2023 has been a pivotal year for the cryptocurrency industry, witnessing various security challenges and cyber threats. This report delves into the intricate details of the hacks and security breaches that have marked the year, offering a comprehensive analysis of trends, patterns, and the evolving nature of cyber threats in the crypto world. We aim to provide valuable insights for industry stakeholders, enhancing their understanding of the security landscape and facilitating informed decision-making.

CertiK urge users of OKX wallets to update their iOS app to the latest version immediately. Earlier this month,CertiK team identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to potential compromise of sensitive data and crypto assets. The OKX team responded swiftly and issued an updated version today.

SlowMist released its security report for last week (December 10-16, 2023), with an estimated total loss of $8,428,033. Key events:

The Southern District of New York's prosecutor's office announced on Thursday that Shakeeb Ahmed, a 34-year-old senior security engineer, admitted to attacking the Nirvana Finance protocol and another unnamed decentralized cryptocurrency exchange. Shakeeb Ahmed agreed to surrender the $12.3 million he gained from the two hacks and will compensate the victims a total of $5 million.

The founder of SlowMist, Yu Xian, posted on social media regarding the Ledger vulnerability. 1. The poisoning problem of the Ledger module ledgerhq/connect-kit has been basically resolved, but the poisoned code may still be cached in the browser. If not sure, be sure to clear the browser cache (including the built-in browser cache in the wallet app); 2. Users must confirm the content of each unsigned transaction in the wallet multiple times; 3. The Ledger wallet itself is not affected; 4. The details of this supply chain attack are intriguing, and such hunters are not rare in this dark forest; 5. Tether acted in a timely manner and froze the USDT profits from phishing. In comparison, USDC continues to ignore the issue.

Several Ethereum-based decentralized applications (dapps), including Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash, were compromised due to a security breach at Ledger, a Paris-based crypto hardware wallet manufacturer. Ledger has fixed the malicious code and warned users to "Clear Sign" transactions to ensure they are interacting directly with the company's website and software. The extent of the damage and the amount of money lost is not yet known, but reports suggest that the exploit is widespread. The breach highlights the need for proper auditing and testing in the decentralized finance (DeFi) ecosystem, where financial software is frequently deployed without appropriate measures.

Hackers stole $484,000 by inserting malicious code into the Github library for Connect Kit, a widely-used piece of blockchain software maintained by crypto wallet firm Ledger. Several major DeFi protocols that use the library have been impacted, and users have been warned to avoid using dApps until the protocols are updated. Ledger has confirmed that an employee was targeted in a phishing attack, after which the attacker published a malicious version of the Ledger Connect Kit. To completely mitigate the risk, every protocol using Ledger's Connect Kit must manually update their version of the library.

Safe (formerly Gnosis Safe) posted on X platform stating that the Ledger Connect vulnerability has been resolved. Security has not been affected. Safe has not been affected by the vulnerability. The security application and WalletConnect function have been restored, and to enhance security, the attacker's account has been marked and labeled in the UI.

Security company MetaTrust Alert monitoring shows that the total loss caused by OKX DEX vulnerability exploitation has now reached 2.7 million US dollars.

According to SlowMist's report, there seems to be a problem with the OKX DEX contract. SlowMist's analysis found that when users exchange, they authorize the TokenApprove contract, and the DEX contract transfers the user's tokens by calling the TokenApprove contract. The DEX contract has a claimTokens function that allows a trusted DEX Proxy to call it, which calls the TokenApprove contract's claimTokens function to transfer authorized user tokens. The trusted DEX Proxy is managed by the Proxy Admin, and the Proxy Admin Owner can upgrade the DEX Proxy contract through the Proxy Admin.