BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
Chuangyu Blockchain Security Monthly Report in May
创宇区块链安全实验室
2022-05-31 03:56
本文约3854字,阅读全文需要约15分钟
In May, a major security issue occurred in the Terra ecosystem, causing losses of more than 40 billion U.S. dollars.

foreword

foreword

The following is a summary of various types of security information in May by the Know Chuangyu Blockchain Security Lab, and a discussion on the problems exposed by it.

DeFi Security Type Events

  • DeFi Security Type Events

  • On May 5, the Cronos ecological DEX MM.Finance was attacked by the front-end. Hackers used DNS vulnerabilities to steal more than $2 million in CRO Token from users. The stolen funds were transferred to Tornado Cash.

  • On May 14, Venus, the lending agreement on BNBChain, issued a supplementary announcement on the LUNA oracle incident, saying that at around 09:20 UTC on May 12, Chainlink’s price feedback for LUNA reached the price floor and was suspended at a price of $0.107. The Venus LUNA market continued to operate, but the spot price continued to fall. After 4 hours, the spot price was about $0.01. The team found a problem and suspended the agreement, and the fund loss gap was about $14.2 million.

  • On May 16, the project Feminist Metaverse (FM_Token) on BNB Chain was attacked. The attacker made a profit of 1,838 BNB, about $540,000, and then transferred the BNB to tornado.cash.

  • On May 16, the multi-chain DeFi protocol FEG was attacked, and a total of 144 Ethereum and 3,280 BNB were lost, amounting to about $1.3 million.

  • On May 17, the multi-chain DeFi protocol FEG was attacked again, with a loss of about US$1.9 million (including US$1.3 million for BNB Chain and US$600,000 for Ethereum).

  • On May 21, the bDollar project was attacked by price manipulation, and the attacker made a profit of 2,381 WBNB (worth about $730,000).

  • On May 24th, the hackerDao project was attacked by price manipulation. The attackers carried out two attacks and made a total profit of about 200 BNB (worth about 66,000), which has been transferred to Tornado.cash.

  • On May 25, the MVE bot on Ethereum was suspected of being attacked, and lost 8.18 ETH, about $15971.72.

  • On May 30, the DeFi project Novo was suspected of being attacked, and hackers transferred 280 BNB (approximately $89,600) to Tornado.cash.

scam security type event

  • scam security type event

  • On May 11, a Rug Pull occurred in the Diaos project, and the price of Diaos plummeted. The contract owner used the mint() function to mint 1 million Diaos tokens and sent them to another account, and then distributed the tokens to other addresses and passed Pancake Swap sell.

  • On May 16, Rug Pulls occurred on the TOM project, and the tokens fell by 99.94%. So far, 1200 BNB has been transferred to TornadoCash.

  • On May 17, a Rug Pull occurred on Token ALG, a project on the BSC chain. The price dropped by 99.95%, and about 581.5 BNB was transferred to Tornado Cash.

  • On May 18, a Rug Pull occurred in the JJH DAO project. The price of its project token JJH fell by more than 94%.

  • On May 24, a Rug Pull occurred on the KCT token, the token price dropped by 100%, and more than 607 BNB were transferred to Tornado.Cash.

  • On May 25th, a RugPull occurred in the project DecentraWorld on BNB Chian, the token DEWO fell by 97%, the DecentraWorld social account was canceled, and about 3,200 BNB (about 1 million US dollars) were withdrawn from the DecentraWorld contract deployer.

  • On May 25th, a Rug Pull occurred on the project Starship on BNB Chian, and its token price almost dropped to zero, and about 715 BNB were transferred to Tornado Cash.

  • On May 27, the Ecological Move to Earn application Sport on BNB Chain was a scam, and the SPORT Token fell by more than 94%.

Phishing Security Type Events

  • Phishing Security Type Events

  • Dozens of YouTube channels ran the scam on May 9 by clipping old videos of Musk and Jack Dorsey and Ark Invest in which the scammers included false crypto messages, including links to fraudulent crypto giveaway sites , with millions of dollars stolen.

  • On May 18, American actor SethGreen suffered a phishing attack, resulting in the theft of 4 NFTs (including 1 BAYC, 2 MAYC and 1 Doodle). The phisher’s address has sold all the NFTs and made a profit of nearly 160 ETH ( about $330,000).

  • On May 18, the official Discords of CyberConnect, Moonbirds, PROOF, Memeland, and RTFKT were all attacked by hackers, and phishing links were released in the Discords.

  • On May 20th, Flare Community reminded users on Twitter to be alert to phishing scams related to FLR pre-sale. So far, 96 Flare Network fake websites have been found targeting Discord users, publishing false information and phishing links about Flare Network's FLR pre-sale.

  • On May 22, the Twitter account of digital artist Beeple was hacked and used by the attackers to promote a phishing scam. Beeple's Twitter account included a fake phishing link for a Louis Vuitton NFT collaboration sweepstakes. The crooks also used the account to post phishing links to other fake NFT series.

  • On May 23, the Discord of the NFT project APIENS was attacked, and 130 NFTs were transferred, including 24 Apiens and 1 ENS.

  • On May 23, the Discord of the NFT project The Fracture was attacked, and the attacker has made a profit of 455 SOL.

  • On May 25, Twitter user @CirrusNFT tweeted that 29 Moonbirds NFTs had been stolen in a hack that cost $1.5 million.

  • On May 25, the Discord of Trait Sniper, an NFT rarity ranking tool, was hacked, and 59 NFTs were transferred to addresses beginning with 0x3E8Da, including 3 Otherdeeds, 1 CloneX, 2 RTFKT-MNLTH, and 1 adidasoriginals Wait for NFT.

  • On May 26, the monitoring of Chuangyu Blockchain Security Lab showed that goblintown-claims[.]wtf is a phishing website. The site lures users into connecting wallets to steal NFTs, and the phishing site looks almost identical to the official site.

  • On May 27, the monitoring of Zhichuangyu Blockchain Security Lab showed that zed-run.info is a phishing site that may steal users' private keys.

On May 27, the monitoring of Zhichuangyu Blockchain Security Lab showed that gunslingersnft[.]org is a phishing website link, and GunslingersNFT Discord may have been attacked.

  • On May 10, due to capital siege and debt crisis, the native algorithm stablecoin UST of the Terra ecology suffered a serious de-anchoring event, which caused the price of Luna to plummet and caused a loss of up to 40 billion U.S. dollars.

Other Security Event Types

  • Other Security Event Types

  • On May 24, Optimism, the second-layer expansion network of Ethereum, announced the latest progress of the airdrop, saying that it will remove the airdrop qualifications for 17,101 Sybil attacker addresses. The original airdrop of over 14 million OP Tokens at the above address will be redistributed in proportion to the remaining eligible users in Airdrop #1.

  • On May 26, KNOW Chuangyu Blockchain Security Lab detected that scammers sent Wrapped LUNA 2.0 to the Terra Deployer address, and airdropped it to Vitalik Buterin and other related addresses in an attempt to pretend to be an official Terra Deployer airdrop.

  • On May 29, Hop Protocol, a cross-chain bridge, stated in Discord that due to a loophole in the submission address form, users of the decentralized application platform Authereum need to resubmit the airdrop claim address form before June 2. Apply for Token through the governance proposal within 6 months after the Token goes online.

  • On May 30, Moonbirds issued a security announcement stating that there are security issues in the Nesting contract. This security problem occurs on NFT trading platforms such as OpenSea or LooksRare. When users place pending orders on the platform for sale, the seller cannot just prohibit the sale of NFT by executing the nesting (nesting) function, but needs to remove the relevant NFT sales from the trading platform. order, because without doing so, buyers in a certain scenario will bypass the restriction that Moonbirds cannot trade while nesting.

Summarize

Summarize

From the perspective of the Defi security situation, flash loan attacks and oracle machine manipulation have become frequent occurrences in this month's security incidents, and more and more attack methods are becoming more common, and the technology tends to mature. At the same time, there were many unexpected events such as the ChinaLink oracle accident of Venus, and the Terra ecology also collapsed due to various reasons. Knowing that Chuangyu Blockchain Security Lab hereby reminds that it is necessary to conduct regular audits and compound audits for contract security to protect contracts from other attacks. At the same time, it attaches great importance to authorization issues, and there must be a clear time limit for authorization.

Safety
创宇区块链安全实验室
作者文库
推荐文章
Gate and F1 Red Bull Racing Team Launch "Red Bull Racing Tour": Limited Spectator Seats + Up to 5,000 GT Prize Pool
20 minutes ago
Gate and F1 Red Bull Racing Team Launch "Red Bull Racing Tour": Limited Spectator Seats + Up to 5,000 GT Prize Pool
Airwallex CEO questions the value foundation of stablecoins: Are the vested interests representing the "old forces" panicking?
12 minutes ago
Airwallex CEO questions the value foundation of stablecoins: Are the vested interests representing the "old forces" panicking?
Polycule Operation Guide: Quickly Play with Polymarket's Telegram Bot
an hour ago
Polycule Operation Guide: Quickly Play with Polymarket's Telegram Bot
BitMart Market Weekly Report (6.02-6.08)
an hour ago
BitMart Market Weekly Report (6.02-6.08)
From whale to ant, has the legend of on-chain contracts James Wynn fallen?
31 minutes ago
From whale to ant, has the legend of on-chain contracts James Wynn fallen?
Coinsidings 2.0 makes every trip you take a chance to make a fortune
3 hours ago
Coinsidings 2.0 makes every trip you take a chance to make a fortune