BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
Chuangyu Blockchain October Security Monthly Report
创宇区块链安全实验室
2022-11-01 09:59
本文约3800字,阅读全文需要约15分钟
Analysis and summary of blockchain security incidents in October 2022.

1 Introduction

With the gradual improvement of the market, there was a sudden increase in various attacks in October and the amount of money involved was quite huge, which is jaw-dropping. According to the data of Chuangyu Blockchain Security Lab [Hacked Incident Archives], there were more than 53 security incidents in this month, with a total loss of over 850 million US dollars. Among them, DeFi security incidents have increased rapidly. The most representative one is the BNB Chain cross-chain bridge Token Hub (token center) system contract was hacked, and the loss was as high as 560 million US dollars.

2. Data Analysis

1. Proportion analysis:

Through the analysis of the number and proportion of various types of security incidents this month, it can be found that almost half of the attacks come from DeFi attacks, and phishing is still a high-incident attack type.

2. Comparative data analysis:

Through comparison, it is found that DeFi security and running scam incidents have doubled this month, while other security incidents have also increased slightly or remained flat.

3. Monthly security trends in 2022:

This month, the overall number of security incidents has increased significantly, compared with the number of security incidents in the previous month, which has more than doubled. It can be seen that the market is gradually recovering and it has also brought great security threats.

3. DeFi security type events

  • On October 2, Transit Swap, a cross-chain DEX aggregator, was attacked. As of now, the loss is estimated to have exceeded 28 million US dollars. This attack is mainly aimed at addresses that have approved the Transit Swap&Cross Approve Proxy contract.

  • On October 7, the BNB Chain cross-chain bridge Token Hub (token center) system contract was attacked by hackers, and 2 million BNBs were withdrawn twice, which is about 560 million US dollars.

  • On October 9th, the XaveFinance project was hacked, resulting in a 1,000-fold increase in the issuance of RNBW.

  • On October 11, the smart contract of the QANplatform bridge was attacked. The attacker made a profit of about $960,000 on Ethereum and about $1,140,000 on BNB Chain.

  • On October 11, the DeFi protocol TempleDAO was suspected of being attacked and lost about $2.34 million.

  • On October 11, the Rabby project was hacked, involving an amount of about $200,000.

  • On October 12, Mango, a Solana-based decentralized finance platform, was hit with a potential $100 million attack.

  • On October 12, the ATK project suffered a flash loan attack, and the attacker made a profit of 120,000 US dollars.

  • On October 14th, the MEV robot (0x00000.....be0d72) was exploited, and the loss was about 187.75 WETH.

  • On October 17, the non-open source contract of the MTDAO project party suffered a flash loan attack, resulting in a loss of nearly 500,000 US dollars.

  • On October 18th, BitKeep Swap was attacked by hackers. The development team has carried out emergency treatment, and the hacker's attack has been stopped. The attack was concentrated on BNB Chain, causing a loss of about 1 million US dollars.

  • On October 18, the PLTD project was attacked by hackers, and all BUSD in its trading pool were all sold out, and the attackers made a total profit of 24,497 BUSD.

  • On October 19, the Moola protocol on Celo was attacked, and the hackers made a profit of about $9 million.

  • On October 20, the token GEO contract was attacked, please do not buy GEO on BNB Chain.

  • On October 20, a service called "Ethereum Alarm Clock" was exploited due to smart contract vulnerabilities. Hackers have obtained 204 ETH, worth about $259,800.

  • On October 20, Twitter users disclosed that there was a "false minting" vulnerability in the cross-chain bridge between BitBTC and Optimism, which has now been fixed.

  • On October 21, OlympusDAO lost about $292,000 due to code loopholes.

  • On October 23, Layer2DAO, an Optimism ecological investment project, was attacked by hackers. Hackers stole about 49.95 million L2DAO Tokens by obtaining Layer2DAO's multi-signature authority and sold some of them. The loss was approximately USD 320,000.

  • On October 24, QuickSwap lost $220,000 due to a flash loan attack and will temporarily close the lending market.

  • On October 25th, the ULME token project was hacked and lost 50,646 BUSD.

  • On October 25, the Assets Deposit Upgrade contract of the Melody SGS project was suspected of being hacked, causing a total loss of 2,225 BNB. The loss was approximately US$ 640,000.

  • On October 27, the multi-chain wallet UvToken was attacked, and the price of UVT tokens fell by 99%. The attacker has transferred about 5,011 BNB (worth about 1.5 million U.S. dollars) stolen into Tornado Cash.

  • On October 27, the Team Finance team stated that the funds managed by the protocol were hacked during the migration from Uniswap v2 to v3, and the confirmed loss was $14.5 million.

  • On October 27, the TrustSwap project was hacked, affecting at least $7.79 million (ETH 880.2554, DAI 6,429,327.65).

  • On October 27, the project Victor the Fortune was attacked by a flash loan, and the attacker has made a profit of about 58,000 US dollars.

  • On October 28, FriesDAO was attacked due to the Profanity vulnerability and lost about $2.3 million.

4. Scam Security Type Events

  • On October 2, the BTU (BTU) project experienced a drop of more than 88%, and it has been confirmed that the project is a Rug Pull project.

  • On October 6, Easier (EAI) experienced a drop of more than 66%, and the project has been confirmed as a Rug Pull project.

  • On October 7, the counterfeit project GMX (GMX) experienced a drop of more than 88%, and it has been confirmed that the project is a Rug Pull project.

  • On October 9th, a Rugpull occurred in the Jumpnfinance project. At present, 2,100 BNB ($581,700) of the stolen funds have been transferred to Tornado.Cash, and the remaining 2,058 BNB ($571,128) are still stored in the attacker's address.

  • On October 16, the price of the SHOK project fell by more than 83%, and it has been confirmed as a Rug Pull. The scam has made a profit of about 71,400 US dollars.

  • On October 20th, the Mango INU project was confirmed to be a Rug Pull, and the currency price fell by more than 80%. The scam has made a profit of about 48,500 US dollars.

  • On October 20, the price of the DD project fell by more than 87%, and it was confirmed as a Rug Pull. The scam has made a profit of about 109,000 US dollars.

  • On October 24, the Freeway project party deleted the official list and implemented Rug Pull, involving an amount of more than 100 million US dollars.

  • On October 24, Mango attackers made $100,000 by deploying the Rug Pull project Mango Inu.

  • On October 28, an airdrop scam pretending to be the official Aptos has earned 114.8 ETH. Do not click on the phishing website airdrop.aptlabs.fi.

5. Phishing Security Type Events

  • On October 9, Mel B, a member of the well-known British girl group Spice Girls, reported to the local police that her Whatsapp had been attacked by encrypted hackers. , her family and celebrity friends were flooded with fake cryptocurrency donation requests.

  • On October 8, the Flaskies project Discord server was attacked. Community users please do not click, mint or approve any transactions.

  • On October 9, seven "boring ape" BAYCs worth more than $700,000 (about 540 ETH) were stolen, namely BAYC 4317, 755, 6567, 8761, 2951, 9611, and 8274. The victim was tricked into approving a malicious contract, resulting in the theft of BAYC from the wallet.

  • On October 15, the Whisbe Vandalz project Discord server was attacked. Community users please do not click, mint or approve any transactions.

  • On October 16, the Discord server of the Project Kaito project was attacked. Community users please do not click, mint or approve any transactions.

  • On October 18, the XANA Project Discord server was attacked. Community users please do not click, mint or approve any transactions.

  • On October 22, Gate's official Twitter account was suspected to be hacked, and phishing messages were sent. Users are reminded to pay attention to asset security.

  • On October 22, the Vivity Project Discord server was attacked. Community users please do not click, mint or approve any transactions.

  • On October 22, the Discord server of the Project Shojira project was attacked. Community users please do not click, mint or approve any transactions.

  • On October 25, the attackers involved in the FTX and 3Commas API key-related phishing incidents also attacked the Binance US and Bittrex exchanges, stealing 1,053 ETH and 301 ETH, respectively.

  • On October 26, the Discord server of the NFT project primordials was attacked. Community users please do not click, mint or approve any transactions.

  • On October 28, the Discord server of the NFT project Oxya Origin was attacked. Community users please do not click, mint or approve any transactions.

6. Other Security Event Types

  • On October 11, the private key of the paraswap deployer was suspected to be leaked, and funds were stolen on multiple chains.

  • On October 11, the TokenPocket official website was attacked by abnormal traffic, and the technical team is undergoing emergency maintenance.

  • On October 17, Japanese exchanges were hit by a cyber attack by the Lazarus Group, believed to be directly controlled by the North Korean government.

  • On October 25, the token address of Melody, a Web3 entertainment and social application, was stolen by hackers, and the team temporarily closed the withdrawal function.

  • On October 26, the front end of Spookie Finance was suspected to be attacked, and the price of GHOST almost fell to zero.

7. Summary

From the perspective of DeFi, among the security incidents involved, in addition to the most common flash loan attacks, cross-chain bridge attacks are also becoming more frequent. Here again, we remind everyone of the importance of contract auditing: In quite a few attack events, logic problems are basically the most serious impact, so developers need to rigorously develop the contract function logic when developing. At the same time, it is necessary to implement regular audits and compound audits for contract security to protect contracts from other attacks, and attach great importance to flash loans and cross-chain bridge contracts.

From the perspective of phishing and scams running away, running scams have increased significantly compared to last month, which warns investors that they need to conduct a comprehensive investigation of all aspects of the project and project parties, and be cautious about every project to prevent unscrupulous projects Fang defrauded money and ran away; phishing was basically the same as last month, and the increase was not large, but the number of incidents did not decrease at all. It can be seen that attackers still think that phishing is easier to deceive users and make profits, while ordinary investment Readers are indeed easy to take it lightly in this regard. Knowing that Chuangyu Blockchain Security Lab reminds everyone not to click, mint or authorize any unknown transactions, pay attention to wallet or browser prompts during the interaction process, and pay special attention to Approve authorization operations.

Safety
创宇区块链安全实验室
作者文库
推荐文章
Gate and F1 Red Bull Racing Team Launch "Red Bull Racing Tour": Limited Spectator Seats + Up to 5,000 GT Prize Pool
13 minutes ago
Gate and F1 Red Bull Racing Team Launch "Red Bull Racing Tour": Limited Spectator Seats + Up to 5,000 GT Prize Pool
Airwallex CEO questions the value foundation of stablecoins: Are the vested interests representing the "old forces" panicking?
4 minutes ago
Airwallex CEO questions the value foundation of stablecoins: Are the vested interests representing the "old forces" panicking?
Polycule Operation Guide: Quickly Play with Polymarket's Telegram Bot
an hour ago
Polycule Operation Guide: Quickly Play with Polymarket's Telegram Bot
BitMart Market Weekly Report (6.02-6.08)
an hour ago
BitMart Market Weekly Report (6.02-6.08)
From whale to ant, has the legend of on-chain contracts James Wynn fallen?
23 minutes ago
From whale to ant, has the legend of on-chain contracts James Wynn fallen?
Coinsidings 2.0 makes every trip you take a chance to make a fortune
3 hours ago
Coinsidings 2.0 makes every trip you take a chance to make a fortune