A Tale of Two Hacks: Gaining and Losing Crypto Fortunes
Cash.Tech Newsletter #14: Hacker recovers long-lost crypto wallet with $2M, OpenSea exposes NFT holders to front-end bug
The last decade of crypto has been rife with stories of investors losing billions of dollars as a result of a forgotten passphrase or a security breach. However, this week delivered two contrasting stories of investors regaining access to long-lost crypto wealth and another crop of users losing thousands of dollars to a front-end bug in the popular NFT marketplace OpenSea.
This week’s Cash.Tech Newsletter brings you a roundup of these stories and highlights how the Cash.Tech Wallet is built from the ground up to provide a superior security experience. First, we are pleased to share that despite crypto markets taking a beating in the past week, our development team has been working hard to reach several milestones.
Cash.Tech development update
Cash.Tech is live in the Google Play Store! Last week, our development team polished the preview images in our Google Play Store Listing. The updated preview images more accurately reflect the intuitive user experience currently served on our latest Android release.
We are also thrilled to announce significant progress on the planned Merchant Protocol. The team has completed the system design for backend features and also refined the product requirement document following intensive discussions about the design. Core features such as the Merchant product listing process and buyer payment address settings have been completed.
As noted in our 2022 roadmap, Cash.Tech plans to launch a Micro Loan feature for merchants and users. The team has now completed competitive research into the niche, reviewing existing platforms such as Binance Loan and DeFi protocol Aave. This close review will assist the team in developing a product with a clear market fit and greater utility for our native $CATE tokens.
In addition to recent recruitments, Cash.Tech is still onboarding new developers to the core blockchain team to accelerate the pace of feature releases. The team is also working on the product requirement document, system design for front-end, and UX design for critical user interface and hopes to report major progress in the coming weeks.
The development team is poised to keep building despite prevailing market conditions. We will keep the community updated as new milestones are reached in our goal to deliver a complete crypto wallet experience.
Hacker Recovers Wallet With $2M Worth of Crypto
Billions of dollars worth of Bitcoin and other cryptocurrencies are permanently lost as a result of owners losing access to the keys to access the coins. A research study by security firm Chainalysis reports that over 3.8M BTC ($1.2 trillion) are permanently lost as their holders haven’t moved them in the past decade.
New-York based entrepreneur Dan Reich and his friend had invested $50,000 into Theta tokens in 2018 and almost added that figure to the growing number of permanently lost coins. The coins were purchased at the price of $0.21 on a Chinese crypto exchange, but were subsequently moved to a Trezor One hardware wallet after the exchange had to wind down due to regulatory pressure.
When the price of Theta dropped by over 75% in a year, the friends wanted to sell the assets and recover their losses but couldn’t do so since they had lost the recovery phrase as well as the pin used to lock the wallet. After 12 unsuccessful attempts out of the 16 permitted before the wallet wiped out the entire memory, the friends gave up and decided to view the money as permanently lost.
However, the price of Theta soared as high as $15 per coin meaning the lost assets briefly topped $3 million. This rapid rise caught the friends’ attention and forced them to start looking for ways to hack into the wallet, something that was deemed practically impossible at the time.
The Verge reports that Joe Grand, a serial hardware hacker, was able to execute a “fault injection attack” on the device to breach Trezor’s security, and recover the pin. While Trezor has fixed the vulnerability since then, its existence meant the friend became $2 million richer after rewarding Joe Grand handsomely for his efforts.
OpenSea bug exposes investors to $750,000 theft
Some users of the popular NFT marketplace, OpenSea, were on the receiving end of a shocking experience this week. A front-end bug allowed a hacker to nab up to $800,000 by selling several NFTs held by users way below their current market price.
The Mutant Ape Yacht Club, Bored Ape Yacht Club, and Cool Cats collection were mainly affected. In one instance, the attacker sold a Bored Ape Yacht club NFT for just 0.77 ETH, even though the asset had an 86 ETH floor price. The hacker sold NFTs at prices that their owners had listed in the past, even though the owners have now stipulated new and higher prices.
OpenSea says it has addressed the bug and is understandably “making things right” by offering compensation to affected users. However, it is not to be ignored that affected users have lost unique NFT assets which they may never recover.
Cash.Tech offers full self-custodial crypto access
Cash.Tech Wallet is built from scratch to provide users with unparalleled security. The Cash.Tech security team remains on top of industry research into new and existing vulnerabilities facing self-custodial wallet solutions, including Trezor. Exploiting wallet vulnerabilities such as the one detailed in this piece will be almost impossible as the Cash Tech team implements the latest security tech. We give users access to all the benefits of crypto in a fully secure self-custodial fashion.
Cash.Tech is already live on Mainnet for Android and iOS users. Android users can now access the app on Google Playstore, with the iOS version coming to the Apple Store in the coming weeks! Apple Users can access Cash.Tech via https://testflight.apple.com/join/In3h8jr9.