
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

© 2023 by Marketing Solutions. Proudly created with Wix.com

bottom of page