The Ethena website suffered what appears to be a front-end exploit on Sept. 18, and Ethena Labs has cautioned users not to interact with any site or application claiming to be Ethena.
According to a social media post from Ethena Labs, the website’s domain registrar account was compromised, and the site is currently deactivated until the issue is resolved.
Ethena Labs also reassured clients that the Ethena protocol was not affected by the exploit and that all customer funds remain safe.
Security firm Blockaid likewise warned Ethena users who were connected to the site at the time of the exploit not to sign any transactions and to disconnect wallets “immediately.”
MetaMask also issued a warning to Ethena users against fake MetaMask sites attempting to use the Ethena exploit to defraud users, steal seed phrases, and compromise passwords. The decentralized finance wallet also flagged the Ethena website as a “deceptive website” to users—discouraging its use until further notice.
Related: Ethena’s risky path: A synthetic stablecoin cautionary tale
Crypto hacks top $1.2 billion in 2024 so far
According to a recent report from Immunfi, losses from Crypto hacks surpassed $1.2 billion in 2024 at the end of August. These figures represent a disturbing 15.5% uptick in malicious activity when measured against the same period in 2023.
On Sept. 3, 2024, the Penpie protocol — an independent protocol built on top of Pendle — suffered an exploit resulting in a $27 million loss of client funds.
More recently, decentralized finance platform Delta Prime suffered a $6 million hack resulting from a private key exploit. Following the incident, Meir Dolev — chief technical officer of the Cyvers cybersecurity firm — told Cointelegraph “Hackers took control of the wallet which is the admin of Delta Prime proxy contacts.” Once the malicious actors took control of the wallets, they modified the contracts to drain Delta Prime pools on the Arbitrum network.
The Delta Prime hacker immediately converted the $6 million in stablecoins stolen through the exploit to Ethereum (ETH), and onchain sleuth ZackXBT has speculated that the malicious activity could be connected to North Korean hackers.
Magazine: Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec