Crypto security firms more concerned with social media clout than the details
With memecoins regularly outperforming more established crypto projects, there’s plenty of evidence to back up the assertion that the cryptosphere often rewards attention over innovation.
From crypto influencers dumping on their followers to SocialFi projects such as FriendTech, social media following can act as a proxy for value, especially for projects without their own token.
Even crypto security auditors, supposedly behind-the-scenes players, are keen to try their hand at the social media game. Sometimes, at the expense of their credibility.
Peckshield’s classic “you may want to take a look” has caused many a heart to sink over the years, typically accompanied by a transaction hash in which hackers have extracted millions of dollars of crypto-assets.
Read more: Magic Internet Money loses its sparkle as DeFi platform hacked for $6.5M
However, while hacks may be bad for decentralized finance (DeFi) applications — not to mention their users — being the first to report them is great for engagement.
Relative newcomer Cyvers was the first to identify the attack on crypto casino Stake by the North Korean Lazarus Group in September last year. However, since then, seemingly chasing the same high, it’s been prone to jumping the gun. Yesterday, an ‘ALERT’ suggested that Eigenlayer had fallen victim to a phishing scam.
Unfortunately, the ‘fake news’ was quickly shot down by ZachXBT who added “your team cannot read a block explorer” and linked to an explanation of a common phishing attack in which users are tricked into authorizing the withdrawal of assets from Eigenlayer to a scammer’s address.
In November last year, Cyvers sounded the alarm on ‘multiple suspicious transactions’ worth $12.5 million from Iranian crypto exchange Nobitex. This, however, also turned out to be overblown, amounting to nothing more than a rotation of the exchange’s hot wallets.
Cyvers isn’t the only culprit when it comes to posting engagement bait before corroborating the underlying issue, however. Tagging DeFi giants Lido and Curve Finance is a surefire way to get plenty of eyeballs on the alert.
Read more: Curve hacker not in the clear despite returning $50M of stolen funds
Even well-respected firm BlockSec has faced criticism, notably in the fallout from the $70M Curve Finance hack in July of last year.
By publicly disclosing sensitive details of a vulnerability being actively exploited, many were concerned that the information could give the hacker, or copycats, an edge over teams aiming to mitigate the problem.
Since then, some firms have tended to be more measured in their announcements, sharing partial screenshots instead of transaction links and making clear clarifications of any misinformation shared in haste.
Such was the case yesterday when BlockSec retracted its alert after the affected project hit back that the issue had occurred a week before and was already resolved.
Interconnected projects make identification tricky
The composability of DeFi products means that a quick glance at Etherscan isn’t enough to fully understand the target of an attack.
If even crypto security firms are prone to making errors, it seems a tall order to expect DeFi users to have the required crypto-literacy to distinguish a genuine threat from a security firm crying wolf.
When large projects like Eigenlayer, Lido, and Curve (Ethereum’s first, second, and eleventh largest protocols) are tagged in such ‘alerts,’ panic can spread rapidly, and scammers know how to take advantage of that panic.
Certik, whose audits are often seen as a red flag rather than a seal of approval, recently had its own X (formerly Twitter) account hacked via a common vector involving a fake Calendly link.
Read more: Seneca Protocol hack highlights dangers of Ethereum’s token approval mechanism
The account was used to announce a (fictional) vulnerability in Uniswap, directing users to a fake Revoke.Cash site where they could revoke token approvals to remain safe.
Certik-audited WOOFi was hacked for $8.5 million on Arbitrum yesterday via a price manipulation attack.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.