Quantitative trading firm MGNR has released the details of how it fell victim to a hack and hopes other firms can learn from its mistakes.
MGNR was targeted with a phishing email
On October 8, the company was the victim of a malicious and targeted cyberattack. The attackers seem to be very sophisticated and have scripting skills or the ability to use cross-chain bridging and mixing techniques. MGNR had shared a private key among several team members as a temporary hot wallet, which led to the attack that began with a phishing email posing as an insider, injecting a keylogger, and stealing password manager credentials. The company states that it did not follow SOTA security practices and should have known better. As a result of the hack, they have disabled some of its trading systems/wallets.
MGNR has enlisted the assistance of law enforcement, and the clues left by the thieves are under investigation. The company said that it has already recovered a significant portion of the stolen funds and has frozen some trading accounts of the hackers who had fake KYC details.
Two other crypto firms received similar emails
On October 8, quantitative trading firm MGNR tweeted that its team had discovered an urgent security issue at StarkWare, but did not provide details. Louis Guthmann, head of ecology at StarkWare, said, “This is not a security breach on dYdX. The issue is only related to one specific user.” MGNR later said it was in contact with the StarkWare and Solana teams.
The company disclosed the details of the hack because they wanted to protect other crypto companies from this type of behavior and make them aware that it is important to review their cybersecurity. They also stated that the firm heard of 2 other crypto firms receiving equally targeted attacks with similar phishing emails.