Chuangyu Blockchain July Security Monthly Report

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Chuangyu Blockchain July Security Monthly Report

创宇区块链安全实验室

2022-08-02 06:07

本文约4697字，阅读全文需要约19分钟

The analysis and summary of blockchain security incidents in July 2022 shows that running scams and phishing are becoming more and more frequent. I hope everyone will increase their security awareness and increase their sensitivity to security issues.

foreword

In July, with the recovery of currency prices, security incidents have also become more frequent. Attackers are also "full firepower" this month, attacking from all aspects. It is known that Chuangyu Blockchain Security Lab [Hacked Incident Archives] data shows that there were more than 43 security incidents that occurred this month, among which the individual losses caused by running scams and phishing became more and more serious. The representative incident is Uniswap V3 Phishing attacks and DRAC Network's Rug Pull, and the attack on the DeFi protocol Crema Finance at the beginning of the month caused particularly heavy losses. The total amount of losses from security incidents this month totaled approximately $29,000,000.https://fishalert.knownseclab.comThrough the analysis of the number and proportion of various types of security incidents this month, it is not difficult to find that phishing security incidents still account for the most. Once again, we remind everyone to be vigilant against phishing, and some tools can be used to reduce the risk of being phished, such as: FishAlert (

) plug-in, which can reduce the risk of being phished.

The following is a summary of various types of security information in July by the Know-Chuangyu Blockchain Security Lab, and a discussion on the problems exposed by it.

DeFi Security Type Events

first level title

DeFi Security Type Events

• On July 3, Crema Finance, Solana's ecological liquidity protocol, was hacked and lost more than $6 million. Hackers used Solend's flash loan to deplete the fund pool.

• On July 7, the price of the PXT token of the ProjectX project fell, and the official said that the price drop was due to hacker attacks (exploitation). The attackers earned about $19,000.

• On July 10, Omni X, a decentralized NFT financialization protocol, was attacked, and the attacker exploited the reentrant settlement function of ERC721. Losses exceeded $1 million.

• On July 11, the DeFi platform Parallel Finance suffered a reentrancy attack, resulting in a loss of about $2 million.

• On July 12, the staking mining project was attacked by hackers. The attackers used the addition overflow vulnerability of the updateBalance function in the contract to modify the staking amount of the attacking account. The total profit was about 110,000 US dollars.

• On July 12, the multi-chain NFT protocol Citizen Finance was attacked, the price of CIFI tokens has dropped by more than 50%, and 244 BNB and 57,600 MATIC were stolen.

• On July 14, the project SpaceGodzilla on BNB Chain was attacked by hackers with lightning loans. Hackers borrowed a large amount of funds through flash loans and manipulated the price of SpaceGodzilla in the trading pool on Pancake. The attack made a total profit of 25,378.78 BUSD.

• On July 24, the Audius community treasury of the Web3 music streaming service platform was exploited, and 18.5 million AUDIO Tokens were lost. The hackers exchanged the funds for 705 ETHs on Uniswap, making a total profit of about US$110,000.

• On July 25th, the LPC project suffered a flash loan attack. Because the account balance was not updated in the _transfer function, but was directly modified on the recipientBalance value of the original recipient balance, the attacker's balance increased. The attacker made a total profit of 178 BNB, which is about $45,715.

• On July 28, Nirvana, a decentralized algorithm-based stablecoin protocol based on Solana, was attacked by a flash loan. The price of its stablecoin NIRV once fell from US$1 to US$0.09, with a maximum drop of more than 90%. The attackers made a total profit of 3,490,563.69 USDT , 21,902.48 USDC and 393,230.32 ANA tokens, worth about $3.57 million.

• On July 3, Crema Finance, Solana's ecological liquidity protocol, was hacked and lost more than $6 million. Hackers used Solend's flash loan to deplete the fund pool.

• On July 7, the price of the PXT token of the ProjectX project fell, and the official said that the price drop was due to hacker attacks (exploitation). The attackers earned about $19,000.

• On July 10, Omni X, a decentralized NFT financialization protocol, was attacked, and the attacker exploited the reentrant settlement function of ERC721. Losses exceeded $1 million.

• On July 11, the DeFi platform Parallel Finance suffered a reentrancy attack, resulting in a loss of about $2 million.

• On July 12, the multi-chain NFT protocol Citizen Finance was attacked, the price of CIFI tokens has dropped by more than 50%, and 244 BNB and 57,600 MATIC were stolen.

scam security type event

first level title

scam security type event

• On July 4th, the distributed node infrastructure project Nody (NODY) had a Rug Pull, and the current price of NODY Token dropped by 93%.

• On July 6, the BNB Chain project BabyDAO had a Rug Pull, the tokens fell by 99.9%, and about 773 BNB (about 180,000 USD) were transferred to Tornado Cash.

• On July 20, a RugPull occurred on RacKiller, and the token price fell by more than 70%.

• On July 20, a RugPull occurred on NumberSwap, and the token price fell by more than 96%.

• On July 20, a Rug Pull occurred on Neoteric.finance, and the price of its NTRC token fell by more than 91.6%. Current reports indicate a loss of approximately $100,000.

• On July 20, a Rug Pull occurred in the Angels To Miracles project, the price of ATM tokens fell by 46%, 1943.3 BNB were transferred to TornadoCash, and the loss was about 530,000 US dollars.

• On July 20, a Rug Pull occurred in the ORCHID project, and the price of ORCHID tokens fell by more than 96.4%. The current report shows that the loss is about 50,000 US dollars.

• On July 25, a RugPull occurred on the DeFi project DRAC Network, the price of the token TEDDY dropped by 99.4%, and 10,000 BNB and 2 million BUSD were transferred to Binance. Losses amounted to approximately $4.5 million.

• On July 29, a Rugpull occurred in the second uncle coin pool. The contract deployer has laundered the stolen money through Tornado Cash. So far, the price of the token SUC has dropped by 99.7%. According to statistics, the total profit of this fraud is as high as 1.3 million US dollars.

Phishing Security Type Events

first level title

Phishing Security Type Events

• On July 6, the Discord server of the NFT project Spiky Space Fish was hacked, users are asked not to click any links, and do not participate in minting or approving any transactions.

• On July 6th, the official Otherside Twitter account (@scottehartley) was allegedly hacked and his profile was changed to display the OthersideMeta NFT image and promote the scam.

• According to news on July 9, the Discord server of the NFT project Dope Ape Club was attacked. The chat was locked and the attackers posted a phishing link. Community users please do not click on links, mint or approve any transactions.

• On July 12, hackers stole 7,500 ETH on Uniswap V3 through phishing attacks, and the protocol itself has no security issues.

• On July 14, the Discord server of the NFT project AzukiArt was hacked, users are asked not to click on links, mint or approve any transactions.

• On July 15th, the Discord server of the NFT project Lonely Alien Space Club was compromised, users are asked not to click on links, mint or approve any transactions.

• On July 16, the Discord server of the P2E metaverse project Botborgs was attacked, users are asked not to click on links, mint or approve any transactions.

• On July 17, the Discord server and Twitter account of the NFT management platform NFTY Dash were attacked. Users are asked not to click on links, mint or approve any transactions.

• On July 17, premint.xyz was attacked by hackers. Hackers implanted malicious JS files in the premint.xyz website to carry out phishing attacks, tricking users into signing setApprovalForAll(address, bool) transactions, thereby stealing users' Assets such as NFT.

• On July 18, originals-adidas.com was confirmed to be a phishing website, and 19 ETH and 17 NFT had entered the scammer's address.

• On July 19, the Discord server of the NFT project Maximalist was attacked. The attacker posted a phishing link, asking users not to click on the link, mint or approve any transactions.

• On July 20th, DerpyPunkz's Discord server was compromised, the attacker posted a phishing link, same as previous Maximalist project attackers, users should not click on the link, mint or approve any transactions.

• On July 21, the NFT project Tableland Discord was attacked. A phishing link was posted on the bulletin board, and some team members were kicked out. Users are asked not to click on links, mint or approve any transactions.

• On July 25, the Discord server of the NFT project NEN Studio was attacked. Community users please do not click on links, mint and approve any transactions.

• On July 27, the Discord server of the NFT project The Americans NFT was attacked, and the attacker posted a phishing link. Community users please do not click, mint or approve any transactions.

• On July 29, the Discord server of the DAISUKI project was attacked. Community users please do not click, mint or approve any transactions.

Other Security Event Types

first level title

Other Security Event Types

• On July 26, there was an RCE (Remote Code Execution) vulnerability in the Windows version of the Coremail mail client. Attackers can send users emails containing malicious programs to control the user's host, which may lead to the leakage of the wallet private key.

Summarize

first level title

Summarize

Safety

创宇区块链安全实验室

作者文库