Coinbase-backed Truflation Suffers Malware Attack, Loses Around $5M

Highlights:

• Truflation suffered a malware attack, losing over $5 million from its treasury and wallets.
• CEO Stefan Rust confirmed that customer funds remain secure amid ongoing investigations and monitoring.
• Cyberattacks on cryptocurrency platforms are increasing, highlighting ongoing vulnerabilities in the crypto ecosystem.

Truflation, a blockchain-based platform for real-time economic data, issued an urgent alert after detecting a suspicious transaction on its platform on Sept. 25. The company reported that a hacker executed a malware attack.

Blockchain investigator ZachXBT first posted about the hack on the Telegram channel. The firm stated approximately $5.23 million was lost from Truflation’s treasury multisignature and personal wallets on Ethereum, along with around $100,000 lost across seven other chains combined.

Later, Truflation announced on X that it had identified unusual activity and experienced a malware attack. “We are currently monitoring the situation and are taking measures to protect funds while we are investigating and working with law enforcement,” the project shared.

On September 25th, 2024, the Truflation team detected some abnormal activity. An attacker launched an attack using malware.

We are currently monitoring the situation and are taking measures to protect funds while we are investigating and working with law enforcement. The…

— Truflation (@truflation) September 25, 2024

In a video on X, CEO Stefan Rust reassured users that no customer funds are at risk. He stated Truflation is closely monitoring the situation and taking steps to protect its funds while working with “leading industry partners” and law enforcement.

NO CUSTOMER FUNDS AT RISK: Truflation Hack Update #2

CEO Stefan Rust has the latest update as of 8pm EST. pic.twitter.com/ocgJM1hqSL

— Truflation (@truflation) September 25, 2024

Backed by investors like Coinbase Ventures and Chainlink, the project is also trying to contact the hacker and is open to negotiations. Furthermore, it announced plans to reward white hats who assist in this matter. Truflation notified users that staking is currently unavailable and liquidity on DEXs is limited.

Blockchain security firm Cyvers estimated the loss at $4.95 million in a separate analysis. The stolen assets comprise approximately $3.89 million in Truflation (TRUF) tokens, $1.07 million in Ether (ETH), and $236,000 in DAI stablecoin from the team’s Ethereum wallets.

🚨ALERT🚨Our system has earlier today detected a suspicious transaction involving @truflation!

It seems that their #safe address has been compromised! Total loss is around 56,872,500 $TRUF worth of $4.6M
Want to secure your assets and prevent future attacks?
Contact us please! https://t.co/hzTpHQWToA pic.twitter.com/1uhWdP2PYC

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 25, 2024

TRUF Token Experiences Volatility Following the Truflation Malware Attack

After the announcement, the TRUF token dropped 15.6% to $0.068 within 90 minutes but partially recovered to $0.077. The token’s market cap is currently $7.24 million.

Truflation, launched in December 2021, is a blockchain-based service providing real-time economic and inflation data. It also runs a data marketplace that tracks various commodity indexes such as sugar, cocoa, coffee, cattle, petroleum, and wheat.

Crypto Platforms Remain Vulnerable Amid Rising Cyberattacks

Recent events highlight the ongoing vulnerabilities present in cryptocurrency platforms, which continue to be prime targets for both cybercriminals and nation-states. Chainalysis reports that hackers stole nearly $1.7 billion from these platforms in 2023, down from the record $2 billion lost the previous year. Although the total amount lost decreased, the number of individual incidents aimed at these platforms increased from 219 in 2022 to 231 in 2023. The collapse of several prominent exchanges and the significant decline in cryptocurrency values largely drive this rise.

United Nations experts are examining 58 cyberattacks on cryptocurrency firms, believed to be carried out by North Korean hackers. The attacks resulted in approximately $3 billion in illicit earnings over six years.

Cybercriminals and nation-states persist in exploiting vulnerabilities in crypto platforms, facilitating large-scale thefts. Just this week, another well-known crypto platform lost around $8 million, while last month saw over $300 million in Bitcoin stolen from the Japanese exchange DMM Bitcoin.