Funksec Cyberattack Exposes Fuse.io Blockchain Vulnerabilities

Incident Date: Dec 13, 2024

Attack Overview
VICTIM
Fuse.io
INDUSTRY
Software
LOCATION
Israel
ATTACKER
Funksec
FIRST REPORTED
December 13, 2024

Funksec Ransomware Group Targets Fuse.io in Major Cyberattack

The emerging ransomware group Funksec has claimed responsibility for a significant cyberattack on Fuse.io, a blockchain platform known for its innovative Web3 payment solutions. This attack highlights the vulnerabilities faced by companies operating in the rapidly evolving blockchain sector.

About Fuse.io

Founded in 2019 and headquartered in Dublin, Ireland, Fuse.io is a prominent player in the blockchain ecosystem, focusing on Web3 and decentralized finance (DeFi). The company provides a comprehensive suite of infrastructure tools designed to facilitate the development of blockchain applications and payment solutions. With a team of 29 to 51 employees, Fuse.io has processed over 128 million transactions, emphasizing low-cost, mobile-first solutions that cater to businesses and developers. The platform's standout features include low transaction fees and advanced technologies like Account Abstraction and zero-knowledge proofs, which enhance transaction security and speed.

Details of the Attack

Funksec claims to have exfiltrated over 100 GB of data from Fuse.io, including complete ROCKSDB files with millions of records. The stolen data reportedly contains logs, metadata, secret hashes, session details, system information, transaction records, network secrets, API keys, cookies, and authentication tokens..

Funksec Ransomware Group

Funksec, first observed in December 2024, has quickly gained notoriety in the cybercrime landscape. The group employs double extortion tactics, combining data exfiltration with encryption to pressure victims. Their Tor-based data-leak site hosts breach announcements and a free DDoS tool, indicating a potential expansion of their ransomware operations. Funksec's activities suggest a diversification of extortion methods, possibly operating as a data broker alongside their ransomware campaigns.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.