Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch (November 28 to Dec 4)

Validated Project

From November 28 to December 4, 2022, all security incidents that have occurred are all Security Hacks.

SECURITY HACKS:

1. Hacker Attacks Prometheus

On Nov 28, Prometheus, a dApp deployed on the BNB chain was attacked.

In this incident, the hacker withdrew 467,398 PHI from the project’s OTC contract and exchanged them to 124,73 BNBs.

The Prometheus team got back 112.08 BNBs and kept them in a multi sig (0x69A03128a7cb580553acf1cf287d4A5Ce0A01c1F).

The hacker exploited 12.65 BNBs (worth around US $3,654.5) in this incident.

At the time of writing, the project’s gPHI and dPHI supply had not been exploited, and all the contracts had been paused, except the dividends pool.

Additional Details:

- Attacker’s Address: 0xc7233627c65f0dd1465938212a3adaa5dea50bf6 (BNB chain)

- Hash Value of Attack Transaction:

0x15472327df1fdace59c14eba5f4069ffb65c71c5f38f00355da990b68121d160

2. Hacker Attacks Shamanzs Discord Server

On Nov 28, a hacker had attacked Shamanzs’ discord server. Shamanzs is an NFT project deployed on Ethereum.

3. Hacker Leverages Flash-loan to Attack Seaman

On Nov 29, a hacker had attacked Seaman, a dApp deployed on the BNB chain.

The root cause was that its tokenomics design would result in price manipulation.

The attacker flash-loaned 500,000 BUSDs and exchanged them to GVCs. The hacker then called Seaman’s transfer function to transfer a small number of SEAMAN tokens and triggered the SEAMAN tokens to be exchanged to GVCs. This process would call the _splitlpToken() function to distribute the GVCs to lpUser and reduce the number of GVCs in the BUSD-GVC trading pair thus increasing the GVC’s price.

The hacker repeated the process and eventually exploited 7781 BUSDs worth US $7781 in this incident.

Additional Details:

- Attacker’s Address: 0x49fac69c51a303b4597d09c18bc5e7bf38ecf89c (BNB chain)

- Attacked Contract: 0xDB95FBc5532eEb43DeEd56c8dc050c930e31017e(GVC Token on BNB chain)

4. Hacker Attacks SmallBros Discord Server

On Dec 1, a hacker had attacked SmallBros’ discord server. SmallBros is an NFT project deployed on Ethereum.

5. Hacker Attacks Brainless Spikes Discord Server

On Dec 1, a hacker had attacked Brainless Spikes’ discord server. Brainless Spikes is an NFT project deployed on Ethereum.

6. Hacker Attacks Ankr

On Dec 2, a hacker attacked Ankr, a dApp deployed on the BNB chain.

The root cause was very likely that the Ankr Deployer’s private key was compromised.

The attacker exploited crypto assets worth around US $5 million in this incident.

For more details about this incident refer to:

https://twitter.com/FairyproofT/status/1598535802463875072?s=20&t=G7OlCC57pHNU-Bsgdjcb7w

Additional Details:

- Attacker’s Address: 0xf3a465C9fA6663fF50794C698F600Faa4b05c777 (BNB chain)

- Malicious aBNBc Contract: 0xd99955B615EF66F9Ee1430B02538a2eA52b14Ce4 (BNB chain)

- Ankr Deployer: 0x2Ffc59d32A524611Bb891cab759112A51f9e33C0 (BNB chain)

- Attacked Contract: 0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A (aBNBc on BNB chain)

- Initiator of Attack Transaction: 0x71699d5BD28F5C834eEe8E365848df056915Baa6 (BNB chain)

- Hash Value of Attack Transaction:

0xd07b210b872bc952b9f2250d8272a789f89a2f7a3621112fdd73addd7bdb080b (BNB chain)

CONCLUSION-

6 notable security incidents have occurred in the past week. Four out of them were attacks on smart contracts and two were attacks on social media accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

Web3
Comments

All Comments

Recommended for you

  • BitMine increased its holdings by approximately 138,400 ETH last week, bringing its total holdings to over 3.86 million ETH.

    as of 8 PM Eastern Time on December 7, BitMine's cryptocurrency holdings include: 3,864,951 ETH (an increase of 138,452 ETH compared to last week), valued at approximately $13.2 billion at current prices; 193 BTC, $36 million shares of EightcoHoldings (Nasdaq code: ORBS), and $1 billion in unsecured cash.

  • Robinhood plans to launch altcoin contracts and reduce fees.

    Robinhood announced on Monday plans to attract more high-level, high-volume cryptocurrency traders in the US and EU by launching new features including reduced fees and increased leverage for altcoin futures. The company stated in a release that it has expanded the available fee tiers in the US from three to seven, "offering rates as low as 0.03% for high-volume users." In the EU, users wishing to trade perpetual futures can now trade new pairs of XRP, DOGE, SOL, and SUI, with eligible customers able to trade with up to 7x leverage.

  • Hassett: Trump will release a lot of positive economic news.

     White House National Economic Council Director Hassett: Trump will announce a large number of positive economic news.

  • White House economic advisor Hassett: Interest rates should continue to be lowered.

     White House economic advisor Hassett expressed views on the Federal Reserve, stating that interest rates should continue to be lowered. Regarding how low the rates should be reduced, he said it is necessary to closely monitor the data situation. He also stated that it would be irresponsible to announce interest rate commitments for the next six months at this time.

  • Hyperliquid adds STABLE perpetual contracts

     according to official news, Hyperliquid has newly launched the STABLE/USDC perpetual contract, with up to 3x leverage available.

  • Tether mints 1 billion USDT on the Tron network.

    according to Whale Alert monitoring, at 21:05:18 Beijing time, Tether Treasury minted 1 billion USDT on the TRON network.

  • Paradigm invests $13.5 million in Brazilian stablecoin startup Crown.

    crypto venture capital firm Paradigm announced an investment of $13.5 million in Brazilian stablecoin startup Crown. This round of financing values Crown at $900 million. The BRLV stablecoin created by Crown is pegged to the Brazilian real and fully backed by Brazilian government bonds, becoming the largest emerging market stablecoin globally. Unlike the zero-interest Tether, BRLV offers institutional clients up to 15% Brazilian benchmark interest rate returns, with subscriptions exceeding 360 million reais (approximately $66 million) so far.

  • Binance: Users with at least 250 points can claim a 2000-STABLE airdrop.

    according to official information, users holding at least 250 Binance Alpha points can claim an airdrop of 2000 STABLE tokens on the Alpha event page. If the event is not over, the score threshold will automatically decrease by 10 points every five minutes. Please note that claiming the airdrop will consume 15 Binance Alpha points. Users need to confirm the claim on the Alpha event page within 24 hours, otherwise it will be considered as a waiver of the airdrop.

  • BlackRock submits application to pledge the iShares Ethereum Trust ETF

    Bloomberg analyst Eric Balchunas stated that BlackRock has submitted the formal prospectus (Form S-1) for the iShares Staked Ethereum Trust ETF to the U.S. SEC, which will become its fourth crypto-related ETF product. Previously, BlackRock had applied for spot Bitcoin, spot Ethereum, and "Bitcoin Yield" ETFs.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company