Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch Dec 26 to Jan 1

Validated Project

From 26 December 2022 to 1 January 2023, all security incidents that have occurred were all Security Hacks.

SECURITY HACKS:

1. BitKeeps Client Gets Hacked

On 26 Dec, the team behind BitKeep, a popular wallet claimed that some of its wallet’s downloan links were hijacked by hackers and the normal links were replaced by malware.

It was reported that a lot of BitKeep users suffered from this hack and crypto assets worth around US $3 million were exploited.

The attacker’s address was 0xC6f70B2bC123936B486Bc89110243108FF93B21e on the BNB chain.  

2. Hacker Attacks PECO and DFI

On 26 Dec, Amun, an index product provider claimed that two of this applications PECO and DFI deployed on Polygon were attacked.

The attacker was identified to be 0xf8b17Df4da32FAfDdA970aE1f76D2DbfF7091913 on Polygon. The attacker exploited a vulnerability to take full control of the “relalance” manager, mint 80 billion tokens and dump all these tokens on all available DEXs. The hacker repeated this attack on the DFI token as well.

Right after the Amun team detected this incident, the team promptly rebalanced the contract manager such that it was controlled by the company’s multi-sigs.

The team would compensate all the affected token holders for their loss and will announce a repayment schedule soon.

After this incident happened, PECO’s price crashed to near zero.

Crypto assets worth around US $300,000 were exploited in this incident.

3. Hacker Attacks BTC.com

On 26 Dec, BIT Mining Limited announced that its child company BTC.com was attacked on December 3 and some crypto assets were exploited.

At the time of writing BTC.com had been back to work. BIT Mining Limited had reported this case to a local police office in Shenzhen, CHINA. This case had been under investigation. The company would do every effort to restore the exploited assets.

Crypto assets worth around US $700,000 were exploited in this incident.

4. Hacker Attacks Jaypeggerz

On 29 Dec, a hacker attacked Jaypeggerz, a dApp deployed on Ethereum.

The root cause was that the JAY contract allowed users to pass any ERC-21 token to the buyJay function. The hacker exploited this vulnerability to re-enter the JAY contract.

Basically the hacker flash-loaned 72.5 ETHs, bought JAYs with 22 ETHs and then called the buyJay function by passing a fake ERC-721 token with the remaining 50.5 ETHs. With this fake ERC-721 token, the hacker called the sell function to re-enter the JAY contract, manipulated the JAY’s price and sold all JAYs.

The hacker repeated this process and eventually exploited 15.32 ETHs worth around US $18,000 in this incident.

All exploited assets were cashed out via Tornado Cash.

Additional Details:

- Attacker’s Address: 0x0348d20b74ddc0ac9bfc3626e06d30bb6fac213b on Ethereum

- Attacking Contract: 0xed42cb11b9d03c807ed1ba9c2ed1d3ba5bf37340 on Ethereum

- Attacked Contract: 0xf2919d1d80aff2940274014bef534f7791906ff2 on Ethereum

- Hash Value of Attack Transaction: 

0xd4fafa1261f6e4f9c8543228a67caf9d02811e4ad3058a2714323964a8db61f6

5. Hacker Attacks Gummys Discord Server

On 29 Dec, a hacker attacked Gummys’ discord server. Gummys is a Web 3 steaming platform.

6. Hacker Attacks PartisiansNFTs Discord Server

On 30 Dec, a hacker attacked PartisiansNFT ’s discord server. PartisiansNFT is an NFT project.

7. Hacker Attacks Kenomis Discord Server

On 31 Dec, a hacker attacked Kenomi’s discord server. Kenomi is an NFT project.

8. Hacker Attacks Everybodys Discord Server

On 2 Jan, a hacker attacked Everybodys’ discord server. Everybodys is an NFT project on Ethereum.

CONCLUSION-

8 notable security incidents have occurred in the past week. It is worth noting that the BitKeep incident affected numerous wallet users.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. Particularly we suggest crypto investors should have a cold wallet and put most of their crypto assets in their cold wallets.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Comments

All Comments

Recommended for you

  • Cointime May 12 News Express

    1.The number of Bittensor subnets for the AI ​​project will increase to 64, and 1024 subnets will be achieved this year2.Trader predicts Bitcoin price will reach $350,0003.vladilena.eth redeemed 1930 weETH from Zircult, suspected of selling4.Solana’s on-chain DEX transaction volume yesterday exceeded the sum of five chains including Ethereum, BSC, and Arbitrum5.RSS3 VSL locked-in amount surged in the past two days and is close to 200 million US dollars 6.The transaction volume of Club Key on friend.tech platform exceeded 1 million7.Lido has paid out more than 516,000 ETH in staking rewards, equivalent to approximately $1.51 billion8.1,000 BTC transferred from TronDAO to an unknown new wallet9.Report: Justin Sun deposited 120,000 eETH into Swell L2, worth $376 million10.1707.36 BTC have flowed out of Binance in the past 7 days

  • cointelegraph ·

    Interpol Nigeria boosts cybersecurity with virtual asset training

    The training will enable officers to effectively address cybercrimes involving virtual assets, particularly stablecoins.

    Interpol Nigeria boosts cybersecurity with virtual asset training
  • cointelegraph ·

    JPMorgan’s Onyx to industrialize blockchain PoCs from Project Guardian

    Traditional firms like JPMorgan and WisdomTree are seeking to turn Project Guardian’s blockchain proofs-of-concept into scalable financial products.

    JPMorgan’s Onyx to industrialize blockchain PoCs from Project Guardian
  • cointelegraph ·

    Franklin Templeton CEO says all ETFs and mutual funds will be on blockchain

    She also warned that generative artificial intelligence was like the “kid that got an ‘F’ in math.”

    Franklin Templeton CEO says all ETFs and mutual funds will be on blockchain
  • cointelegraph ·

    OKX Ventures invests in Web3 ‘play ARPG to train AI’ game Blade of God X

    The game is currently available in early access on the Epic Games Store.

    OKX Ventures invests in Web3 ‘play ARPG to train AI’ game Blade of God X
  • cointelegraph ·

    Bitcoin volatility plunges below Tesla, Nvidia stocks amid $100K price prediction

    Lower Bitcoin market volatility often precedes significant bull runs, suggesting that the current trend could propel prices toward the $100,000 to $150,000 range.

    Bitcoin volatility plunges below Tesla, Nvidia stocks amid $100K price prediction

  • Xinjiang launches special campaign to combat illegal fundraising, with key areas including virtual currency, blockchain, etc.

    According to Chang'an Xinjiang Public Account, Xinjiang Autonomous Region and Corps have launched a joint special action to crack down on illegal fund-raising, with key areas including third-party wealth management, fake private equity, fake gold exchange and other traditional fields, as well as emerging fields such as virtual currency, blockchain, cultural tourism, film and television investment, and debt resolution services. It is reported that key cases include cases involving more than 100 million yuan and cases that have been criminally filed for more than five years.

  • A British court has postponed the final sentencing of Wen Jian, a British-Chinese national involved in the country's largest Bitcoin money laundering case, until May 24.

    On May 11th, it was reported that Jian Wen, a 42-year-old British Chinese citizen, was found guilty of "participating in arranging money laundering" in the UK's largest Bitcoin money laundering case. He could be sentenced to up to 14 years in prison. Jian Wen's defense lawyer, Mark Harries, stated that due to the judge's busy schedule, the UK court has postponed Jian Wen's final sentencing, which was originally scheduled for May 10th, to May 24th.

  • Web3 startup Star Nest completes $6 million in Pre-A round of financing

    Hong Kong Web3 music startup Star Nest announced that it has completed a $6 million Pre-A round of financing, led by Chuangqi International Limited, a wholly-owned subsidiary of Hong Kong Stock Exchange-listed company Guofu Innovation. Star Nest will collaborate with Armonia Meta Chain to develop the Star Nest SpaceStar metaverse game, which includes music, role-playing, and social features.In addition, Star Nest plans to launch its NEST project in the third quarter of 2024. Nest will receive 2.1 billion NEST tokens tailored for the project, and Star Nest will use the NEST token to build a more complete music industry token economic system. The NEST token will be widely used for purchasing performance tickets, chain game cooperation, metaverse consumption, governance voting, and other activities.

  • Over $594 million worth of PYTH is staked

    According to Dune data,  there are currently 1,201,167,362 PYTH tokens in the staked state, with a total staked value exceeding $594 million. The number of PYTH stakers has reached 151,211.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company