Mark Cuban says he was tricked into a $870,000 hack via a dodgy Google link

A version of this story appeared in our The Decentralised newsletter. If you want to read this or our other newsletters before your friends do, don’t hesitate to sign up.

Hey everyone, Tim here.

Welcome back to The Decentralised, where we attempt to make sense of all the top DeFi shenanigans that took place over the past week.

Last Friday, Ekin Genç and Adam Morgan McCarthy broke the news that hackers drained $870,000 from celebrity entrepreneur and owner of the Dallas Mavericks, Mark Cuban.

Onchain movements first pointed out by pseudonymous crypto sleuth @WazzCrypto put Ekin and Adam on the trail, who then followed up with Cuban himself to confirm the hack.

NOW READ: Serial ‘pig butchering’ scam victim loses almost $10m in crypto despite warnings

Cuban attributed the hack to him downloading a fake version of the popular non-custodial wallet MetaMask.

“I’m pretty sure I downloaded a version of MetaMask with some shit in it,” he told DL News, explaining he had searched for Circle on Google, not MetaMask.

But how did a seasoned investor and crypto user like Cuban end up downloading malware?

From what Cuban told us, we believe a phishing link in a search engine like Google’s sponsored advertisements is the most likely culprit.

Hackers targeting crypto users often create fake versions of popular sites like Uniswap, MetaMask, and even DefiLlama.

The fake sites use very similar URLs to the real ones, making them difficult to detect at a glance.

The fake sites are designed to drain the wallets of unsuspecting users or get them to download malware which steals their private keys.

Cuban was unaware his wallet had been hacked when approached by DL News.

By alerting him early, he was able to transfer about $2.5 million of assets and several valuable NFTs the hacker initially missed to the safety of his Coinbase account.

Although the hack cost him almost a million, the damage could’ve been a lot worse.

It’s rare for such a high-profile figure to fall victim to a hack, but malicious search engine ads targeting crypto users aren’t new.

There are reports of such scams dating back as far as 2021.

DL News recommends bookmarking the URLs of crypto and DeFi sites you use so you never get caught out by a rogue ad.

We’re trying to reach google for comment and will keep you posted.

Next up, Aleks Gilbert investigated Coinbase’s buzzy layer 2 blockchain Base, and how it plans to maintain user activity after the end of its Onchain Summer rewards programme.

Aleks pointed out that after the end of similar rewards programmes on rival layer 2s Arbitrum and Optimism, activity on those chains plummeted.

Personally, I don’t think Base has much to worry about. It’s got some solid use cases which transcend the financial merry-go-round of mercenary capital looking for the best incentives and yield.

The obvious one is Friend.tech, the crypto-based social media platform that lets users buy and sell shares — called keys — of X personalities.

NOW READ: She lost $80,000 in a crypto romance scam. Now she’s fighting back

At its core, Friend.tech is a way for personalities to monetise their attention. The results are immediate, quantifiable and come with some serious bragging rights in the form of how much a user’s key is worth.

Beyond Friend.tech, there are some less talked about uses for Base, too.

Parallel, a sci-fi collectible card game reminiscent of Magic: The Gathering, is also making inroads by selling starter decks on Base.

Since Parallel launched its closed beta at the start of August, the price of its PRIME currency token, used to buy items and perks in-game, has soared.

Lastly, DL News’ in-house researcher Tyler Pearson put together a detailed list of every single hack attributed to the North Korean cybercrime syndicate Lazarus Group (spoiler alert: there’s a lot).

Over the past 16 years, the group has swiped a colossal $3.4 billion in crypto, mostly from crypto companies and investors.

So far in 2023, Lazarus has been blamed for at least $256 million stolen in crypto hacks.

NOW READ: How North Korea’s Lazarus Group used a fake job offer to steal $37m from CoinsPaid

In recent weeks, some have doubted whether super coders from the hermit kingdom are really behind all the hacks attributed to them by the US government.

Sceptics point to North Korea’s relative lack of technical capabilities as reason to doubt such claims.

While I’m a big proponent of the “don’t trust, verify” mentality, especially when it comes to governments, I think Lazarus really are behind the hacks.

In Michael Lewis’ Flash Boys he highlights the strange phenomenon of Russians who grew up under Soviet rule becoming some of the world’s best computer programmers, despite having far fewer resources at their disposal.

There are a few different theories as to why this was the case, but regardless of which is correct, I think a similar thing is happening in North Korea today.

Be sure to read Ty’s full story here for a year-by-year breakdown and comments from leading cybersecurity experts.

Data of the week

Lazarus Group remains at large, but in 2023 the group stole substantially less in crypto hacks than in 2022.

A big reason why 2022 was such a bad year was due to Lazarus’ $625 million Ronin bridge heist in March.

Another reason is that the value of stolen assets — specifically altcoins — has fallen along with crypto prices.

As awareness of Lazarus’ tactics spreads — such as using social engineering techniques and leveraging platforms like LinkedIn — hopefully fewer firms will fall victim to them in the future.

This week in DeFi governance

TEMP CHECK: An Aave GHO Liquidity Committee?

DAO delegate platform TokenLogic is polling Aave DAO on a GHO Liquidity Committee to help grow the lending protocol’s stablecoin.

TokenLogic proposes allocating 406,000 GHO to incentivise GHO liquidity on Balancer, Maverick and Uniswap via Bunni.

VOTE: dYdX votes to expand governance to wethDYDX

dYdX is voting to implement wethDYDX into dYdX v3′s governance system. The upgrade will give the wrapped version of the DYDX token — wethDYDX — the same utility and functionality as ethDYDX.

PROPOSAL: Frax floats similar staking yields to MakerDAO’s DSR

The Frax core team wants to introduce sFRAX, a staked version of the protocol’s stablecoin that earns interest.

The proposal says sFRAX will target (but not guarantee) the same returns as the Federal Reserve Interest on Reserve Deposit Rate.

Post of the week

A close encounter with alleged alien bodies in Mexico caused a stir last week.

Although the bodies have been widely discredited as a hoax (a report debunking them claimed they’re fakes made from, among other things, llama bones), the humour of the situation didn’t escape the crypto community.

Dozen of accounts on Crypto Twitter used pictures of the aliens to do what they do best: create memes.

What we’re watching for next week

Arbitrum’s DAO has voted to allocate 50 million ARB tokens — currently worth about $41.5 million — to projects building on the layer 2 chain.

We’ll be watching to see where exactly the money gets allocated and how much impact it will have.

Have you joined our Telegram channel yet? Check out our News Feed for the latest breaking stories, community polls, and of course — the memes. https://t.me/dlnewsinfo

Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out to him with tips at tim@dlnews.com.

Disclosure: Tim holds over $1,000 worth of Ether, Swell staked Ether, Redacted Cartel, and GMX. He also holds an insignificant amount in NFTs.