Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch Dec 26 to Jan 1

Validated Project

From 26 December 2022 to 1 January 2023, all security incidents that have occurred were all Security Hacks.

SECURITY HACKS:

1. BitKeeps Client Gets Hacked

On 26 Dec, the team behind BitKeep, a popular wallet claimed that some of its wallet’s downloan links were hijacked by hackers and the normal links were replaced by malware.

It was reported that a lot of BitKeep users suffered from this hack and crypto assets worth around US $3 million were exploited.

The attacker’s address was 0xC6f70B2bC123936B486Bc89110243108FF93B21e on the BNB chain.  

2. Hacker Attacks PECO and DFI

On 26 Dec, Amun, an index product provider claimed that two of this applications PECO and DFI deployed on Polygon were attacked.

The attacker was identified to be 0xf8b17Df4da32FAfDdA970aE1f76D2DbfF7091913 on Polygon. The attacker exploited a vulnerability to take full control of the “relalance” manager, mint 80 billion tokens and dump all these tokens on all available DEXs. The hacker repeated this attack on the DFI token as well.

Right after the Amun team detected this incident, the team promptly rebalanced the contract manager such that it was controlled by the company’s multi-sigs.

The team would compensate all the affected token holders for their loss and will announce a repayment schedule soon.

After this incident happened, PECO’s price crashed to near zero.

Crypto assets worth around US $300,000 were exploited in this incident.

3. Hacker Attacks BTC.com

On 26 Dec, BIT Mining Limited announced that its child company BTC.com was attacked on December 3 and some crypto assets were exploited.

At the time of writing BTC.com had been back to work. BIT Mining Limited had reported this case to a local police office in Shenzhen, CHINA. This case had been under investigation. The company would do every effort to restore the exploited assets.

Crypto assets worth around US $700,000 were exploited in this incident.

4. Hacker Attacks Jaypeggerz

On 29 Dec, a hacker attacked Jaypeggerz, a dApp deployed on Ethereum.

The root cause was that the JAY contract allowed users to pass any ERC-21 token to the buyJay function. The hacker exploited this vulnerability to re-enter the JAY contract.

Basically the hacker flash-loaned 72.5 ETHs, bought JAYs with 22 ETHs and then called the buyJay function by passing a fake ERC-721 token with the remaining 50.5 ETHs. With this fake ERC-721 token, the hacker called the sell function to re-enter the JAY contract, manipulated the JAY’s price and sold all JAYs.

The hacker repeated this process and eventually exploited 15.32 ETHs worth around US $18,000 in this incident.

All exploited assets were cashed out via Tornado Cash.

Additional Details:

- Attacker’s Address: 0x0348d20b74ddc0ac9bfc3626e06d30bb6fac213b on Ethereum

- Attacking Contract: 0xed42cb11b9d03c807ed1ba9c2ed1d3ba5bf37340 on Ethereum

- Attacked Contract: 0xf2919d1d80aff2940274014bef534f7791906ff2 on Ethereum

- Hash Value of Attack Transaction: 

0xd4fafa1261f6e4f9c8543228a67caf9d02811e4ad3058a2714323964a8db61f6

5. Hacker Attacks Gummys Discord Server

On 29 Dec, a hacker attacked Gummys’ discord server. Gummys is a Web 3 steaming platform.

6. Hacker Attacks PartisiansNFTs Discord Server

On 30 Dec, a hacker attacked PartisiansNFT ’s discord server. PartisiansNFT is an NFT project.

7. Hacker Attacks Kenomis Discord Server

On 31 Dec, a hacker attacked Kenomi’s discord server. Kenomi is an NFT project.

8. Hacker Attacks Everybodys Discord Server

On 2 Jan, a hacker attacked Everybodys’ discord server. Everybodys is an NFT project on Ethereum.

CONCLUSION-

8 notable security incidents have occurred in the past week. It is worth noting that the BitKeep incident affected numerous wallet users.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. Particularly we suggest crypto investors should have a cold wallet and put most of their crypto assets in their cold wallets.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Comments

All Comments

Recommended for you

  • American Bitcoin's Bitcoin reserves have increased by approximately 623 BTC in the past 7 days, bringing its current holdings to 4941 BTC.

    Emmett Gallic, a blockchain analyst who previously disclosed and analyzed the "1011 insider whale," posted on the X platform revealing updated data on the Bitcoin reserves of American Bitcoin, a crypto mining company supported by the Trump family. In the past seven days, they increased their holdings by about 623 BTC, of which approximately 80 BTC came from mining income and 542 BTC from strategic acquisitions in the open market. Currently, their total Bitcoin holdings have risen to 4,941 BTC, with a current market value of about 450 million USD.

  • The US spot Ethereum ETF saw a net outflow of $19.4 million yesterday.

    according to TraderT monitoring, the US spot Ethereum ETF had a net outflow of 19.4 million USD yesterday.

  • Listed companies, governments, ETFs, and exchanges collectively hold 5.94 million Bitcoins, representing 29.8% of the circulating supply.

    Glassnode analyzed the holdings of major types of Bitcoin holders as follows: Listed companies: about 1.07 million bitcoins, government agencies: about 620,000 bitcoins, US spot ETFs: about 1.31 million bitcoins, exchanges: about 2.94 million bitcoins. These institutions collectively hold about 5.94 million bitcoins, accounting for approximately 29.8% of the circulating supply, highlighting the trend of liquidity increasingly concentrating in institutions and custodians.

  • The Bank of Japan is reportedly planning further interest rate hikes; some officials believe the neutral interest rate will be higher than 1%.

    according to insiders, Bank of Japan officials believe that before the current rate hike cycle ends, interest rates are likely to rise above 0.75%, indicating that there may be more rate hikes after next week's increase. These insiders said that officials believe that even if rates rise to 0.75%, the Bank of Japan has not yet reached the neutral interest rate level. Some officials already consider 1% to still be below the neutral interest rate level. Insiders stated that even if the Bank of Japan updates its neutral rate estimates based on the latest data, it currently does not believe that this range will significantly narrow. Currently, the Bank of Japan's estimate for the nominal neutral interest rate range is about 1% to 2.5%. Insiders said that Bank of Japan officials also believe there may be errors in the upper and lower limits of this range itself. (Golden Ten)

  • OKX: Platform users can earn up to 4.10% annualized return by holding USDG.

    According to the official announcement, from 00:00 on December 11, 2025 to 00:00 on January 11, 2026 (UTC+8), users holding USDG in their OKX funding, trading, and lending accounts can automatically earn an annualized yield of up to 4.10% provided by the OKX platform, with the ability to withdraw or use it at any time, allowing both trading and wealth management simultaneously. Users can check their earnings anytime through the OKX APP (version 6.136.10 and above) - Assets - by clicking on USDG. Moving forward, the platform will continue to expand the application of USDG in more trading and wealth management scenarios.

  • The Federal Reserve will begin its Reserve Management Purchase (RMP) program today, purchasing $40 billion in Treasury bonds per month.

     according to the Federal Reserve Open Market Committee's decision on December 10, the Federal Reserve will start implementing the Reserve Management Purchase (RMP) program from December 12, purchasing a total of $40 billion in short-term Treasury securities in the secondary market.

  • Bitcoin treasury company Strategy's daily transaction volume has now surpassed that of payment giant Visa.

    according to market sources: the daily trading volume of Bitcoin treasury company Strategy (MSTR) has now surpassed the payment giant Visa.

  • The US spot Bitcoin ETF saw a net outflow of $78.35 million yesterday.

    according to Trader T's monitoring, the US spot Bitcoin ETF had a net outflow of $78.35 million yesterday.

  • JPMorgan Chase issues Galaxy short-term bonds on Solana network

     JPMorgan arranged and created, distributed, and settled a short-term bond on the Solana blockchain for Galaxy Digital Holdings LP, as part of efforts to enhance financial market efficiency using underlying cryptocurrency technology.

  • HSBC expects the Federal Reserve to refrain from cutting interest rates for the next two years.

    HSBC Securities predicts the Federal Reserve will maintain interest rates stable at the 3.5%-3.75% range set on Wednesday for the next two years. Previously, Federal Reserve policymakers lowered rates by 25 basis points with a split vote. The institution's U.S. economist Ryan Wang pointed out in a report on December 10 that Federal Reserve Chairman Jerome Powell was "open to the question of whether and when to further cut rates at next year's FOMC press conference." "We believe the FOMC will keep the federal funds rate target range unchanged at 3.50%-3.75% throughout 2026 and 2027, but as the economy evolves, as in the past, it is always necessary to pay close attention to the significant two-way risks facing this outlook."

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company