Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch Jan 2 to Jan 8

Validated Project

From 2 January 2023 to 8 January 2023, all security incidents that have occurred were Security Hacks.

SECURITY HACKS:

1. RTFKT’s COO Nikhil Gopalani Announces He Had Suffered Phishing Attack

On 3 Jan, RTFKT’s COO Nikhil Gopalani (@Nikgopalani) announced on Twitter that he had suffered a phishing attack and that the hacker had sold all his CloneX NFTs along with others.

He lost around US$300, 000 worth of crypto assets during this incident.

2. Worlds Beyond Announces Discord Hacked

On 3 Jan, NFT project on Ethereum Worlds Beyond (@WorldsBeyondNFT) announced on Twitter that their Discord account had been hacked and their server was temporarily compromised. The account also reported that all staff hand been banned from the server.

The account later reminded users that they will “never stealth mint” and urged users to only use their official links to avoid potential scams or hacks.

As of the time of writing, investigations are still ongoing, and the project has opened channels in Discord to aid affected users.

3. Hacker Exploits Vulnerability on Function Lacking Validation for Settings in Attack Against GDS

On 3 Jan, GDS Chain’s application deployed on the BNB chain was attacked.

The root cause of this incident was its “_lpRewardAmount” function had lacked validation for its settings. The hacker leveraged a flash-loan and exploited this vulnerability to launch the attack.

After the hack, the GDS’ price crashed by 84% and crypto assets worth around US $187,000 were exploited.

Additional Details:

- Attacker’s Address: 0xcF2362B46669E04B16D0780cf9B6e61c82De36a7

- Hash Value of Attack Transaction:

 0x2bb704e0d158594f7373ec6e53dc9da6c6639f269207da8dab883fc3b5bf6694

4. Cirrus Announce Holders of CryptoPunks, BAYCs, Meebits Suffer Phishing Scams

On 4 Jan, NFT community member Cirrus (@CirrusNFT) announced on Twitter that holders of CryptoPunks, BAYCs, and Meebits suffered phishing scams. CryptoPunks 4607, 965, and BAYC 1723 were exploited.

Later, Twitter user @CryptoNovo311 claimed that 4 CryptoPunks in his possession were stolen.

CryptoPunks and BAYCs worth above 600 ETHs (US$748, 800) were exploited in these attacks.

It was also suspected that the hacker had also exploited 111 KUMALEON NFTs and used FixedFloat to cash out.

Additional Details:

- Attacker’s Address: 0x8E25Ab3382ad5bde35A09E72d3b9a851A7cC8d00

- Attacked Address: 0x52aD8f3C506aA25b954276c5456060DAd6f3Fd7b

5. Hacker Exploits Whale Holder of GMX Through Phishing Attack

On 4 Jan, a whale holder of GMX suffered from a phishing attack on the BNB chain.

The attacker exploited 82519 GMXs worth around US $3.4 million on the BNB chain, exchanged them to 2627 ETHs and cross-chain transferred them from the BNB chain to Ethereum.

6. Hacker Attacks Deviants’ Discord Server

On 4 Jan, a hacker attacked Deviants’ discord server. Deviants is an NFT project on Ethereum.

7. Inkwork Labs Announce Discord Server Compromised

On 5 Jan, NFT project on Solana Inkwork Labs (@InkworkLabs) announced on Twitter that their Discord server had been compromised. The account later posted a follow-up thread revealing that one of their “now older mods, Krypto King#0036” had clicked on a malicious link that caused a Dyno bypass. Dyno is a Discord bot used for various purposes like moderation and user verification.

The account also reported that although the attackers had gained access to the server earlier, the attack was not conducted until everyone was away.

Inkwork Labs also reported that the accounts associated with the exploited were identified and banned. They also urged users not to click on any links unless a drops is scheduled. Moreover, they advised users to “always double check the user who’s posting the announcement. ALWAYS.”.

Relevant channels for affected users have been opened for further assistance.

8. Hacker Attacks Twitter User @TheViralFever

On 6 Jan, a hacker launched a phishing attack against Twitter user @TheViralFever by sending the users a fake link to ENS airdrop.

9. Hacker Attacks PanksNotDed’s Discord Server

On 7 Jan, a hacker attacked PanksNotDed’s discord server. PanksNotDed is an NFT project on Ethereum.

10. Hacker Attacks Cyber Kongz’s Discord Server

On 7 Jan, a hacker attacked Cyber Kongz’s discord server. Cyber Kongz is an NFT project on Ethereum.

11. Mycelium Announces Attack Due to Issue with Price Feed for ETH-USD

On 7 Jan, the team behind a DeFi perpetual application deployed on Arbitrum Mycelium (@mycelium_xyz) announced on its Twitter a that it was attacked.

The team also announced that the attack came due to an issue with its price feed for ETH-USD. Its MLP was exploited by 4% ~ 6% of the total assets, totaling around US$300, 000.

At the time of writing, the issue had been fixed and the application was back to work.

12. Hacker Attacks Yaypegs’s Discord Server

On 8 Jan, a hacker attacked Yaypegs’s discord server. Yaypegs is an NFT project on Ethereum.

13. Hacker Attacks Mech’s Discord Server

On 8 Jan, a hacker attacked Mech’s discord server. Mech is an NFT project on Polygon.

CONCLUSION-

13 notable security incidents have occurred in the past week. Most of them were phishing attacks against Discord or Twitter accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at https://www.fairyproof.com/

Comments

All Comments

Recommended for you

  • American Bitcoin's Bitcoin reserves have increased by approximately 623 BTC in the past 7 days, bringing its current holdings to 4941 BTC.

    Emmett Gallic, a blockchain analyst who previously disclosed and analyzed the "1011 insider whale," posted on the X platform revealing updated data on the Bitcoin reserves of American Bitcoin, a crypto mining company supported by the Trump family. In the past seven days, they increased their holdings by about 623 BTC, of which approximately 80 BTC came from mining income and 542 BTC from strategic acquisitions in the open market. Currently, their total Bitcoin holdings have risen to 4,941 BTC, with a current market value of about 450 million USD.

  • The US spot Ethereum ETF saw a net outflow of $19.4 million yesterday.

    according to TraderT monitoring, the US spot Ethereum ETF had a net outflow of 19.4 million USD yesterday.

  • Listed companies, governments, ETFs, and exchanges collectively hold 5.94 million Bitcoins, representing 29.8% of the circulating supply.

    Glassnode analyzed the holdings of major types of Bitcoin holders as follows: Listed companies: about 1.07 million bitcoins, government agencies: about 620,000 bitcoins, US spot ETFs: about 1.31 million bitcoins, exchanges: about 2.94 million bitcoins. These institutions collectively hold about 5.94 million bitcoins, accounting for approximately 29.8% of the circulating supply, highlighting the trend of liquidity increasingly concentrating in institutions and custodians.

  • The Bank of Japan is reportedly planning further interest rate hikes; some officials believe the neutral interest rate will be higher than 1%.

    according to insiders, Bank of Japan officials believe that before the current rate hike cycle ends, interest rates are likely to rise above 0.75%, indicating that there may be more rate hikes after next week's increase. These insiders said that officials believe that even if rates rise to 0.75%, the Bank of Japan has not yet reached the neutral interest rate level. Some officials already consider 1% to still be below the neutral interest rate level. Insiders stated that even if the Bank of Japan updates its neutral rate estimates based on the latest data, it currently does not believe that this range will significantly narrow. Currently, the Bank of Japan's estimate for the nominal neutral interest rate range is about 1% to 2.5%. Insiders said that Bank of Japan officials also believe there may be errors in the upper and lower limits of this range itself. (Golden Ten)

  • OKX: Platform users can earn up to 4.10% annualized return by holding USDG.

    According to the official announcement, from 00:00 on December 11, 2025 to 00:00 on January 11, 2026 (UTC+8), users holding USDG in their OKX funding, trading, and lending accounts can automatically earn an annualized yield of up to 4.10% provided by the OKX platform, with the ability to withdraw or use it at any time, allowing both trading and wealth management simultaneously. Users can check their earnings anytime through the OKX APP (version 6.136.10 and above) - Assets - by clicking on USDG. Moving forward, the platform will continue to expand the application of USDG in more trading and wealth management scenarios.

  • The Federal Reserve will begin its Reserve Management Purchase (RMP) program today, purchasing $40 billion in Treasury bonds per month.

     according to the Federal Reserve Open Market Committee's decision on December 10, the Federal Reserve will start implementing the Reserve Management Purchase (RMP) program from December 12, purchasing a total of $40 billion in short-term Treasury securities in the secondary market.

  • Bitcoin treasury company Strategy's daily transaction volume has now surpassed that of payment giant Visa.

    according to market sources: the daily trading volume of Bitcoin treasury company Strategy (MSTR) has now surpassed the payment giant Visa.

  • The US spot Bitcoin ETF saw a net outflow of $78.35 million yesterday.

    according to Trader T's monitoring, the US spot Bitcoin ETF had a net outflow of $78.35 million yesterday.

  • JPMorgan Chase issues Galaxy short-term bonds on Solana network

     JPMorgan arranged and created, distributed, and settled a short-term bond on the Solana blockchain for Galaxy Digital Holdings LP, as part of efforts to enhance financial market efficiency using underlying cryptocurrency technology.

  • HSBC expects the Federal Reserve to refrain from cutting interest rates for the next two years.

    HSBC Securities predicts the Federal Reserve will maintain interest rates stable at the 3.5%-3.75% range set on Wednesday for the next two years. Previously, Federal Reserve policymakers lowered rates by 25 basis points with a split vote. The institution's U.S. economist Ryan Wang pointed out in a report on December 10 that Federal Reserve Chairman Jerome Powell was "open to the question of whether and when to further cut rates at next year's FOMC press conference." "We believe the FOMC will keep the federal funds rate target range unchanged at 3.50%-3.75% throughout 2026 and 2027, but as the economy evolves, as in the past, it is always necessary to pay close attention to the significant two-way risks facing this outlook."

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company