Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch (November 28 to Dec 4)

Validated Project

From November 28 to December 4, 2022, all security incidents that have occurred are all Security Hacks.

SECURITY HACKS:

1. Hacker Attacks Prometheus

On Nov 28, Prometheus, a dApp deployed on the BNB chain was attacked.

In this incident, the hacker withdrew 467,398 PHI from the project’s OTC contract and exchanged them to 124,73 BNBs.

The Prometheus team got back 112.08 BNBs and kept them in a multi sig (0x69A03128a7cb580553acf1cf287d4A5Ce0A01c1F).

The hacker exploited 12.65 BNBs (worth around US $3,654.5) in this incident.

At the time of writing, the project’s gPHI and dPHI supply had not been exploited, and all the contracts had been paused, except the dividends pool.

Additional Details:

- Attacker’s Address: 0xc7233627c65f0dd1465938212a3adaa5dea50bf6 (BNB chain)

- Hash Value of Attack Transaction:

0x15472327df1fdace59c14eba5f4069ffb65c71c5f38f00355da990b68121d160

2. Hacker Attacks Shamanzs Discord Server

On Nov 28, a hacker had attacked Shamanzs’ discord server. Shamanzs is an NFT project deployed on Ethereum.

3. Hacker Leverages Flash-loan to Attack Seaman

On Nov 29, a hacker had attacked Seaman, a dApp deployed on the BNB chain.

The root cause was that its tokenomics design would result in price manipulation.

The attacker flash-loaned 500,000 BUSDs and exchanged them to GVCs. The hacker then called Seaman’s transfer function to transfer a small number of SEAMAN tokens and triggered the SEAMAN tokens to be exchanged to GVCs. This process would call the _splitlpToken() function to distribute the GVCs to lpUser and reduce the number of GVCs in the BUSD-GVC trading pair thus increasing the GVC’s price.

The hacker repeated the process and eventually exploited 7781 BUSDs worth US $7781 in this incident.

Additional Details:

- Attacker’s Address: 0x49fac69c51a303b4597d09c18bc5e7bf38ecf89c (BNB chain)

- Attacked Contract: 0xDB95FBc5532eEb43DeEd56c8dc050c930e31017e(GVC Token on BNB chain)

4. Hacker Attacks SmallBros Discord Server

On Dec 1, a hacker had attacked SmallBros’ discord server. SmallBros is an NFT project deployed on Ethereum.

5. Hacker Attacks Brainless Spikes Discord Server

On Dec 1, a hacker had attacked Brainless Spikes’ discord server. Brainless Spikes is an NFT project deployed on Ethereum.

6. Hacker Attacks Ankr

On Dec 2, a hacker attacked Ankr, a dApp deployed on the BNB chain.

The root cause was very likely that the Ankr Deployer’s private key was compromised.

The attacker exploited crypto assets worth around US $5 million in this incident.

For more details about this incident refer to:

https://twitter.com/FairyproofT/status/1598535802463875072?s=20&t=G7OlCC57pHNU-Bsgdjcb7w

Additional Details:

- Attacker’s Address: 0xf3a465C9fA6663fF50794C698F600Faa4b05c777 (BNB chain)

- Malicious aBNBc Contract: 0xd99955B615EF66F9Ee1430B02538a2eA52b14Ce4 (BNB chain)

- Ankr Deployer: 0x2Ffc59d32A524611Bb891cab759112A51f9e33C0 (BNB chain)

- Attacked Contract: 0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A (aBNBc on BNB chain)

- Initiator of Attack Transaction: 0x71699d5BD28F5C834eEe8E365848df056915Baa6 (BNB chain)

- Hash Value of Attack Transaction:

0xd07b210b872bc952b9f2250d8272a789f89a2f7a3621112fdd73addd7bdb080b (BNB chain)

CONCLUSION-

6 notable security incidents have occurred in the past week. Four out of them were attacks on smart contracts and two were attacks on social media accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

Web3
Comments

All Comments

Recommended for you

  • 38,244.04 DMD Permanently Burned in the Past 7 Days

    On June 25, 2026, the latest on-chain data from DMDAO revealed that a total of 38,244.04 DMD has been permanently burned through the established transaction and wealth management burn mechanisms over the past 7 calendar days.

  • BTC Falls Below $60,000

    Market data shows that BTC has fallen below $60,000, currently priced at $59,954.84, with a 24-hour decline of 4.19%. The market is experiencing significant volatility, so please ensure proper risk management.

  • ETH Drops Below $1600

    Market data shows that ETH has fallen below $1600, currently priced at $1597.55, with a 24-hour decline of 3.81%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Billionaire Philippe Laffont Prefers Investing in Space Over Bitcoin

    Philippe Laffont, founder and portfolio manager of Coatue Management, stated on the Squawk Box program that he is currently unable to determine his stance on Bitcoin. He mentioned that he is rethinking Bitcoin's positioning and expressed a preference for investing in space over Bitcoin. (thestreet)

  • Tech Giants' Data Center Leasing Commitments Exceed $850 Billion

    On June 24, an analysis by Bloomberg of regulatory filings revealed that as tech giants compete to expand their server clusters, the total amount of future data center leasing commitments by large cloud computing companies has continued to rise over the past year, surpassing $850 billion. Last quarter, Meta added leasing commitments of $79 billion, a 76% increase from the previous period; as of March 31, the total reached $182.9 billion. Meta CEO Mark Zuckerberg has stated that the company plans to invest hundreds of billions of dollars in AI infrastructure by 2030. Microsoft followed closely, adding over $41 billion in leasing commitments, bringing its total to $196.6 billion.

  • Address with $34.61 Million Long Position in 21,000 ETH Faces $1.696 Million Loss at 18x Leverage

    According to on-chain analyst Ai Yi, a certain address took a long position of 21,000 ETH with 18x leverage yesterday, amounting to approximately $34.61 million. Currently, it is facing an unrealized loss of $1.696 million, with an opening price of $1,728.5 and a liquidation price of $1,590.1.

  • U.S. 10-Year Treasury Yield Falls to 4.4138%, Lowest Since May 11

    On June 24, the yield on U.S. 10-year Treasury bonds fell to 4.4138%, the lowest level since May 11. The yield on U.S. 30-year Treasury bonds dropped to 4.8572%, the lowest since April 15.

  • Crypto Market Liquidations Reach $134 Million in the Last Hour, with $125 Million in Long Liquidations

    According to CoinGlass data, the total liquidation amount across the network in the last hour reached $134 million, with long liquidations accounting for $125 million and short liquidations amounting to $8.539 million.

  • BTC Falls Below $61,000

    Market data shows that BTC has fallen below $61,000, currently priced at $60,986.03, with a 24-hour decline of 2.88%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company