Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch Jan 2 to Jan 8

Validated Project

From 2 January 2023 to 8 January 2023, all security incidents that have occurred were Security Hacks.

SECURITY HACKS:

1. RTFKT’s COO Nikhil Gopalani Announces He Had Suffered Phishing Attack

On 3 Jan, RTFKT’s COO Nikhil Gopalani (@Nikgopalani) announced on Twitter that he had suffered a phishing attack and that the hacker had sold all his CloneX NFTs along with others.

He lost around US$300, 000 worth of crypto assets during this incident.

2. Worlds Beyond Announces Discord Hacked

On 3 Jan, NFT project on Ethereum Worlds Beyond (@WorldsBeyondNFT) announced on Twitter that their Discord account had been hacked and their server was temporarily compromised. The account also reported that all staff hand been banned from the server.

The account later reminded users that they will “never stealth mint” and urged users to only use their official links to avoid potential scams or hacks.

As of the time of writing, investigations are still ongoing, and the project has opened channels in Discord to aid affected users.

3. Hacker Exploits Vulnerability on Function Lacking Validation for Settings in Attack Against GDS

On 3 Jan, GDS Chain’s application deployed on the BNB chain was attacked.

The root cause of this incident was its “_lpRewardAmount” function had lacked validation for its settings. The hacker leveraged a flash-loan and exploited this vulnerability to launch the attack.

After the hack, the GDS’ price crashed by 84% and crypto assets worth around US $187,000 were exploited.

Additional Details:

- Attacker’s Address: 0xcF2362B46669E04B16D0780cf9B6e61c82De36a7

- Hash Value of Attack Transaction:

 0x2bb704e0d158594f7373ec6e53dc9da6c6639f269207da8dab883fc3b5bf6694

4. Cirrus Announce Holders of CryptoPunks, BAYCs, Meebits Suffer Phishing Scams

On 4 Jan, NFT community member Cirrus (@CirrusNFT) announced on Twitter that holders of CryptoPunks, BAYCs, and Meebits suffered phishing scams. CryptoPunks 4607, 965, and BAYC 1723 were exploited.

Later, Twitter user @CryptoNovo311 claimed that 4 CryptoPunks in his possession were stolen.

CryptoPunks and BAYCs worth above 600 ETHs (US$748, 800) were exploited in these attacks.

It was also suspected that the hacker had also exploited 111 KUMALEON NFTs and used FixedFloat to cash out.

Additional Details:

- Attacker’s Address: 0x8E25Ab3382ad5bde35A09E72d3b9a851A7cC8d00

- Attacked Address: 0x52aD8f3C506aA25b954276c5456060DAd6f3Fd7b

5. Hacker Exploits Whale Holder of GMX Through Phishing Attack

On 4 Jan, a whale holder of GMX suffered from a phishing attack on the BNB chain.

The attacker exploited 82519 GMXs worth around US $3.4 million on the BNB chain, exchanged them to 2627 ETHs and cross-chain transferred them from the BNB chain to Ethereum.

6. Hacker Attacks Deviants’ Discord Server

On 4 Jan, a hacker attacked Deviants’ discord server. Deviants is an NFT project on Ethereum.

7. Inkwork Labs Announce Discord Server Compromised

On 5 Jan, NFT project on Solana Inkwork Labs (@InkworkLabs) announced on Twitter that their Discord server had been compromised. The account later posted a follow-up thread revealing that one of their “now older mods, Krypto King#0036” had clicked on a malicious link that caused a Dyno bypass. Dyno is a Discord bot used for various purposes like moderation and user verification.

The account also reported that although the attackers had gained access to the server earlier, the attack was not conducted until everyone was away.

Inkwork Labs also reported that the accounts associated with the exploited were identified and banned. They also urged users not to click on any links unless a drops is scheduled. Moreover, they advised users to “always double check the user who’s posting the announcement. ALWAYS.”.

Relevant channels for affected users have been opened for further assistance.

8. Hacker Attacks Twitter User @TheViralFever

On 6 Jan, a hacker launched a phishing attack against Twitter user @TheViralFever by sending the users a fake link to ENS airdrop.

9. Hacker Attacks PanksNotDed’s Discord Server

On 7 Jan, a hacker attacked PanksNotDed’s discord server. PanksNotDed is an NFT project on Ethereum.

10. Hacker Attacks Cyber Kongz’s Discord Server

On 7 Jan, a hacker attacked Cyber Kongz’s discord server. Cyber Kongz is an NFT project on Ethereum.

11. Mycelium Announces Attack Due to Issue with Price Feed for ETH-USD

On 7 Jan, the team behind a DeFi perpetual application deployed on Arbitrum Mycelium (@mycelium_xyz) announced on its Twitter a that it was attacked.

The team also announced that the attack came due to an issue with its price feed for ETH-USD. Its MLP was exploited by 4% ~ 6% of the total assets, totaling around US$300, 000.

At the time of writing, the issue had been fixed and the application was back to work.

12. Hacker Attacks Yaypegs’s Discord Server

On 8 Jan, a hacker attacked Yaypegs’s discord server. Yaypegs is an NFT project on Ethereum.

13. Hacker Attacks Mech’s Discord Server

On 8 Jan, a hacker attacked Mech’s discord server. Mech is an NFT project on Polygon.

CONCLUSION-

13 notable security incidents have occurred in the past week. Most of them were phishing attacks against Discord or Twitter accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at https://www.fairyproof.com/

Comments

All Comments

Recommended for you

  • The US spot Bitcoin ETF saw a net outflow of $60.51 million yesterday.

     according to Trader T's monitoring, the US spot Bitcoin ETF had a net outflow of 60.51 million USD yesterday.

  • BitMine increased its holdings by approximately 138,400 ETH last week, bringing its total holdings to over 3.86 million ETH.

    as of 8 PM Eastern Time on December 7, BitMine's cryptocurrency holdings include: 3,864,951 ETH (an increase of 138,452 ETH compared to last week), valued at approximately $13.2 billion at current prices; 193 BTC, $36 million shares of EightcoHoldings (Nasdaq code: ORBS), and $1 billion in unsecured cash.

  • Robinhood plans to launch altcoin contracts and reduce fees.

    Robinhood announced on Monday plans to attract more high-level, high-volume cryptocurrency traders in the US and EU by launching new features including reduced fees and increased leverage for altcoin futures. The company stated in a release that it has expanded the available fee tiers in the US from three to seven, "offering rates as low as 0.03% for high-volume users." In the EU, users wishing to trade perpetual futures can now trade new pairs of XRP, DOGE, SOL, and SUI, with eligible customers able to trade with up to 7x leverage.

  • Hassett: Trump will release a lot of positive economic news.

     White House National Economic Council Director Hassett: Trump will announce a large number of positive economic news.

  • White House economic advisor Hassett: Interest rates should continue to be lowered.

     White House economic advisor Hassett expressed views on the Federal Reserve, stating that interest rates should continue to be lowered. Regarding how low the rates should be reduced, he said it is necessary to closely monitor the data situation. He also stated that it would be irresponsible to announce interest rate commitments for the next six months at this time.

  • Hyperliquid adds STABLE perpetual contracts

     according to official news, Hyperliquid has newly launched the STABLE/USDC perpetual contract, with up to 3x leverage available.

  • Tether mints 1 billion USDT on the Tron network.

    according to Whale Alert monitoring, at 21:05:18 Beijing time, Tether Treasury minted 1 billion USDT on the TRON network.

  • Paradigm invests $13.5 million in Brazilian stablecoin startup Crown.

    crypto venture capital firm Paradigm announced an investment of $13.5 million in Brazilian stablecoin startup Crown. This round of financing values Crown at $900 million. The BRLV stablecoin created by Crown is pegged to the Brazilian real and fully backed by Brazilian government bonds, becoming the largest emerging market stablecoin globally. Unlike the zero-interest Tether, BRLV offers institutional clients up to 15% Brazilian benchmark interest rate returns, with subscriptions exceeding 360 million reais (approximately $66 million) so far.

  • Binance: Users with at least 250 points can claim a 2000-STABLE airdrop.

    according to official information, users holding at least 250 Binance Alpha points can claim an airdrop of 2000 STABLE tokens on the Alpha event page. If the event is not over, the score threshold will automatically decrease by 10 points every five minutes. Please note that claiming the airdrop will consume 15 Binance Alpha points. Users need to confirm the claim on the Alpha event page within 24 hours, otherwise it will be considered as a waiver of the airdrop.

  • BlackRock submits application to pledge the iShares Ethereum Trust ETF

    Bloomberg analyst Eric Balchunas stated that BlackRock has submitted the formal prospectus (Form S-1) for the iShares Staked Ethereum Trust ETF to the U.S. SEC, which will become its fourth crypto-related ETF product. Previously, BlackRock had applied for spot Bitcoin, spot Ethereum, and "Bitcoin Yield" ETFs.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company