Latest News

Global Tensions Drive Investors Towards Bitcoin as Safe Haven

CEO Mullin Considers OM Token Burn to Restore Investor Confidence Amid Recovery Concerns

$7 Million Exploit Hits KiloEx: Flawed Access Control Allows Price Manipulation Across Multiple Chains

Ethereum Layer-2 ZKsync Airdrop Account Hacked for $5M

Mass Liquidations and Volatility: $OM Futures See Sharp Open Interest Collapse and Leverage Spike

Arbitrum’s RWA Market Surpasses $200 Million Amid Institutional Interest but Faces ARB Token Unlock Concerns

$TRUMP Token Faces Mounting Pressure Ahead of Major Unlock as Market Cap Plummets

$250 Could Still Do Damage With SOL, BTC, and ETH

Semler Scientific Agrees to Pay DOJ $30M to Settle Fraud Investigation
8 hours ago

Semler Scientific Agrees to Pay DOJ $30M to Settle Fraud Investigation

Healthcare technology firm Semler Scientific has reached a tentative settlement agreement with the U.S. Department of Justice (DOJ), disclosing in a Tuesday filing that it was prepared to pay a $29.75 million fine in order to settle all claims tied to potential violations of a federal anti-fraud law related to its marketing of QuantaFlo, its flagship product. Last month, Semler Scientific disclosed that it had received a civil investigative demand, or CID — essentially, a subpoena from a federal agency that typically precedes a lawsuit — from the DOJ back in 2017. In a filing with the U.S. Securities and Exchange Commission (SEC) Semler Scientific said it had complied with several subsequent subpoenas over the following years and began initial settlement discussions with the DOJ in February. The investigation into Semler Scientific’s marketing of QuantaFlo is unrelated to its bitcoin holdings. In its Tuesday 8-K filing with the SEC, Semler Scientific — a large corporate holder of bitcoin — said that it had inked an agreement with crypto exchange Coinbase allowing it to borrow both cash and digital assets, using its bitcoin holdings as collateral. If the company’s settlement agreement with the DOJ is approved, it said in the filing, Semler Scientific “intends to borrow under the Coinbase master loan agreement and use such proceeds (along with its cash on hand) to pay the proposed settlement with DOJ.” Semler Scientific’s settlement agreement with the DOJ is in principle, meaning that it is not yet set in stone. In its Tuesday filing, the company warned investors that if the parties are unable to come to a final agreement, there is still a risk that the DOJ could file charges against the company “seeking damages in excess of such agreed settlement amount.” “Should the parties not be able to reach settlement and DOJ file a complaint, Semler Sci intends to vigorously defend itself in any such action,” the firm said in its filing. Semler Scientific currently holds 3,192 bitcoins, a stockpile worth approximately $267 million at today’s price.

CoinDesk

You can visit the page to read the article.
Source: CoinDesk
Tags : Policy

Disclaimer: The opinion expressed here is not investment advice – it is provided for informational purposes only. It does not necessarily reflect the opinion of BitMaden. Every investment and all trading involves risk, so you should always perform your own research prior to making decisions. We do not recommend investing money you cannot afford to lose.

CEO Mullin Considers OM Token Burn to Restore Investor Confidence Amid Recovery Concerns

After a tumultuous period, the OM token has seen a resurgence, driven by CEO John Patrick Mullin’s proposal to burn team tokens to regain investor trust. Despite skepticism from industry

After a tumultuous period, the OM token has seen a resurgence, driven by CEO John Patrick Mullin’s proposal to burn team tokens to regain investor trust. Despite skepticism from industry CoinDesk

A critical flaw has been exposed in decentralized perpetual exchange KiloEx. On-chain analysis has revealed that a single attacker , using a serious exploit, siphoned off around $7 million in value by manipulating oracle prices. The attack, first noted by KiloEx’s Cyver alert system, caused operational issues across three separate chains—BNB Chain, Base, and Taiko. KiloEx—known for its oracle-based pricing mechanism—now has some serious explaining to do. 7M HACK ALERTOur system has detected multiple suspicious transactions involving @KiloEx_perp across several chains. An address funded via @TornadoCash has executed a series of exploitative transactions on the $BNB , $Base , and $Taiko chains — accumulating approximately $7M in… pic.twitter.com/od4UTsSrXs — Cyvers Alerts (@CyversAlerts) April 14, 2025 The exploit happened exactly how it was planned, using a weak contract design to get at some price feeds that were not secure. That makes this a problem in decentralized finance protocols, which have many other issues besides this one. But the DeFi protocols didn’t get this by accident; they got it because the Oracle problem is hard and because it is easy to mess up access control in smart contracts. Tornado Cash Funding and Cross-Chain Exploits The activity of the attacker first set off alarms when dubious transactions were observed being sent through Tornado Cash, a privacy protocol that is commonly used to obscure the origin of funds. After that, the attacker launched a coordinated exploit campaign against the KiloEx platform, hitting it on the BNB, Base, and Taiko chains. Taking advantage of the KiloEx architecture’s MinimalForwarder contract, the actor gained the ability to control price-setting mechanisms normally restricted to certain special privileged contracts. Then, he or she used that contrived access to do a price-manipulation number on a number of assets, opening and closing positions at various distorted price levels to drain funds from the platform. The Technical Breakdown: How the Attack Unfolded The exploit centers on the MinimalForwarder contract, which did not have important access control mechanisms. This contract makes a good entry point for executing function calls across the many KiloEx smart contracts. And the exploit took advantage of this chain of operations: 1. The function setPrices in the contract KiloPriceFeed enables us to change the oracle prices. It is meant to be called under normal conditions exclusively by the contract called Keeper. 2. The 0x7a498a61 function of the Keeper contract is responsible for executing the updates on prices and when new positions are opened. This function is set up to only accept calls from the PositionKeeper contract. 3. The PositionKeeper contract contains a function, 0xac9fd279, that executes calls to the Keeper contract. This function should only be accessible through the MinimalForwarder contract. 4. Where the exploit happened: the MinimalForwarder’s execute function. The attacker found that this function could be used to spoof any “from” address by providing a fake signature. Very importantly, the function didn’t check the call data itself first, allowing the attacker to build a call that went through PositionKeeper and Keeper to end up modifying and accessing prices right at the setPrices function. The root cause of the @KiloEx_perp exploit is the lack of access control checks in the top-level contract(MinimalForwarder), which leads to the manipulation of oracle prices. The attack path is as follows: 1. The setPrices function in the KiloPriceFeed contract, which can… https://t.co/0mpPteI8JU pic.twitter.com/q0Gs5sccG8 — SlowMist (@SlowMist_Team) April 15, 2025 This exploit path allowed the attacker to first push the price down and then use the resulting artificially low price to open a long position. They then did the opposite of the first step: they pushed the price up to an absurd level, closed the position, and took the immediate profit. It was all very legal, since no actual trading took place. Aftermath and Industry Implications The overall losses across the affected chains are approximated at about 7 million dollars. Blockchain analysts have observed that the sophistication of the exploit indicates the attacker possessed a profound knowledge of KiloEx’s smart contract framework and its weaknesses. This breach renews the focus on the need for robust access controls in smart contract systems, particularly those that involve oracles and leveraged trading mechanisms. In this instance, the absence of strict caller validation permitted an attacker to construct a multi-step execution path that circumvented intended protections and granted unauthorized control over the core price-setting function. Currently, KiloEx has not provided a thorough post-mortem or stated how it plans to make whole the users it affected. Meanwhile, the decentralized finance community at large is watching the situation closely. Many of its members are using the moment as an opportunity to call for more stringent audit standards and security testing — especially in protocols that bridge multiple blockchains and seem to have a large amount of user money at stake. Events of this kind emphasize the dangers of misjudging the intricacy of smart contracts and how easily attackers can take advantage of even the smallest slipups. As DeFi keeps blossoming, the industry must shift to address the security needs of a fast-growing and ever more connected ecosystem. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news ! Image(s): Shutterstock.com

$7 Million Exploit Hits KiloEx: Flawed Access Control Allows Price Manipulation Across Multiple Chains

A critical flaw has been exposed in decentralized perpetual exchange KiloEx. On-chain analysis has revealed that a single attacker , using a serious exploit, siphoned off around $7 million in value by manipulating oracle prices. The attack, first noted by KiloEx’s Cyver alert system, caused operational issues across three separate chains—BNB Chain, Base, and Taiko. KiloEx—known for its oracle-based pricing mechanism—now has some serious explaining to do. 7M HACK ALERTOur system has detected multiple suspicious transactions involving @KiloEx_perp across several chains. An address funded via @TornadoCash has executed a series of exploitative transactions on the $BNB , $Base , and $Taiko chains — accumulating approximately $7M in… pic.twitter.com/od4UTsSrXs — Cyvers Alerts (@CyversAlerts) April 14, 2025 The exploit happened exactly how it was planned, using a weak contract design to get at some price feeds that were not secure. That makes this a problem in decentralized finance protocols, which have many other issues besides this one. But the DeFi protocols didn’t get this by accident; they got it because the Oracle problem is hard and because it is easy to mess up access control in smart contracts. Tornado Cash Funding and Cross-Chain Exploits The activity of the attacker first set off alarms when dubious transactions were observed being sent through Tornado Cash, a privacy protocol that is commonly used to obscure the origin of funds. After that, the attacker launched a coordinated exploit campaign against the KiloEx platform, hitting it on the BNB, Base, and Taiko chains. Taking advantage of the KiloEx architecture’s MinimalForwarder contract, the actor gained the ability to control price-setting mechanisms normally restricted to certain special privileged contracts. Then, he or she used that contrived access to do a price-manipulation number on a number of assets, opening and closing positions at various distorted price levels to drain funds from the platform. The Technical Breakdown: How the Attack Unfolded The exploit centers on the MinimalForwarder contract, which did not have important access control mechanisms. This contract makes a good entry point for executing function calls across the many KiloEx smart contracts. And the exploit took advantage of this chain of operations: 1. The function setPrices in the contract KiloPriceFeed enables us to change the oracle prices. It is meant to be called under normal conditions exclusively by the contract called Keeper. 2. The 0x7a498a61 function of the Keeper contract is responsible for executing the updates on prices and when new positions are opened. This function is set up to only accept calls from the PositionKeeper contract. 3. The PositionKeeper contract contains a function, 0xac9fd279, that executes calls to the Keeper contract. This function should only be accessible through the MinimalForwarder contract. 4. Where the exploit happened: the MinimalForwarder’s execute function. The attacker found that this function could be used to spoof any “from” address by providing a fake signature. Very importantly, the function didn’t check the call data itself first, allowing the attacker to build a call that went through PositionKeeper and Keeper to end up modifying and accessing prices right at the setPrices function. The root cause of the @KiloEx_perp exploit is the lack of access control checks in the top-level contract(MinimalForwarder), which leads to the manipulation of oracle prices. The attack path is as follows: 1. The setPrices function in the KiloPriceFeed contract, which can… https://t.co/0mpPteI8JU pic.twitter.com/q0Gs5sccG8 — SlowMist (@SlowMist_Team) April 15, 2025 This exploit path allowed the attacker to first push the price down and then use the resulting artificially low price to open a long position. They then did the opposite of the first step: they pushed the price up to an absurd level, closed the position, and took the immediate profit. It was all very legal, since no actual trading took place. Aftermath and Industry Implications The overall losses across the affected chains are approximated at about 7 million dollars. Blockchain analysts have observed that the sophistication of the exploit indicates the attacker possessed a profound knowledge of KiloEx’s smart contract framework and its weaknesses. This breach renews the focus on the need for robust access controls in smart contract systems, particularly those that involve oracles and leveraged trading mechanisms. In this instance, the absence of strict caller validation permitted an attacker to construct a multi-step execution path that circumvented intended protections and granted unauthorized control over the core price-setting function. Currently, KiloEx has not provided a thorough post-mortem or stated how it plans to make whole the users it affected. Meanwhile, the decentralized finance community at large is watching the situation closely. Many of its members are using the moment as an opportunity to call for more stringent audit standards and security testing — especially in protocols that bridge multiple blockchains and seem to have a large amount of user money at stake. Events of this kind emphasize the dangers of misjudging the intricacy of smart contracts and how easily attackers can take advantage of even the smallest slipups. As DeFi keeps blossoming, the industry must shift to address the security needs of a fast-growing and ever more connected ecosystem. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news ! Image(s): Shutterstock.com CoinDesk

See Also

Ethereum Layer-2 ZKsync Airdrop Account Hacked for $5M
2 saat önce
Ethereum Layer-2 ZKsync Airdrop Account Hacked for $5M
Mass Liquidations and Volatility: $OM Futures See Sharp Open Interest Collapse and Leverage Spike
1 saat önce
Mass Liquidations and Volatility: $OM Futures See Sharp Open Interest Collapse and Leverage Spike

BLOCKCHAIN

WalletConnect’s Token $WCT Goes Live Across Major Exchanges with Backing from Key Market Makers
Ethereum Faces Mixed Signals as Exchange Inflows Surge and Long-Term Whale Returns
Movement Labs Initiates Investigation into MOVE Token Misconduct Amid Market Maker Controversy

ASIA

BitMaden - Bitcoin & Altcoin, NFT, Crypto News, Markets

Contact info@bitmaden.com

twitter.com/BitMaden