Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch (November 28 to Dec 4)

Validated Project

From November 28 to December 4, 2022, all security incidents that have occurred are all Security Hacks.

SECURITY HACKS:

1. Hacker Attacks Prometheus

On Nov 28, Prometheus, a dApp deployed on the BNB chain was attacked.

In this incident, the hacker withdrew 467,398 PHI from the project’s OTC contract and exchanged them to 124,73 BNBs.

The Prometheus team got back 112.08 BNBs and kept them in a multi sig (0x69A03128a7cb580553acf1cf287d4A5Ce0A01c1F).

The hacker exploited 12.65 BNBs (worth around US $3,654.5) in this incident.

At the time of writing, the project’s gPHI and dPHI supply had not been exploited, and all the contracts had been paused, except the dividends pool.

Additional Details:

- Attacker’s Address: 0xc7233627c65f0dd1465938212a3adaa5dea50bf6 (BNB chain)

- Hash Value of Attack Transaction:

0x15472327df1fdace59c14eba5f4069ffb65c71c5f38f00355da990b68121d160

2. Hacker Attacks Shamanzs Discord Server

On Nov 28, a hacker had attacked Shamanzs’ discord server. Shamanzs is an NFT project deployed on Ethereum.

3. Hacker Leverages Flash-loan to Attack Seaman

On Nov 29, a hacker had attacked Seaman, a dApp deployed on the BNB chain.

The root cause was that its tokenomics design would result in price manipulation.

The attacker flash-loaned 500,000 BUSDs and exchanged them to GVCs. The hacker then called Seaman’s transfer function to transfer a small number of SEAMAN tokens and triggered the SEAMAN tokens to be exchanged to GVCs. This process would call the _splitlpToken() function to distribute the GVCs to lpUser and reduce the number of GVCs in the BUSD-GVC trading pair thus increasing the GVC’s price.

The hacker repeated the process and eventually exploited 7781 BUSDs worth US $7781 in this incident.

Additional Details:

- Attacker’s Address: 0x49fac69c51a303b4597d09c18bc5e7bf38ecf89c (BNB chain)

- Attacked Contract: 0xDB95FBc5532eEb43DeEd56c8dc050c930e31017e(GVC Token on BNB chain)

4. Hacker Attacks SmallBros Discord Server

On Dec 1, a hacker had attacked SmallBros’ discord server. SmallBros is an NFT project deployed on Ethereum.

5. Hacker Attacks Brainless Spikes Discord Server

On Dec 1, a hacker had attacked Brainless Spikes’ discord server. Brainless Spikes is an NFT project deployed on Ethereum.

6. Hacker Attacks Ankr

On Dec 2, a hacker attacked Ankr, a dApp deployed on the BNB chain.

The root cause was very likely that the Ankr Deployer’s private key was compromised.

The attacker exploited crypto assets worth around US $5 million in this incident.

For more details about this incident refer to:

https://twitter.com/FairyproofT/status/1598535802463875072?s=20&t=G7OlCC57pHNU-Bsgdjcb7w

Additional Details:

- Attacker’s Address: 0xf3a465C9fA6663fF50794C698F600Faa4b05c777 (BNB chain)

- Malicious aBNBc Contract: 0xd99955B615EF66F9Ee1430B02538a2eA52b14Ce4 (BNB chain)

- Ankr Deployer: 0x2Ffc59d32A524611Bb891cab759112A51f9e33C0 (BNB chain)

- Attacked Contract: 0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A (aBNBc on BNB chain)

- Initiator of Attack Transaction: 0x71699d5BD28F5C834eEe8E365848df056915Baa6 (BNB chain)

- Hash Value of Attack Transaction:

0xd07b210b872bc952b9f2250d8272a789f89a2f7a3621112fdd73addd7bdb080b (BNB chain)

CONCLUSION-

6 notable security incidents have occurred in the past week. Four out of them were attacks on smart contracts and two were attacks on social media accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

Web3
Comments

All Comments

Recommended for you

  • Matrixport: Solana’s funding rate is currently as high as 70% annualized, and a price correction may occur

    According to a report, Matrixport has released a chart today stating that Grayscale has submitted an application to convert Solana Trust into a spot ETF. Although the current asset management scale of the product is relatively small at $134 million, if approved, it will set an important market precedent for other ETF issuers. It is important to note that Solana's financing rate is currently as high as 70% annualized, which creates significant pressure on leveraged long positions. Historical experience shows that similar high financing rates are often related to price corrections, as was the case in March of this year when the SOL-USDT price fell under similar financing rate backgrounds.

  • Japanese Prime Minister Shigeru Ishiba is cautious about separate taxation of cryptocurrencies and approval of ETFs

     Japanese Prime Minister Shizuo Shima expressed caution about the unified 20% separate taxation rule for cryptocurrency in a representative issue at a plenary session of the House of Representatives. "Is it appropriate to encourage investment in cryptocurrency such as stocks and investment trusts that have investor protection regulations? Will the public understand the idea of applying separate self-assessment taxation? There are several issues that need to be resolved. We need to consider it carefully." At the same time, "whether cryptocurrency should be included in ETFs depends on whether cryptocurrency is an asset that needs to be made more easily accessible to the public."

  • AI computing economy layer GAIB completes $5 million seed round of financing, led by Hack VC, Faction VC and Hashed

    GAIB, an AI computing economic layer, announced the completion of a $5 million seed round of financing, with Hack VC, Faction VC, and Hashed leading the investment. Other participating investors include Spartan, Animoca Brands, MH Ventures, Aethir, Near Foundation, Chris Yin from Plume Network, and Lucas Kozinski from Renzo Protocol.

  • Cadenza, an investment institution focusing on blockchain and AI, has raised $50 million for its early-stage AI venture capital fund

     Cadenza, a risk investment company focusing on blockchain and artificial intelligence, announced that its early AI venture capital fund has raised $50 million. The new fund will focus on seed and pre-seed investments, with a focus on infrastructure and enterprise applications. Cadenza's investment portfolio in the Web3 field currently includes: Web3 infrastructure Validation Cloud, Malaysian digital asset exchange Hata, Web3 API platform Uniblock, L1 blockchain Linera, and encrypted wallet application Zulu.

  • Union Completes $12 Million Series A Funding, Led by Gumi Cryptos Capital and Others

    cross-chain settlement layer Union has announced the completion of a $12 million Series A financing round, led by Gumi Cryptos Capital and Longhash Ventures, with participation from Borderless Capital and Blockchange, as well as blockchain founders from Polygon, Movement, and Berachain. The funding will be used for core team expansion, partner integration, and ecosystem development.

  • Russia sentences Hydra market founder to life in prison

     Stanislav Moiseev, founder of the online black market and cryptocurrency mixing service Hydra, has been sentenced to life imprisonment by a Russian court.

  • Portal Ventures raises oversubscribed $75 million crypto fund

    , Portal Ventures, a cryptocurrency venture capital fund before the seed round, raised a $75 million cryptocurrency fund with oversubscription, supported by Chris Dixon and Marc Andreessen.

  • South Korea's ruling party may ask Yoon Seok-yeol to quit the party and propose the resignation of the entire cabinet and the dismissal of the defense minister

    According to multiple media reports on December 4th, the ruling party of South Korea, the National Power Party, held an emergency meeting to discuss the measures to be taken after President Yoon Seok-yeol announced the lifting of martial law. Several attendees stated that they had reached a certain consensus on issues such as demanding Yoon Seok-yeol's resignation from the party, the resignation of the entire cabinet, and the dismissal of the Minister of Defense. Prior to this, Han Dong-hoon, a representative of the ruling party, stated that the president's decision to declare a state of emergency was wrong.

  • Asian Equities Strong, CNH Falls Amid Tariff Threat and China Economic Work Conference Expectations

    Several Asian countries, including Indonesia, Japan, Pakistan, South Korea, Taiwan, and Thailand, experienced gains of over 1% in their equities. The offshore traded renminbi fell against the US dollar early in the trading day, which could be due to President Trump's recent tariff threat or the Euro's rough outing. The Hang Seng and Hang Seng Tech indexes rose in Hong Kong, with energy and financials leading the gains. The US government added more than 130 foreign companies to its "Entity List," which requires additional licensing, and 22 Chinese provinces have announced plans to refinance RMB 1.673tn of hidden debt. Copper and steel prices gained while treasury bond prices fell.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company