Cointime

Download App
iOS & Android

Fairyproof:Weekly Blockchain Security Watch(October 24 to October 30)

Validated Project

From October 24 to October 30, 2022, all security incidents that have occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

1. A Fake ZKSYNC Twitter Account Posts Fake Message

On Oct 24, a Twitter account @zksync_io paraded as zkSync’s official account to send fake airdrop links.

2. Hacker Exploits QuickSwap by Leveraging Flashloans

On Oct 24, QuickSwap, a DeFi application deployed on Polygon was attacked.

Basically, the hacker leveraged a flashloan and exploited a vulnerability in Curve’s oracle which was used by QuickSwap to launch this attack.

Crypto assets worth around $220,000 were exploited in this incident.

At the time of writing, only Market XYZ was affected and QuickSwap’s contracts were safe. Since the assets that were used to back Market XYZ were provided by QiDAO, no retail users were affected.

Additional Details:

- Attacker’s Address: 0x4206d62305d2815494dcdb759c4E32FCA1D181a0 (Polygon)

- Attack Contract: 0xEb4c67E5BE040068FA477a539341d6aeF081E4Eb (Polygon)

- Hash Value of Attack Transaction:

0xb8efe839da0c89daa763f39f30577dc21937ae351c6f99336a0017e63d387558 (Polygon)

3. Hacker Exploits ULME

On Oct 25, ULME, an application deployed on the BNB chain was attacked.

The root cause was one of its functions lacked validation for a parameter.

The attacker flashloaned a certain quantity of BUSDs, iterated all the addresses that had been authorized to spend their BUSDs, transferred all these addresses’ BUSDs and pumped the ULME’s price, sold the ULMEs, and returned the flashloan.

The hacker eventually exploited around 50646 BUSDs.

Additional Details:

- Attacker’s Address: 0x056c20Ab7E25e4dd7E49568f964d98E415da63D3 (BNB chain)

- Attack Contract: 0x8523C7661850D0Da4D86587ce9674DA23369fF26 (BNB chain)

- Attacked Contract: 0xAE975a25646E6eB859615d0A147B909c13D31FEd (UniverseGoldMountain on BNB chain)

- Hash Value of Attack Transaction:

0xdb9a13bc970b97824e082782e838bdff0b76b30d268f1d66aac507f1d43ff4ed (BNB chain)

4. Hacker Attacks Melody

On Oct 25, a hacker attacked Melody, an application deployed on the BNB chain.

The root cause was its off-chain signature module had a vulnerability. The hacker exploited this vulnerability, bypassed its access control, and generated signatures to steal the SGS and SNS tokens.

Around 2225BNBs were exploited in this incident.

5. Hacker Attacks Bittrex

On Oct 25, a hacker attacked Bittrex, a famous centralized exchange.

Basically, Bittrex’s API was compromised and the hacker used the API to exploit 301 ETHs from the exchange.

6. Hacker Attacks Binance US

On Oct 25, a hacker attacked Binance US, a famous centralized exchange.

Basically, the CEX’s API was compromised and the hacker used the API to exploit 1053 ETHs from the exchange.

The hacker also exploited Bittrex.

7. Hacker Attacks Spookie Finance

On Oct 26, a hacker attacked Spookie Finance, an application deployed on Avalanche.

A Twitter account Mario Paladin claimed that Spookie Finance’s front-end was suspected to be attacked. Users would be tricked to authorize an address beginning with “0xe316Ba” to spend their tokens and all exploited tokens were transferred to “0x5451A25AFf1c14DDEF74D2AF703aaCc5d483782c”. At the time of writing Twitter account, @SpookieFinance had disappeared and the price of GHOST at WAVAX dropped to nearly 0.

8. Hacker Attacks Primordials’ Discord

On Oct 26, Primordials’ Discord server was attacked. Primordials is an NFT project.

9. Hacker Attacks UvToken

On 27 Oct, a hacker attacked UvToken, a wallet application that supports multiple blockchains.

The root cause was it have a vulnerability in its validation module. The hacker exploited 5011 BNBs ($1.5 million) and cashed them out via Tornado Cash on the BNB chain. At the time of writing, UVT’s price dropped by 99%.

Additional Details:

- Attacker’s Address: 0xf3e3ae9a40ac4ae7b17b3465f15ecf228ef4f760 (on BNB chain)

- Attacking Contract: 0x99d4311f0d613c4d0cD0011709Fbd7eC1BF87Be9 (on BNB chain)

- Hash Value of Attack Transaction:

0x54121ed538f27ffee2dbb232f9d9be33e39fdaf34adf993e5e019c00f6afd499 (on BNB chain)

10. Hacker Attacks Team Finance

On 27 Oct, a hacker attacked Team Finance, a DeFi application deployed on Ethereum.

The root cause was its migrate function didn’t validate the “_id” and “params” parameters.

The hacker exploited this vulnerability to migrate the tokens of WTH, CAW, USDC, TSUKA from its V2 pool to its V3 pool illegitimately, manipulated V3 pool’s initialized prices through sqrtPriceX96 and eventually stole crypto assets worth around $14.5 million.

Additional Details:

- Attacker’s Address: 0x161cebB807Ac181d5303A4cCec2FC580CC5899Fd (Ethereum)

- Attacking Contract: 0xCFF07C4e6aa9E2fEc04DAaF5f41d1b10f3adAdF4 (Ethereum)

- Attacked Proxy Contract: 0xE2fE530C047f2d85298b07D9333C05737f1435fB (LockToken on Ethereum)

- Attacked Implementation Contract: 0x48D118C9185e4dBAFE7f3813F8F29EC8a6248359 (on Ethereum)

- Hash Value of Attach Transaction:

0xb2e3ea72d353da43a2ac9a8f1670fd16463ab370e563b9b5b26119b2601277ce (Ethereum)

11. Hacker Attacks VIctor the Fortune

On 27 Oct, a hacker from 0x57c112cf4f1E4e381158735B12aaf8384B60E1cE on the BNB chain had attacked Victor the Fortune, an application deployed on the BNB chain.

The root cause was that its function lacked validation for parameters. The hacker leveraged a flashloan and exploited this vulnerability to attack this project.

Crypto assets worth around $58,000 were exploited in this attack.

12. Hacker Attacks Oxya’s Discord

On Oct 28, Oxya’s Discord server was attacked. Oxya is an NFT project.

13. Hacker Attacks Eden Network

On Oct 29, a hacker from 0x5C95123b1c8d9D8639197C81a829793B469A9f32 on Ethereum had attacked Eden Network, an application deployed on Ethereum.

The root cause was the private key of the project’s deployer was compromised and the hacker hijacked the access control. The hacker deployed a new token named NEDEN and claimed that the Eden Network team should burn 300 million NEDEN to take back the access control.

On Oct 14, a Twitter user Supremacy claimed that Eden Network’s private key was compromised due to a vulnerability in Profanity. However since the access control to the EDEN token had been transferred, this compromise didn’t cause a loss.

14. Hacker Attacks Chimpsons’ Discord

On Oct 30, Chimpsons’ Discord server was attacked. Chimpsons is an NFT project.

Rug-pulls:

1. A6 Rug-pulls

On Oct 24, A6, a token project deployed on the BNB chain was confirmed to be a rug-pull. The team exploited crypto assets worth around $56000 and the token’s price dropped by 91.38%.

The token contract’s address is 0xE77D77309027c71F006DfF5d2F1b76060F4F5F13

2. Mango Inu Rug-pull

On Oct 24, Avraham Eisenberg who exploited Mango Markets claimed on his Twitter account that he exploited $100,000 by rug-pulling Mango Inu and he didn’t do anything wrong.

According to his words, after he deployed a Mango Inu token, around $250,000 was attracted to buy it. However due to some operational issues he only got $100,000 within half an hour.

CONCLUSION-

16 notable security incidents related to security hacks have occurred in the past week. 14 were attacks and 2 were rug-pulls.

10 of 14 attacks were attacks on smart contracts or centralized exchanges and 4 on social media.

It is worth noting that 3 attacks were caused by missing validation for parameters.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

Comments

All Comments

Recommended for you

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.

  • Citi: Tencent's WorkBuddy Gains Momentum, Maintains 'Buy' Rating

    On July 7, Citi released a research report stating that, according to the latest industry data, Tencent's AI agent product WorkBuddy has reached 20 million monthly active users (MAU) and over 13 million daily active users (DAU), with a DAU/MAU ratio between 65% and 75%. Considering the product has only been launched for a few months, user stickiness and daily engagement are performing strongly. Citi quoted Tencent's management as saying that in terms of daily active users, Tencent is leading its Chinese peers in the deployment of AI agents. Early user data reflects strong natural growth for both CodeBuddy and WorkBuddy, with high retention rates. Early users are interacting with the AI agents for long durations and with high frequency, creating a positive feedback loop. It is expected that AI products will become a key revenue source for Tencent Cloud. The firm believes that WorkBuddy's success demonstrates the strength of Tencent's ecosystem, the synergy between various productivity tools, and users' trust in Tencent's products and security. Citi maintains a 'Buy' rating on Tencent with a target price of HKD 763 unchanged.