SlowMist: The total loss from security incidents last week (April 22-April 28) exceeded US$2.15 million

According to the weekly security report (April 22-28, 2024) released by SlowMist, there were multiple security incidents this week. Although the overall losses were not severe, the total loss this week exceeded $2,155,127. The multiple security incidents include:

1. Exploitation of Ember Sword NFT auction: An unverified Ember Sword NFT auction had vulnerabilities, resulting in 159 victims losing 60 WETH, worth about $195,000.

2. Cross-chain attack on Pike Finance: The cross-chain lending protocol Pike Finance was attacked by hackers, resulting in the depletion of USDC pool funds, with a total loss of $299,127.

3. Suspected fraud on xBank Finance: The zkSync ecological lending platform xBank Finance is suspected of fraudulent behavior, with the official account frozen and liquidity assets reduced to single digits.

4. Metadata leak on io(.)net: The project experienced a security incident involving unauthorized metadata updates, stemming from the exploitation of the mapping from user ID to device ID.

5. Exploitation of YIEDL on BSC: The YIEDL project on the Binance Smart Chain was attacked by exploiting contract vulnerabilities, causing a loss of approximately $300,000.

6. FENGSHOU token vulnerability: Shortly after deployment, the FENGSHOU (NGFS) token was attacked, resulting in a loss of approximately $191,000.

7. Exploitation of Z123 contract: The Z123 on the Binance Smart Chain was attacked due to contract vulnerabilities, resulting in a loss of approximately $136,000.

8. Magpie Protocol contract vulnerability: The decentralized liquidity aggregation protocol Magpie Protocol was attacked due to contract vulnerabilities, resulting in 221 wallets losing $129,000.

9. Front-end attack on Velvet Capital: The trading platform of the DeFi asset management protocol Velvet Capital reported abnormal activity.

10. Discord invasion of Merlin Chain: The official Discord server of Merlin Chain was attacked.

11. Suspicious transactions on XBridge: The cross-chain bridge XBridge experienced multiple suspicious transactions, with a total loss of $824,000.