Author

Topic: Decentralized Exchange Rubic hacked and losses $1m (Read 173 times)

legendary
Activity: 2212
Merit: 7064
All the crappy POS chain smart contract based exchanges are not even anything close to being decentralized. Decentralization means giving power to the people and also being censorship resistant. No middle man, no central authority who's the custodian of funds or can alter the code according to their emotions Like it was the case with dydx and uniswap
I am just monitoring nice little website called mevwatch.info and it is showing that +73% of all blocks in ethereum shitblockchain is now OFAC compliant!
Numbers is going up every day and it's just a matter of time when this number will be around 90%, we can't seriously speak about censorship resistance or decentralization for anything related with ethereum.
Rubic exchange was built with crappy code on ethereum, so this is bad multiplication formula crashing down.
member
Activity: 1103
Merit: 76
I Have no idea abotu this part,
Quote from: CryptoRubic Tweet
"We suspect it was malicious software that was used to get access to the admin wallet's private keys."
what does it mean to store assets in a cold wallet if they store private keys on online devices that are actively used to authorize various "suspicious software"? It's really bad management.

Unfortunately no one will know unless they would be investigated because they aren't answering any questions.
hero member
Activity: 2212
Merit: 670
Signature designer - start @$10 - PM me!
I Have no idea abotu this part,
Quote from: CryptoRubic Tweet
"We suspect it was malicious software that was used to get access to the admin wallet's private keys."
what does it mean to store assets in a cold wallet if they store private keys on online devices that are actively used to authorize various "suspicious software"? It's really bad management.
legendary
Activity: 2576
Merit: 1860
Another bridge bites the dust. If I'm not mistaken, this year alone, there are already almost 10 blockchain bridges falling down to hackers. The damage within the year is already north of $1 billion.

But I can't seem to wrap my mind around this new incident. Did you say Rubic is a decentralized exchange? And yet money is held by its administrator? And there's also staking?

Anyway, again, I hope this will serve as a lesson to many to avoid these cross-chain infrastructures. The crossing itself could be the point of failure.
If you have participated in discords you will be shocked how complacent people are because they connect their main wallet into these bridges/dex. I don't think bridges are going away or will still be continued to be used because they provide for easier way for people to convert their tokens into different chains.

A lot of people have always been very complacent. We can easily observe this not only in Discord and Telegram and social media sites and by connecting their main wallet to bridges, but also in the fact that many are leaving funds in centralized exchanges, or investing money in staking and liquidity pools and lending platforms, or installing extensions which they then connect to their main wallets, and so on and so forth.

Convenience and ease could be dangerous especially to many of us who are mere crypto laymen. When we use a bridge, for example, we don't do technical checking whether it is safe to use or not. We don't take even a quick peek at its smart contract whether it is secure or not. We simply trust. And given that within the year alone a total of probably at least 10 bridges have already been hacked and at least a billion dollar lost, I don't think it is still safe. So rather than risking, it is probably better to just generalize and avoid using bridges altogether.
hero member
Activity: 2786
Merit: 902
yesssir! 🫡
If there was really a cold storage, I can only imagine that it was setup wrongly. It's not the most convenient and beginner friendly. Perhaps they got lazy and exposed it in an internet enabled environment, have some lousy backup in their day-to-day PC or something. There's always something to fck things up.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
If something has nice and shiny DEX label, it doesn't mean it is really decentralized.
All the crappy POS chain smart contract based exchanges are not even anything close to being decentralized. Decentralization means giving power to the people and also being censorship resistant. No middle man, no central authority who's the custodian of funds or can alter the code according to their emotions Like it was the case with dydx and uniswap
1. "Decentralized" exchange dYdX confirms blocking accounts linked to tonado cash
2. "Decentralized'' exchange Uniswap starts blocking token access
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
If something has nice and shiny DEX label, it doesn't mean it is really decentralized.
I never heard about this Rubic exchange, but it was never really decentralized and it's built on top of centralized blockchain that support censorship, so no surprise they got hacked so easily.
All of this so called ''bridges'' are operated and maintained by one or two guys with full control over everything, and security practices are usually very low.

One of the most common way on hooking up people to make use of certain platform/service whenever they do really read up that DEX label without even tending to dig deep further which would make them

realize that it wasn't decentralized at all.Its true on what Darker45 said above about bridges exploits which we do have lots and it is indeed losing millions of dollars.

We dont know if the story behind Rubic if its real or just alibi.This is one of the risk when you do deal up with things here on crypto space specially into those who are
really that a fan on using up these certain platforms.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I think all these bridges are going to be hit sooner or later, either by an inside job as BitMaxz said or just due to crap coding.
You have a lot of people trying to do a lot of things on no budget, so they put up some crap code and hope it works, and then they think they will fix it when the money starts flowing in. But that never happens, either the crap code stays up because the funds get spent on something else. Or the money needed never comes so they wind up leaving the crap code up because there is no money to fix it.

Either way, it's going to continue to be bad until people stop putting money into crap exchanges.

-Dave
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook

reading the whole tweet makes me think this is not a hack but it is stealing in disguise of a hack, they said the affected wallet was a cold wallet but a hacker was able to get the funds through a software. Doesn't make any sense and they dont keep it in a multi-sig wallet.

This is imppssible if someone could hack a cold wallet without internet connection.
That is why they call it cold wallet or storage the device or PC should never connected to the internet.

I guess this is another inside job just like what happen on other exchanges like in Poloniex or the same issue like in NiceHash.
member
Activity: 1103
Merit: 76
Another bridge bites the dust. If I'm not mistaken, this year alone, there are already almost 10 blockchain bridges falling down to hackers. The damage within the year is already north of $1 billion.

But I can't seem to wrap my mind around this new incident. Did you say Rubic is a decentralized exchange? And yet money is held by its administrator? And there's also staking?

Anyway, again, I hope this will serve as a lesson to many to avoid these cross-chain infrastructures. The crossing itself could be the point of failure.
If you have participated in discords you will be shocked how complacent people are because they connect their main wallet into these bridges/dex. I don't think bridges are going away or will still be continued to be used because they provide for easier way for people to convert their tokens into different chains.
hero member
Activity: 3024
Merit: 745
Top Crypto Casino
These dexes or cexes can always hide in the back of being hacked when they're trying to getaway from their users and steal the funds that has been into them.
I have never known this dex but usually that's what happens that if they are targeted by hackers, they are the ones that's setting it up and making a foul play to make it look like that they really are a victim. Having that sums of funds and downloading some app that you know that might compromise the hot/cold wallet, what kind of thinking is that?
legendary
Activity: 2212
Merit: 7064
If something has nice and shiny DEX label, it doesn't mean it is really decentralized.
I never heard about this Rubic exchange, but it was never really decentralized and it's built on top of centralized blockchain that support censorship, so no surprise they got hacked so easily.
All of this so called ''bridges'' are operated and maintained by one or two guys with full control over everything, and security practices are usually very low.
legendary
Activity: 2576
Merit: 1860
Another bridge bites the dust. If I'm not mistaken, this year alone, there are already almost 10 blockchain bridges falling down to hackers. The damage within the year is already north of $1 billion.

But I can't seem to wrap my mind around this new incident. Did you say Rubic is a decentralized exchange? And yet money is held by its administrator? And there's also staking?

Anyway, again, I hope this will serve as a lesson to many to avoid these cross-chain infrastructures. The crossing itself could be the point of failure.
member
Activity: 1103
Merit: 76
"One of our admin’s wallet addresses was compromised."

We suspect it was malicious software that was used to get access to the admin wallet's private keys.

https://twitter.com/CryptoRubic/status/1587704548688367619
https://www.coindesk.com/tech/2022/11/02/cross-chain-dex-rubic-loses-over-1m-in-funds-after-hackers-gain-access-to-private-keys/

reading the whole tweet makes me think this is not a hack but it is stealing in disguise of a hack, they said the affected wallet was a cold wallet but a hacker was able to get the funds through a software. Doesn't make any sense and they dont keep it in a multi-sig wallet.
Jump to: