Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch (November 28 to Dec 4)

Fairyproof Tech

Validated Project

From November 28 to December 4, 2022, all security incidents that have occurred are all Security Hacks.

SECURITY HACKS:

1. Hacker Attacks Prometheus

On Nov 28, Prometheus, a dApp deployed on the BNB chain was attacked.

In this incident, the hacker withdrew 467,398 PHI from the project’s OTC contract and exchanged them to 124,73 BNBs.

The Prometheus team got back 112.08 BNBs and kept them in a multi sig (0x69A03128a7cb580553acf1cf287d4A5Ce0A01c1F).

The hacker exploited 12.65 BNBs (worth around US $3,654.5) in this incident.

At the time of writing, the project’s gPHI and dPHI supply had not been exploited, and all the contracts had been paused, except the dividends pool.

Additional Details:

- Attacker’s Address: 0xc7233627c65f0dd1465938212a3adaa5dea50bf6 (BNB chain)

- Hash Value of Attack Transaction:

0x15472327df1fdace59c14eba5f4069ffb65c71c5f38f00355da990b68121d160

2. Hacker Attacks Shamanzs Discord Server

On Nov 28, a hacker had attacked Shamanzs’ discord server. Shamanzs is an NFT project deployed on Ethereum.

3. Hacker Leverages Flash-loan to Attack Seaman

On Nov 29, a hacker had attacked Seaman, a dApp deployed on the BNB chain.

The root cause was that its tokenomics design would result in price manipulation.

The attacker flash-loaned 500,000 BUSDs and exchanged them to GVCs. The hacker then called Seaman’s transfer function to transfer a small number of SEAMAN tokens and triggered the SEAMAN tokens to be exchanged to GVCs. This process would call the _splitlpToken() function to distribute the GVCs to lpUser and reduce the number of GVCs in the BUSD-GVC trading pair thus increasing the GVC’s price.

The hacker repeated the process and eventually exploited 7781 BUSDs worth US $7781 in this incident.

Additional Details:

- Attacker’s Address: 0x49fac69c51a303b4597d09c18bc5e7bf38ecf89c (BNB chain)

- Attacked Contract: 0xDB95FBc5532eEb43DeEd56c8dc050c930e31017e(GVC Token on BNB chain)

4. Hacker Attacks SmallBros Discord Server

On Dec 1, a hacker had attacked SmallBros’ discord server. SmallBros is an NFT project deployed on Ethereum.

5. Hacker Attacks Brainless Spikes Discord Server

On Dec 1, a hacker had attacked Brainless Spikes’ discord server. Brainless Spikes is an NFT project deployed on Ethereum.

6. Hacker Attacks Ankr

On Dec 2, a hacker attacked Ankr, a dApp deployed on the BNB chain.

The root cause was very likely that the Ankr Deployer’s private key was compromised.

The attacker exploited crypto assets worth around US $5 million in this incident.

For more details about this incident refer to:

https://twitter.com/FairyproofT/status/1598535802463875072?s=20&t=G7OlCC57pHNU-Bsgdjcb7w

Additional Details:

- Attacker’s Address: 0xf3a465C9fA6663fF50794C698F600Faa4b05c777 (BNB chain)

- Malicious aBNBc Contract: 0xd99955B615EF66F9Ee1430B02538a2eA52b14Ce4 (BNB chain)

- Ankr Deployer: 0x2Ffc59d32A524611Bb891cab759112A51f9e33C0 (BNB chain)

- Attacked Contract: 0xE85aFCcDaFBE7F2B096f268e31ccE3da8dA2990A (aBNBc on BNB chain)

- Initiator of Attack Transaction: 0x71699d5BD28F5C834eEe8E365848df056915Baa6 (BNB chain)

- Hash Value of Attack Transaction:

0xd07b210b872bc952b9f2250d8272a789f89a2f7a3621112fdd73addd7bdb080b (BNB chain)

CONCLUSION-

6 notable security incidents have occurred in the past week. Four out of them were attacks on smart contracts and two were attacks on social media accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

Web3
Comments

All Comments

Recommended for you

  • BTC breaks through $88,000

    the market shows BTC breaking through $88,000, now reported at $88,059, a 24-hour increase of 4.25%, with significant market fluctuations, please manage risks.

  • BitradeX Partners with NVIDIA for Deep Collaboration, Leveraging GPU Power to Lead the AI Trading Revolution

    BitradeX has announced its partnership with NVIDIA through the NVIDIA Developer Program, entering into a deep collaboration to optimize its core AI trading model, ARK Trading Model, with NVIDIA’s A100 and H100 GPU clusters. This collaboration has significantly enhanced ARK's decision-making speed and precision, reducing decision latency from 2.1 milliseconds to just 0.07 milliseconds. This deep partnership marks a technological breakthrough for BitradeX, propelling the industry into the "AI Quantification 2.0 Era" and offering users a more efficient trading experience in the global financial market.

  • Spot gold hits $3,390

    spot gold continues to rise, reaching 3390 US dollars per ounce and approaching the key level of 3400 US dollars per ounce, with an intraday increase of more than 1.8%.

  • The one-year and five-year LPRs remain unchanged.

    On April 21st, the People's Bank of China kept the one-year and five-year loan prime rates (LPR) unchanged at 3.1% and 3.6% respectively.

  • Market News: French Finance Minister says if Fed Chairman Powell is fired by Trump, the dollar will lose credibility

    French Finance Minister Eric Lombard warned that if Trump dismisses Federal Reserve Chairman Jerome Powell, it will endanger the credibility of the dollar and disrupt the stability of the U.S. economy as the bond market develops. Eric Lombard added that the result of Powell's dismissal would be higher debt repayment costs and severe confusion in the national economy, consequences that will eventually force the United States to negotiate to end the tension.

  • USD/CNH breaks through 7.3000 yuan mark

    US dollar against the offshore RMB just broke through the 7.3000 yuan mark, with the latest report of 7.2999 yuan, up 0.03% on the day; the US dollar against the onshore RMB is now reported at 7.2990 yuan, up 0.01% on the day.

  • Spot gold breaks through $3,330/ounce, setting a new record high

    spot gold continued to rise, breaking through $3330 per ounce, hitting a new historical high, rebounding about $100 from the daily low, and rising more than 3% within the day.

  • Spot gold breaks through $3,320/ounce, setting a new record high

    spot gold broke through $3320 per ounce, hitting a new all-time high and rising 2.9% intraday.

  • BTC breaks through $85,000

    the market shows BTC breaking through $85,000, now trading at $85,022, with a 24-hour decrease narrowed to 0.41%. The market fluctuates greatly, so please be prepared for risk control.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company
Cointime

Hot Coins

Trending