Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch (November 28 to Dec 4)

Fairyproof Tech

Validated Project

From November 28 to December 4, 2022, all security incidents that have occurred are all Security Hacks.

SECURITY HACKS:

1. Hacker Attacks Prometheus

On Nov 28, Prometheus, a dApp deployed on the BNB chain was attacked.

In this incident, the hacker withdrew 467,398 PHI from the project’s OTC contract and exchanged them to 124,73 BNBs.

The Prometheus team got back 112.08 BNBs and kept them in a multi sig (0x69A03128a7cb580553acf1cf287d4A5Ce0A01c1F).

The hacker exploited 12.65 BNBs (worth around US $3,654.5) in this incident.

At the time of writing, the project’s gPHI and dPHI supply had not been exploited, and all the contracts had been paused, except the dividends pool.

Additional Details:

- Attacker’s Address: 0xc7233627c65f0dd1465938212a3adaa5dea50bf6 (BNB chain)

- Hash Value of Attack Transaction:

0x15472327df1fdace59c14eba5f4069ffb65c71c5f38f00355da990b68121d160

2. Hacker Attacks Shamanzs Discord Server

On Nov 28, a hacker had attacked Shamanzs’ discord server. Shamanzs is an NFT project deployed on Ethereum.

3. Hacker Leverages Flash-loan to Attack Seaman

On Nov 29, a hacker had attacked Seaman, a dApp deployed on the BNB chain.

The root cause was that its tokenomics design would result in price manipulation.

The attacker flash-loaned 500,000 BUSDs and exchanged them to GVCs. The hacker then called Seaman’s transfer function to transfer a small number of SEAMAN tokens and triggered the SEAMAN tokens to be exchanged to GVCs. This process would call the _splitlpToken() function to distribute the GVCs to lpUser and reduce the number of GVCs in the BUSD-GVC trading pair thus increasing the GVC’s price.

The hacker repeated the process and eventually exploited 7781 BUSDs worth US $7781 in this incident.

Additional Details:

- Attacker’s Address: 0x49fac69c51a303b4597d09c18bc5e7bf38ecf89c (BNB chain)

- Attacked Contract: 0xDB95FBc5532eEb43DeEd56c8dc050c930e31017e(GVC Token on BNB chain)

4. Hacker Attacks SmallBros Discord Server

On Dec 1, a hacker had attacked SmallBros’ discord server. SmallBros is an NFT project deployed on Ethereum.

5. Hacker Attacks Brainless Spikes Discord Server

On Dec 1, a hacker had attacked Brainless Spikes’ discord server. Brainless Spikes is an NFT project deployed on Ethereum.

6. Hacker Attacks Ankr

On Dec 2, a hacker attacked Ankr, a dApp deployed on the BNB chain.

The root cause was very likely that the Ankr Deployer’s private key was compromised.

The attacker exploited crypto assets worth around US $5 million in this incident.

For more details about this incident refer to:

https://twitter.com/FairyproofT/status/1598535802463875072?s=20&t=G7OlCC57pHNU-Bsgdjcb7w

Additional Details:

- Attacker’s Address: 0xf3a465C9fA6663fF50794C698F600Faa4b05c777 (BNB chain)

- Malicious aBNBc Contract: 0xd99955B615EF66F9Ee1430B02538a2eA52b14Ce4 (BNB chain)

- Ankr Deployer: 0x2Ffc59d32A524611Bb891cab759112A51f9e33C0 (BNB chain)

- Attacked Contract: 0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A (aBNBc on BNB chain)

- Initiator of Attack Transaction: 0x71699d5BD28F5C834eEe8E365848df056915Baa6 (BNB chain)

- Hash Value of Attack Transaction:

0xd07b210b872bc952b9f2250d8272a789f89a2f7a3621112fdd73addd7bdb080b (BNB chain)

CONCLUSION-

6 notable security incidents have occurred in the past week. Four out of them were attacks on smart contracts and two were attacks on social media accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

Web3
Comments

All Comments

Recommended for you

  • Fardi Wang, Chairman of NEXUS 2140: AI•Web3•Ecom Global Expo, Made Appearance at Meta Crypto Oasis 2025 in Dubai

    Fardi Wang, Chairman of NEXUS 2140: AI•Web3•Ecom Global Expo, recently appeared at the Meta Crypto Oasis 2025 in Dubai, joining global Web3 leaders such as Justin Sun (Founder of TRON) and Chris (Co-founder of Sonic) to discuss the future of the industry. As the first cross-industry event integrating AI, Web3, and E-commerce, NEXUS 2140 is accelerating its international expansion through Fardi Wang’s active participation. At the summit, Fardi Wang emphasized that the integration of virtual and real-world assets is the key breakthrough for the Web3 ecosystem. He mentioned: “NEXUS 2140 is leveraging Korea’s policies, technological strengths, and ecosystem advantages to build a global industrial hub.” His insights received strong recognition from attendees, and the Dubai visit further amplified the international influence of the event, injecting new momentum into global digital economy collaboration.

    Fardi Wang, Chairman of NEXUS 2140: AI•Web3•Ecom Global Expo, Made Appearance at Meta Crypto Oasis 2025 in Dubai

  • Binance Wallet’s New TGE B² Network is Now Available for Investment

    according to official page data, Binance Wallet's new TGE B² Network is now open for investment, with an end time of 18:00 (UTC+8). The participation threshold for this TGE is that Alpha points must reach 82 points.

  • The price of ALPACA perpetual contract on Binance platform rose by more than 25% in the past 5 minutes

    the current price of ALPACA perpetual contract on the Binance platform has risen by over 25% in the past 5 minutes, now falling back to $1.3683. At the same time, the spot price of ALPACA is $1.22, showing a significant price difference.

  • To participate in Binance Wallet's new TGE B² Network, you must have 82 points

    according to the official announcement, Binance Wallet has announced the participation threshold for the new B² Network (B2) TGE, with Alpha points needing to reach 82 points.

  • 1confirmation founder: There is a negative correlation between the popularity of the seed round and the success of the project product

    On April 29th, Nick Tomaino, the founder of 1confirmation, wrote on X that there is a negative correlation between the popularity of seed round projects and their success. Participating in a hot round is indeed exciting: high funding amounts, intense competition, big-name investors, and extensive media coverage. However, rarely does participating in such hot projects before the product-market fit is clear bring truly outstanding results. At 1confirmation, some of the most "popular" projects we have invested in have actually performed the worst.

  • U.S. Treasury Secretary Benson: We hope to obtain long-term tariff revenue and agreements

    US Treasury Secretary Besant said he hopes to obtain long-term tariff revenue and agreements, and the US will hold talks with at least 17 partners in the coming weeks. There is a good chance of seeing income tax reductions in the tax bill, and tariff revenue could be used for tax cuts.

  • MilkyWay has opened airdrop applications

    April 29th news, MilkyWay stated on social media that the airdrop application has been opened, and the application will be closed at 18:00 on May 29, 2025.

  • Spot gold continues to fall

    spot gold continues to decline, with the decline expanding to 2%, at $3315.49 per ounce.

  • BTC breaks through $93,500

    the market shows BTC has broken through $93,500, now trading at $93,506.58, with a 24-hour increase of 6.12%. The market is fluctuating greatly, please manage your risks.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company
Cointime

Hot Coins

TerraClassicUSD USTC
$0.01281
- 1.6%
$71698652.39
Terra Classic LUNC
$0.00006109
- 0.81%
$332078920.01
Axie Infinity AXS
$2.52
- 2.4%
$405872343.24

Daily Must-Read

01
Paul Atkins, nominated by Trump, has been sworn in as SEC chair
02
Ethereum crashed in Q1. Could May’s Pectra upgrade bring it back?
03
Contrarian Take: How Stablecoins' Disruption of Money Creation Stands in its way to Mass Adoption
04
Atkins Confirmed By U.S. Senate to Take Over SEC Formerly Run by Gensler
05
Time to move on: CT breakup guide
06
Why Trump's Tariffs Could Actually Be Good for Bitcoin