You are reading the article Wormhole Restores Hacked $300M Through Vc Funding In Largest Ever Defi Bailout updated in December 2023 on the website Kientrucdochoi.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested January 2024 Wormhole Restores Hacked $300M Through Vc Funding In Largest Ever Defi Bailout
The decentralized finance space experienced its first major setback of the year on 3 February when over $321 million in Ether were stolen from the cross-chain network Wormhole. While it was not the first multi-million DeFi hack this year, it was definitely the largest in this short time, and the second-largest ever.
The hackers had managed to mint 120,000 wrapped Ether (wETH) on Solana, after which they redeemed 93,750 wETH for ETH on the Ethereum network. The rest was swapped for other small-cap altcoins on Solana’s platform.
After promising to bring back the lost tokens, the Wormhole team has now revealed that the lost funds have been restored. And, the platform is operational again. It was also mentioned that all of the users’ funds have also been secured. Although, it will not be redeemable until further notice.
.@JumpCryptoHQ believes in a multichain future and that @WormholeCrypto is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.
— Jump Crypto 🦬 (@JumpCryptoHQ) February 3, 2023
The single largest DeFi bailout ever recorded has brought the platform back on its feet quickly. However, the mammoth task of recovering the 120,000 wETH from the hacker(s) still awaits them. To that end, Wormhole has reached out to the miscreants on-chain, offering them a $10 million bounty in return for the funds.
The platform is also yet to publish an incident report on the matter, even as many experts have jumped to the task of solving this mystery. The analysts behind Rekt Capital have come up with their own theory, stating that the hackers bypassed ‘guardians’, entities that sign off on transfers between chains on Solana’s Wormhole bridge by using a SignatureSet created in a previous transaction.
The hackers were then able to exploit a bug in the network’s smart contracts that authorizes minting of tokens, resulting in them being able to “fraudulently mint 120k wETH on Solana using VAA verification that had been created in a previous transaction.”
The developer of ETH Layer 2 solution Optimism, Kelvin Fitcher, offered a more detailed analysis of the incident on Twitter by backtracking the hackers’ steps. According to him, the hacker had first deposited 0.1 ETH into Solana before minting the exorbitant amount.
— smartcontracts (@kelvinfichter) February 3, 2023
He further explained that the “transfer message” contracts get created on Solana by triggering a function called “post_vaa”, which checks if the message is valid by checking the signatures from the guardians. The hacker was able to bypass the verification process by exploiting a few discrepancies in the code, said Fitcher, adding,
“Using this “fake” system program, the attacker could effectively lie about the fact that the signature check program was executed. The signatures weren’t being checked at all… The attacker made it look like the guardians had signed off on a 120k deposit into Wormhole on Solana, even though they hadn’t. All the attacker needed to do now was to make their “play” money real by withdrawing it back to Ethereum.”
The analyst concluded that the bug in question was about to be unknowingly fixed by Wormhole, and the exploiter probably had prior knowledge about the same and acted swiftly before the vulnerability was patched.
Attacker probably spotted the change and had prior knowledge of the sort of vulnerabilities that the older function enabled, and was able to quickly put together the attack.
— smartcontracts (@kelvinfichter) February 3, 2023
You're reading Wormhole Restores Hacked $300M Through Vc Funding In Largest Ever Defi Bailout
The Largest Continental Chain Of Volcanoes Ever Has Just Been Discovered In Australia
Australia is known for a lot of dangers. Fires, floods, horrific temperatures, apocalyptic hellscapes…
One of the few natural disasters that they’ve largely managed to avoid is volcanoes. There are no active volcanoes on the Australian mainland, but go a few million years back in time, and you’d find a very different landscape.
Researchers recently announced that they had located the largest chain of volcanoes ever found on a continent. The range of volcanoes stretches across the entire continent and onto Tasmania, a distance of over 1,200 miles (2,000 km).
How did we miss a massive string of volcanoes? They aren’t that big anymore, and they aren’t spewing lava all over the Earth. In fact, they look more like this:
Volcanic plug, Queensland
The remnants of a volcano in Queensland, Australia.
The volcanic chain was formed between 9 million and 33 million years ago, as the Australian tectonic plate moved over a hotspot in the earth called a mantle plume.
Everything on Earth, from the mountains to the oceans rests on a thin brittle layer of rock called the crust. This crust is broken into sections called tectonic plates that move around on top of a more flexible (and very hot) layer of rock called the mantle. But not every single place in the mantle is created equal. Just like on a finicky stove, there are sometimes areas of the mantle that get much hotter than others. This heat is often concentrated in a small area, and melts the crust like a blowtorch, creating a volcano in that spot. While plates can move, these hotspots tend to stay in one place.
As the plate moves over the hotspot, the volcano moves with it. It doesn’t have a heat source anymore, and gradually stops erupting and growing. Now, a new section of the crust is over that hot spot, and a new volcano starts growing, giving the old volcano a new companion.
The process continues in roughly a straight line as the plate moves over the hotspot, creating a long line of volcanoes, also known as a chain.
While the chain in Australia is the largest chain to form on a continent, it isn’t the largest one on earth. A particularly persistant hotspot formed a series of undersea volcanoes and islands in the Pacific ocean as the Pacific plate moved north and then sharply west, eventually forming the Hawaiian islands. The Hawaii-Emperor chain is over 3,700 miles (6,000 km) long.
Hawaiian Hotspot
Over the past several million years, the Pacific plate has moved north and then north-west over a hotspot. The movement formed the Hawaii-Emperor chain of volcanos, seen here.
Roblox Account Hacked? How To Get Back A Hacked Roblox Account
Can’t log in to your Roblox account? Seeing suspicious activity that you didn’t commit? Well, chances are that your Roblox account might be hacked. While this feels like a major nightmare for most players, with timely actions, you can get back your account in no time. In most cases, it is as easy as resetting your Netflix password but can be more troublesome for others. So, with no time to waste, let’s figure out how to get back a hacked Roblox account!
Regain Access to Hacked Roblox Account (2023)We will first go over the indications of a hacked Roblox account, followed by the recovery process. Use the table below to skip to account recovery steps if you are short on time.
What Happens If Your Account Is Hacked in Roblox?When your Roblox account is hacked, you lose access to it and someone else can then use your account to act as you in game experiences, message your friends, and even spend your Robux. Here are a few indications that might confirm your account is hacked:
Your Robux are missing even when you didn’t use them.
There are Roblox experiences in your history that you didn’t play.
Your friends have seen you active on Roblox games even while you were not playing.
You receive a suspicious email regarding account changes or password recovery that you didn’t trigger.
You are unable to login into your account even with the correct email and password.
How to Get Back a Hacked Roblox AccountThere are several ways to gain access to a hacked Roblox account. You can use the manual recovery options to log back in or even get professional help from customer support. Let’s explore how to go about it.
Change Your Password1. Go to Roblox’s official website (here) and log in with your existing password.
Reset Your Roblox PasswordWhile this isn’t true for every case, more often than not, hackers change the passwords of Roblox accounts to revoke access to the original user. In that case, you have to reset your account password to gain access to a hacked Roblox account:
3. If you have an email attached to your Roblox, you can use the email address or username to find your Roblox account. Choose the method that suits you.
6. Then, enter your phone number and country code to receive the PIN for resetting your Roblox account password.
If you don’t have a phone number or email attached to your account, there is no way to reset your password manually. In that case, it’s best to contact Roblox customer support before the situation escalates. The support team has the best chance of recovering your hacked Roblox account. So, here’s how to contact Roblox customer support:
1. First, go to Roblox’s official support page (here).
You will immediately receive a confirmation email about the submission. Now, you must wait until the support team gets back to you.
Account Restores EligibilityWhile contacting customer support is the best option to gain access to your account, not every account is recoverable. As per the official guidelines, the customer support team will first check how many protection measures were in place to protect your account before it got hacked. It’s best to enable features like two-step verification to keep your Roblox account safe (keep reading to find out how).
Furthermore, the support team can only help you if you inform them about your hacked account at the earliest. While you officially get 30 days to report a hacked account, we suggest you do it within the first 48 hours if possible. The support team will take some time to analyze the situation and the hacker can continue using your account for vicious purposes during that time.
Roblox Phishing ScamsAs most of the time, Robux deals, “free Robux generators”, and free item links are phishing scams, it’s best to avoid them. Otherwise, there will be no one to help you recover your account. Though, to protect the community, you can still report other players who are trying to sell or make such deals.
Someone Else Added a PIN to My Roblox Account. How to Change It?A PIN is a numerical passcode that acts as an additional security measure over your Roblox account. It ensures only you can access an account even if you are playing games on someone else’s computer. Ironically, this feature is also popular among hackers, who instead of changing your password, add a PIN to your account, thus, preventing you from access to your own account.
If you find that a PIN has been added to your Roblox account without your knowledge, your only option is to contact the customer support team. Even if you manually reset the password or change your email, there is no way to remove or recover the PIN.
Secure Your Roblox Account with 2FA (Two-Factor Authentication)Once you get your account back or if you end you creating a new Roblox account, it’s quite important to secure it. Unless you take action, hackers can easily find their way back into your hacked Roblox account. So, let’s turn on various security measures for your account:
2. Next, go to your account settings on a web browser and use the “Add Phone” and “Add Email” options. You will have to verify both of them. While hackers might get access to your email, your phone number can act as an easy mode to recover the account.
3. Then, move to the “Security” section in the left sidebar.
4. Within the security settings, toggle “on” any or all three “2-step verification” methods. If your device has a facial or fingerprint scanner, we suggest you enable the last option as well.
5. Then, scroll down within the same page and use the “Sign Out” option. It will force Roblox to sign your account out on all devices that are using it.
Frequently Asked QuestionsHow to recover a Roblox account without an email or phone number
If you don’t have any email or phone number attached to your account then the “password recovery option” won’t work. In that case, you have to contact the support team and share your username to initiate account recovery.
Why did I get logged out of my Roblox account and can’t get back in?
Players can’t log in to the account while the Roblox server is down. You can check the server status on their official site (here). However, if everything is functional, chances are that your Roblox account might be hacked.
If your Roblox account is hacked, you won’t be able to use your username and password to login in. In that case, you can use the “password recovery option” to get it back.
Recover Your Hacked Roblox Account
Top 10 Biggest Artificial Intelligence Funding In The First Half Of 2023
Artificial intelligence funding is highly necessary to accelerate the AI-based purposes efficiently
Artificial intelligence funding — the one that can transform an AI startup into a successful and leading AI company across the global tech market. AI investment from reputed and popular venture capitalists is highly essential for an AI startup to boost its productivity and expand its strategies and target locations efficiently and effectively. Thus, there are multiple AI funding rounds such as Series A, Series B, Series C, and many more to motivate and appreciate the aim and purposes of these upcoming AI companies to make the world a better place. Let’s look out for the topmost valuable artificial intelligence funding to inspire a current AI startup to look forward to venture capitalists for millions of dollars of AI investment.
Top ten biggest artificial intelligence funding in the first half of 2023 Inflection AI Hugging FaceHugging Face is one of the leading operators of a top platform for hosting artificial intelligence models. It has bagged artificial intelligence funding worth US$100 million from venture capitalists such as Lux Capital, Sequoia Capital, and many more. The New York-based AI startup is known for operating a Hugging Face Hub to host more than 100,000 open-source artificial intelligence models to incorporate into software projects.
OwkinOwkin is known as a medical AI startup that has received artificial intelligence funding worth US$80 million. The main aim is to collaborate with Bistrol Myers Squibb on designing clinical trials with this AI investment from Series B1 equity investment. It leverages artificial intelligence and machine learning to discover as well as develop medical treatments.
BudBud is a London-based FinTech AI startup that has secured US$80 million from Series B of artificial intelligence funding for the expansion of its open banking platform. The platform is focused on providing users access to data from a financial product efficiently and effectively. It helps global banks to reap the benefits of an open banking system to adopt digital transformation in recent times.
MoEngageMoEngage is known as one of the leading insights-led customer engagement platforms in the global tech market. It has nabbed AI investment of US$77 million in Series E led by multiple venture capitalists such as Goldman Sachs Asset Management, B Capital, and many more. the AI startup will use this AI funding to expand the target areas in the US, Asia, Middle-East, and many more with the exploration of strategic acquisitions.
Delphia SiMa.aiSiMa.ai is known as a machine learning and AI startup that has received US$30 million as AI funding from venture capitalists such as Fidelity Management and Research Company and many more. The main purpose of utilizing this AI investment is to boost the scaling of engineering as well as business teams at the international level. It helps to deliver a software-centric and purpose-built MLSoC platform to address any computer vision issue.
CastorCastor, a French AI startup, has secured US$23.5 million in Series A AI funding from venture capitalists including Blossom Capital and many more. It helps to solve the issues that come up while becoming an AI-fuelled company by understanding data. It acts as a data catalogue with proper data discovery tools.
EnsoDataEnsoData has nabbed artificial intelligence funding worth US$20 million as a Madison-based healthcare AI startup. It helps to uncover disease while the patient is in deep sleep. The venture capitalists include Inspire Medical Systems, Zetta Venture Partners, and many more. It will use this AI investment to scale multinational expansion as well as commercial distribution partnerships.
PapercupPapercup is one of the top UK AI startups that received US$20 million from Series A AI funding. It aims at bringing human emotion to artificial intelligence dubbing services across the world. It will use the AI investment to create better global video content watchable in any language with the help of emotive and realistic synthetic voices as well as AI dubbing.
What Is Defi And How Does It Work
Decentralized finance, or DeFi, is a new banking technology that aims to remove the control banks and financial institutions have over money. It allows you to hold your money in a secure digital wallet instead of keeping it in a bank. You can access and transfer your funds anywhere with internet connections and have it done instantly securely. You also don’t have to pay any kind of transaction fees in DeFi, like you would at a bank.
What Is DeFiDecentralized Finance or DeFi is a term that describes a new financial ecosystem that provides banking services to people. The difference here is that instead of depending on the obsolete textbook methods that traditional banks use, DeFi is based on blockchain technology. The term DeFi was first coined back in 2023 in a telegram chat, and this budding industry has seen an enormous amount of growth ever since.
Image you have $10,000 in your bank account. If the bank goes bankrupt, you will only be insured 25% of your money.
Image source: Piqsels
And even if the money is yours, you can’t freely cash it all out whenever you want either, due to a withdrawal limit. Alternatively, you might even be penalized if your balance is low. Lastly, banks take your money and invest it strategically to earn about 10% returns and only share 0.1% with you.
Advantages of DeFiThis is where the need for a new banking system is born, one that is designed to benefit the public. Today, there are many DeFi services that give you much higher interest rates than banks do and have way better terms and conditions.
Image source:
Piqsels
PermissionlessDeFi eliminates the need to depend on corporations for banking, giving you the freedom to make transactions in a permissionless way. Decentralized finance relieves the burden of relying on institutions for monitoring, data storage, server space, and other aspects.
By ensuring that individual transaction histories can be easily shared with the user, blockchain networks are successful in achieving all of these qualities.
Immune to Human ErrorWhen banking activities are processed by individuals working in a bank, there is always the probability of human and operational errors. DeFi relies on self-executing smart contracts.
Smart contracts are programs that run on the blockchain. Basically, it’s a piece of code that runs and executes automatically when certain conditions are met. These conditions can be anything, from the outcome of a football match to a bet on tomorrow’s weather. The best thing about them is that they are immutable and cannot be changed.
The use cases for smart contracts are wide and varied. They can be used to store information such as an agreement between two parties or property rights, financial dealings, or even as a digital marriage certificate, with no need for a third party like a government agency to mediate or enforce the contract.
Using smart contacts removes the probability of human error because all transactions are executed on a blockchain. Unless, of course, the smart contracts themselves contain the error.
TransparencySince DeFi is based on blockchains, anyone with an internet connection can see the record of each and every transaction ever made to and from the financial services you are invested in. It is transparent to everyone as all the data is processed through smart contracts that are openly available to the public. You can see and track all the movements of every single fund. Yet, it is so secure that no one can hack into this system and modify it.
Cons of DeFiImage source: Marco Verch
ScalabilityDeFi platforms are definitely a great tool to provide access to banking to everyone. However, there are concerns with the limitations of how much load a blockchain network can take at a time.
The credit card company Visa can handle 65,000 transactions per second. On the other hand, blockchains like Etherium can only handle 14 to 15 transactions a second. While there are other blockchains out there that aim to solve this issue, it’s still a work in progress.
Liquidity ConcernsAs of the last quarter of 2023, the market cap of the worldwide banking industry was estimated to be around $8.23 Trillion. Comparatively, DeFi is still a relatively small market.
At the time of this article, the total value locked in DeFi protocols is around $74.6B and has recently touched an all-time high of just over $110B in November 2023. So it may also be hard to put your faith in a sector that is so much smaller than regular banks.
ResponsibilityLet’s say you transfer money to a wrong account. In DeFi, there is no chance for you to get back your money since there is no governing body overlook the transaction. In short, there is little room for mistakes.
Types of DeFi PlatformsIn the world of Decentralized Finance, services or companies are called protocols as they are just bytes of self-executing code. With the increasing demand for DeFi services, there are a lot of new platforms being launched every day. Most of them are divided into four major categories – borrowing and lending, staking, insurance, and decentralized exchanges. Let’s take a deeper look into them.
Image source:
Pexels
Borrowing and LendingAn obvious problem coming to mind with DeFi is that how will a decentralized banking system be able to give out loans? Taking a loan from a DeFi service is just like taking a loan from a traditional bank. With services like MakerDAO, Compound, and AAVE, anyone can take out a loan without disclosing their real identity to anyone within a few minutes.
However, there is a slight difference here. Since there is no way to verify the annual income which banks use to calculate the payback capacity of the borrower, the responsibility to determine to amount to loan comes down to the collateral size.
To take a loan from a DeFi service, the borrower will need to provide a collateral of greater value than the amount they intend to borrow. For example, if you wish to take a loan of $1,000 from a DeFi protocol such as MakerDAO, you will have to collateralize $150 worth of Etherium. This over-collateralization prevent a sudden drop in the price of the collateral.
As a lender, DeFi allows anyone to loan their crypto assets to someone else and earn interest on them. Until DeFi, such luxury was a bank exclusive. However, since these loans are granted through smart contracts, which execute themselves without the need of an intermediating body, now anyone can have a bite of the lending and borrowing business.
StakingIn layman’s terms, securing or storing cryptocurrencies in a network is called staking it. When you stake your crypto, as the staker, you earn rewards in the form of the currency you’ve staked. But these rewards are there for a reason. Staked assets help proof-of-stake (PoS) based blockchains improve their speed and security.
Staking does not involve a lot of work from the user’s end after you’ve gone through the staking process it will work very well as a source of passive income. The returns on your investment would range somewhere between 5-20% per annum, depending on the crypto market and your staked coin’s price.
InsuranceIt makes sense to think that a financial system that exists entirely on the internet is very susceptible to cyber-attacks or system malfunctions which may put your assets at risk. To prevent this, companies have started insuring DeFi assets for their customers against hackers, smart contract failures, stablecoin price crashes, or others.
You can get your assets insured by paying a premium based on the size of the assets you’re insuring. For example, insuring 1 ETH against hacks on Binance for a year will cost you around 0.0259 ETH.
You can also become a coverage provider and earn interest on the assets you have lent to the company to be used as security in case a claim needs to be paid. There is obviously a risk here, as your assets might be used up to provide for a loss, but this is why the interest you earn as a coverage provider is also higher than DeFi lending.
Decentralized ExchangesDecentralized exchanges, also called as DEXs, are peer-to-peer marketplaces that facilitate the trading of cryptocurrencies without handing over your money to a third-party governing body. These exchanges use smart contracts to allow traders to execute orders without the need for a middleman. In contrast, centralized exchanges are run by a centralized institution that is in complete control of the exchange and can change its terms and conditions anytime.
DeFi Services You Can Use Today 1. AnchorAnchor protocol is a lending service that aims to provide a 20% return on stablecoins. The lenders make a return on the money they provide to the borrowers. Borrowers, in turn, have to provide collateral in the form of LUNA or ETH. This is done to prove their financial worthiness to take a loan.
When borrowers put these assets in the protocol, Anchor automatically stakes them, allowing them to earn staking incentives. Borrowers receive UST, the Terra ecosystem’s stablecoin, in exchange for their money. The funds come from lenders who deposit UST in the Anchor protocol.
To avoid liquidation, the assets that borrowers deposit must be well-collateralized. Borrowers will also be responsible for the interest on this loan, which will be reflected in their collateralization levels.
Interest rates are also determined by the amount of UST lenders on the Anchor protocol who have deposited. This interest, plus the returns from the staked “bonded” assets, is what pays lenders their 20% fixed interest rate.
2. AaveWith a rapidly expanding market size, Aave might become one of the world’s most widely used DeFi lending platforms. Aave has simplified and expedited the process of lending and earning interest on digital assets. This allows one Aave user to borrow funds from another Aave user in just a few minutes.
The maximum amount of such loans is usually kept low because they are not collateralized and are subject to costs. One of the benefits of having such a wide scale of operation and utilization is that interest rates for particular assets are steady. Another perk with Aave is that it supports over 15 cryptocurrencies, which makes the entire process of borrowing and lending even smoother.
3. Terra (Luna)If you’ve ever traded in crypto, chances are that at some point, you’ve had some USDT tokens in your wallet. Well, even though a major segment of the idea of cryptocurrencies is based on supporting decentralization, USDT tokens are centralized.
Every USDT token ever minted is backed by actual US dollars kept as collateral to balance USDT’s value against the US dollar in the real world. The involvement of these central authorities has caused numerous clashes. It resulted in the appearance of Tether scams which have the potential to disrupt the entire crypto market.
These tokens are hosted on Terra’s own blockchain that seeks to address a variety of concerns and challenges that plague even the most popular stablecoins on the market. With its Decentralized Financial infrastructure, it strives to overcome centralization and eliminate technical grudges on stablecoins.
Terra offers multiple stablecoin options, such as its TerraUSD (UST), pegged directly to the USD. It also offers TerraSDR (SDT), directly pegged to IMF’s SDR, TerraKRW (KRT) linked to the South Korea currency (Won), and TerraMNT pegged directly to Mongolian tugrik.
4. UniswapUniswap is one of the largest decentralized cryptocurrency exchanges in the world. It allows you to easily exchange cryptocurrency tokens without having to share your information with any third-party broker.
You can also participate in Uniswap’s liquidity pools to earn passive income on your crypto assets by staking. Apart from that, you can quickly trade digital assets built on the Etherium blockchain.
5. AvaxAvalanche (AVAX) is a very easy-to-use decentralized platform that allows anyone to launch their own smart contracts on the blockchain. It’s primarily designed to help people build fast, affordable dApps that are compatible with Solidity.
AVAX enables low-cost interoperability between third-party tokens. This helps enhance the DeFi environment with a permissionless framework that allows users to establish private or public customized blockchains.
It also serves as a marketplace for DeFi users, allowing them to trade, swap, and store their assets and products. Additionally, Avalanche users can customize the fundamental technology that underpins their blockchains, including validators.
Within the DeFi space, Avalanche uses a peer-to-peer payment system that has shown to be a quick, secure, and scalable network. And with the promising roadmap ahead, it is on its way to help developers easily make decentralized applications like games and social media platforms and launch them on their own customized blockchain, all using a single platform.
The Future of DeFiDeFi is rapidly changing and expanding to replicate the traditional financial services ecosystem through decentralized exchanges, lending, and borrowing of various asset types or insurance products.
Just by analyzing the growth, we can assume that DeFi can eventually have an impact on the future of centralized finance companies. DeFi is considered cheaper, faster, and more relevant alternative.
However, it’s still in the beginning stages of its evolution, which means the ecosystem is still riddled with infrastructural gaps. So before DeFi wins the title of “better solution”, there are a lot of issues that need to be solved.
Frequently Asked Questions 1. Is it safe to keep money in DeFi platforms instead of banks?Even though DeFi platforms are fairly safe due to their solid algorithms, errors can appear. It is because sometimes it takes years to find out a bug in the smart contracts running them that someone can later exploit. However, no form of store of value can be considered safe, neither banks nor DeFi. So it all depends on what risk you are willing to take.
2. What is TVL in DeFi?In the DeFi industry, TVL stands for Total Value Locked. It refers to the total amount of money invested by people in a protocol. For example, Anchor has a TVL of $15B. This means that the total sum of money staked with them is $15B.
3. How to find good DeFi projects to invest in?To find good DeFi coins to invest in, you can use crypto screeners like Coinmarketcap or CoinGeko that list out all the DeFi coins in a separate index. Moreover, they also provide basic information about DeFi projects, including details like their market cap, circulating supply, and most importantly, a summary of what the project is about.
Image credits: Pexels
Ojash Yadav
Ojash has been writing about tech back since Symbian-based Nokia was the closest thing to a smartphone. He spends most of his time writing, researching, or ranting about Bitcoin. Ojash also contributes to other popular sites like MakeUseOf, SlashGear, and MacBookJournal.
Subscribe to our newsletter!
Our latest tutorials delivered straight to your inbox
Sign up for all newsletters.
By signing up, you agree to our Privacy Policy and European users agree to the data transfer policy. We will not share your data and you can unsubscribe at any time.
Why Are Websites Hacked? How To Prevent Hacking?
Why are websites hacked? It’s not true that only top websites are hacked. Smaller websites and blogs are more vulnerable. This post takes a look at why websites are hacked, what to do if your blog is under Cyber Attack and how to prevent stealth attacks, hacking, and reduce risks.
Recently, we faced an attack that lasted for a couple of days. While the popular notion is that only huge corporate houses and government websites are the targets, the opposite also holds true. Smaller websites and blogs are targeted more… in an attempt to use them for larger attacks among other things.
Why are websites hacked? Using websites for a larger attackJust as some of us fear that the Internet of Things could be compromised to be used in DDoS attacks, websites all over the Internet can also be used by attackers to participate in launching a larger-scale attack. Compromising bank websites, corporate accounts, and government website hacking are some examples of large-scale attacks. Often the hackers do not have all the resources. They need a pretty huge number of Bots to process such large attacks, so they compromise smaller websites and keep them in their list until a large attack is planned.
Read: What is a Botnet attack.
Attackers compromise even a blank websiteHackers will compromise even a blank website or blog – to add to their list of resources. If you have built a website that uses something interactive like WordPress or Joomla, you are more prone to attacks compared to static websites.
Many plugins are used, when people use WordPress, for example. Since these plugins are interactive or based on scripts, they are used to launch a massive attack on websites with huge resources. Bandwidth etc. resources are less when it comes to smaller websites, but when we talk of sites like Amazon, the bandwidth is huge and thus, would be difficult to bring it down unless the hackers have an ample number of Bots to launch an attack as huge as to choke the service and bring it down. That’s one of the primary reasons why almost all websites are prone to hacking.
In short, Hackers have their bots crawling all over the Internet to find resources that will help them launch huge attacks. If you start a new website that employs different types of scripts, you will be added to the resource list of hackers within a month of your website launch. When the time comes, they compromise your website and use its resources for a major attack somewhere else.
Using your website resources for financial gainsCybercrime is big! Many times, hackers will try to use your site to direct visitors to:
Some other website that will pay commission to them or
Look-alike websites that will steal your personal and financial information
All they need to do is to insert a link that you won’t know is present on your website. When search engines like Google crawl your site, it will index the malicious link and present it on the results page. If somebody uses that link, they will be directed to some other websites and hackers can make money out of that redirection.
The look-alike, spoof websites are more common as they benefit hackers more by providing them with your information. Once your information – such as email ID or credit card information – is with them, they’ll use it for personal gains.
Read: How do I know if my Computer has been Hacked.
Using websites to compromise your computer or network
Use user computer/network as bots for launching an attack somewhere
Sell user information on places like Darknet for a price
Read: How to remove Coinhive crypto-mining script from your website.
Hacktivists compromise websites for social issuesHacktivists are generally a group of hackers who think they are doing good to society by acting against websites that are against their group’s views. For example, Anonymous threatened Donald Trump after the latter made some remarks against a minority group in the US. I don’t know whether they actually defaced the presidential candidate’s website, but that threat was in the news for a long time. Hacktivists in countries at war, often deface each other’s government websites.
Read: Google Project Shield offers free DDoS protection to select websites.
Revenge Hacking and CompetitionOne of the common reasons for hacking websites is taking revenge or to bring down a competitor’s website so that the person/organization or competitor suffers loss. If your site is popular in a niche and there are plenty of others struggling, they will try to hack or hire a hacker to bring your site down so that users cannot access it for days and lose interest in it.
A DDoS attack, for example, hurts and adds stress to the site owner for a period of time. Most common thing is to bring it down and deface it so that the owner faces a loss of reputation. If there is a successful DDoS attack, chances are they might try to defame the website by inserting bad code that harms its visitors. But if you are prepared already, you shut down the site and fall back on a static mirror as soon as the DDoS starts.
Read: What is Domain Hijacking and how to recover a stolen domain name.
Building a reputation or sheer boredomThere may be some who may do it out of sheer boredom, and then there may be some who may hack a site to simply ‘build a reputation’ and brag about it in their community.
How to prevent hackingThere will always be attempts to compromise your site. But if you are prepared, you can prevent hacking by a good percentage. Think of the following as precautions that will help you:
Use a good web firewall, such as Sucuri, to prevent and shut down the website as soon as an offensive is launched. And make sure that it is configured correctly.
Since the most common method of hackers is to use your own scripts against you, keep only necessary scripts.
Update your blogging software & plugins.
Plugins related to WordPress etc. are often updated, but website owners do not update the ones on their sites as they are unaware or scared to go for the update. They fear the website may be affected as a result. If you are using WordPress or Joomla, you should update the plugins regularly and if anything goes wrong – such as text alignment or something – contact a web designer to get it fixed.
Stay safe. Take these steps to protect & secure your WordPress site.
List of Services that can scan WordPress Malware?There are many free (limited) and Professional (paid) services that can scan your WordPress website on-demand, or you can keep running it in the background. Here is the list of services you can consider:
Wordfence
Sucuri
Security Ninja
iThemes Security
Jetpack
Make sure to go through each, feature, and the pricing.
Update the detailed information about Wormhole Restores Hacked $300M Through Vc Funding In Largest Ever Defi Bailout on the Kientrucdochoi.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!