AutoShark Exploit Caps a Busy Week In Crypto Crime

Crypto never sleeps, and neither do crypto criminals. We cast an eye over some of the more recent updates in blockchain crime, which includes good news for a number of projects.


On Friday Autoshark was the subject of an attempted flash loan exploit. The exploit was of debatable efficiency however, with the attacker collecting $580,000 after paying close to $1 million in transaction fees. 

Even AutoShark chiefs appeared stumped as to whether the exploit resulted in a loss or gain for the would-be thief.

“We are not fully certain if the attacker even made profits but we do know that the bulk of the fees went back to us which we will use to do buybacks,” said TigerShark, AutoShark co-Founder via Telegram on October 2nd. “Reason being, the exploiter paid tons in fees and he sold in huge volume that resulted in slippages for himself.”

While AutoShark and its community is determined to put a positive spin on events, a more forensic analysis of the situation is now required. Following the attack the price of FIN fell from $0.78 to $0.47 and at time of press it sits around $0.55.


AutoShark were of course not the sole project to have their brush with crypto crime this week.


Around 6,000 Coinbase customers had their accounts breached between April and May of this year, it was revealed this week. The revelation came in a Bleeping Computer report following a Coinbase blog dated September 27th.

To perpetrate the attack hackers first needed access to the victim’s email account, password, and phone number. Even so, an attack should still not have been possible with two-factor authentication enabled.

“Even with the information described above, additional authentication is required in order to access your Coinbase account. However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” explained Coinbase in correspondence to the victims.

Coinbase assures users that their mistake has been rectified, and reminds its customers to use strong passwords and to remain vigilant.

Cream Finance

As was previously reported by BSC News, Cream Finance has announced that it has now recovered the bulk of funds lost following a $29 million exploit which occurred on August 31st.

“In order to secure the return of the funds, we honored our normal 10% bug bounty and allowed the hacker to retain 10% of the funds,” said CREAM in a Twitter post on October 1st.

Cream Finance thanked Lossless and Pascal Caversaccio for their part in tracking down the hacker. The successful outcome will offer confidence to other projects and also endorse the credentils of Lossless.

Eleven Finance

Eleven Finance users also have cause to celebrate this week. The hacker behind the $4.8 million exploit in June contacted PeckShield to express regret and seek the return of the funds.

In a blog post on Thursday, September 30th, Eleven Finance relayed a message from the hacker on to their community.

“I am the exploiter of the eleven finance nerve vaults, It has been a while since the exploit happened, but I do not wish to keep the money now. I should’ve thought it better before doing the exploit, I thought of giving it back shortly after the event but unfortunately I acted maliciously back then, but I can’t change that now, I really regret my decision,” the hacker reportedly said, before concluding with the words, “Getting money by stealing is empty.”

It’s a sentiment that we can only hope propagates among other criminal elements in crypto.

The general and prompt outcomes of the several instances of crypto crime we have covered also seem to signal the idea that projects understand there are viable paths for them to take in case disaster strikes.

Source :

Leave a Reply

Your email address will not be published. Required fields are marked *