From November 28 to December 4, 2022, all security incidents that have occurred are all Security Hacks.
SECURITY HACKS:
1. Hacker Attacks Prometheus
On Nov 28, Prometheus, a dApp deployed on the BNB chain was attacked.
In this incident, the hacker withdrew 467,398 PHI from the project’s OTC contract and exchanged them to 124,73 BNBs.
The Prometheus team got back 112.08 BNBs and kept them in a multi sig (0x69A03128a7cb580553acf1cf287d4A5Ce0A01c1F).
The hacker exploited 12.65 BNBs (worth around US $3,654.5) in this incident.
At the time of writing, the project’s gPHI and dPHI supply had not been exploited, and all the contracts had been paused, except the dividends pool.
Additional Details:
- Attacker’s Address: 0xc7233627c65f0dd1465938212a3adaa5dea50bf6 (BNB chain)
- Hash Value of Attack Transaction:
0x15472327df1fdace59c14eba5f4069ffb65c71c5f38f00355da990b68121d160
2. Hacker Attacks Shamanzs’ Discord Server
On Nov 28, a hacker had attacked Shamanzs’ discord server. Shamanzs is an NFT project deployed on Ethereum.
3. Hacker Leverages Flash-loan to Attack Seaman
On Nov 29, a hacker had attacked Seaman, a dApp deployed on the BNB chain.
The root cause was that its tokenomics design would result in price manipulation.
The attacker flash-loaned 500,000 BUSDs and exchanged them to GVCs. The hacker then called Seaman’s transfer function to transfer a small number of SEAMAN tokens and triggered the SEAMAN tokens to be exchanged to GVCs. This process would call the _splitlpToken() function to distribute the GVCs to lpUser and reduce the number of GVCs in the BUSD-GVC trading pair thus increasing the GVC’s price.
The hacker repeated the process and eventually exploited 7781 BUSDs worth US $7781 in this incident.
Additional Details:
- Attacker’s Address: 0x49fac69c51a303b4597d09c18bc5e7bf38ecf89c (BNB chain)
- Attacked Contract: 0xDB95FBc5532eEb43DeEd56c8dc050c930e31017e(GVC Token on BNB chain)
4. Hacker Attacks SmallBros’ Discord Server
On Dec 1, a hacker had attacked SmallBros’ discord server. SmallBros is an NFT project deployed on Ethereum.
5. Hacker Attacks Brainless Spikes’ Discord Server
On Dec 1, a hacker had attacked Brainless Spikes’ discord server. Brainless Spikes is an NFT project deployed on Ethereum.
6. Hacker Attacks Ankr
On Dec 2, a hacker attacked Ankr, a dApp deployed on the BNB chain.
The root cause was very likely that the Ankr Deployer’s private key was compromised.
The attacker exploited crypto assets worth around US $5 million in this incident.
For more details about this incident refer to:
https://twitter.com/FairyproofT/status/1598535802463875072?s=20&t=G7OlCC57pHNU-Bsgdjcb7w
Additional Details:
- Attacker’s Address: 0xf3a465C9fA6663fF50794C698F600Faa4b05c777 (BNB chain)
- Malicious aBNBc Contract: 0xd99955B615EF66F9Ee1430B02538a2eA52b14Ce4 (BNB chain)
- Ankr Deployer: 0x2Ffc59d32A524611Bb891cab759112A51f9e33C0 (BNB chain)
- Attacked Contract: 0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A (aBNBc on BNB chain)
- Initiator of Attack Transaction: 0x71699d5BD28F5C834eEe8E365848df056915Baa6 (BNB chain)
- Hash Value of Attack Transaction:
0xd07b210b872bc952b9f2250d8272a789f89a2f7a3621112fdd73addd7bdb080b (BNB chain)
CONCLUSION-
6 notable security incidents have occurred in the past week. Four out of them were attacks on smart contracts and two were attacks on social media accounts.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
All Comments