Another crypto firm has suffered another major hack

An illustration of Bitcoin with a financial value graph
(Image credit: eToro)

In another stellar example of why “not your keys, not your money” should be the mantra of virtually every cryptocurrency enthusiast - more than $140 million worth has been stolen in another serious security incident.

The funds were stolen from a company called Vulcan Forged - a mishmash of an NFT marketplace, blockchain games host, and a decentralized exchange (DeX). Unlike centralized exchanges, DeXes rely on their users to provide the liquidity needed to make trades, and the users that do provide the liquidity earn staking rewards in return.

In a series of tweets, the company explained that someone managed to obtain the private keys to 96 wallets, and cleared some 4.5 million PYR (VulcanForged’s cryptocurrency, to be used within its ecosystem) from those wallets - worth around $140 million when the news broke - although at the time of going to press time, this had fallen to around $99.5 million. 

Not your keys, not your money

When a user creates a Vulcan Forged accounts, they get a couple of different wallets, including one for Ether and one for Polygon. The private keys are managed by the wallet management service Venly, and not the users themselves. 

Venley told TechRadar Pro that its network has not been breached during the hack and it stood behind the security of its solution.

“After thorough research, we can confirm that all Venly B2B and B2C Wallet users outside of Vulcan Forged are safe. None of our other clients or end-users are affected,” Tim Dierckxsens, the CEO and Co-Founder of Venly, wrote in a blog post responding to the incident.

“The Venly Team will continue to support Vulcan Forged and all its users to the best of its abilities in all transparency. We also want to emphasize the great efforts of Vulcan Forged to ensure a good outcome for all its users.”

Given that the private keys were taken, there’s very little users, or the company, can do, to stop the crooks from getting away with the digital cash. Vulcan Forged called for the users to remove their liquidity from the DeXes, to make it more difficult for the perpetrators to cash out. 

Centralized exchanges, who can block the transactions to some extent, as faking an identity there is basically impossible, have also been notified, and certain funds have been stopped, it was said. 

How the theft happened, and whether or not any malware was involved, is still unknown.

  • You might also want to check out our list of the best firewalls right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.