Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch _Dec 19 to Dec 25

Validated Project

From 19 December to 25 December, 2022, all security incidents that have occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

1. Hacker Attacks Splattercats Discord Server

On 20 Dec, a hacker attacked Splattercat’s discord server. Splattercat is a game project.

2. Hacker Attacks xHamsters Discord Server

On 20 Dec, a hacker attacked xHamster’s discord server. xHamster is an NFT project on Ethereum.

3. Hacker Attacks Sol City Poker Clubs Discord Server

On 21 Dec, a hacker attacked Sol City Poker Club’s discord server. Sol City Poker Club is an NFT project on Solana.

4. Hacker Attacks David Di Francos Discord Server and Twitter Account

On 21 Dec, a hacker attacked David Di Franco’s discord server and twitter account. David Di Franco is a social media influencer.

5. Hacker Attacks DR/VRS Discord Server

On 22 Dec, a hacker attacked DR/VRS’ discord server. DR/VRS is an NFT project on Ethereum.

6. Hacker Attacks F1 Dogs Discord Server

On 23 Dec, a hacker attacked F1 Dog’s discord server. F1 Dog is an NFT project on Aptos.

7. Hacker Attacks Rubic

On Dec 25, Rubic, a cross-chain aggregator deployed on Ethereum was attacked.

The root cause was that it suffered from an injection attack.

For more details about this attack, please refer to:

https://twitter.com/FairyproofT/status/1607219687099858945?s=20&t=EdPTY0W1BoijR5NeID3ZQA

Rug-pulls:

1. Defrost Finance Suspected to be Rug-pull

On 25 Dec, Defrost Finance, a dApp deployed on the Snow blockchain was suspected to be a rug-pull.

For more details about it please refer to :

https://twitter.com/FairyproofT/status/1606955396903899146?s=20&t=YD9hgJCJQU-1RbkY4MgFCw

CONCLUSION-

8 notable security incidents have occurred in the past week. Seven of them were attacks on smart contracts and social media and one was suspected to be a rug-pull.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. Particularly we suggest crypto investors should avoid investing in projects whose admins(owners) obtained their gases from Tornado Cash. If projects of this kind turn out to be rug-pulls, it is hard to take back/recover assets from them.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Crypto
Comments

All Comments

Recommended for you

  • SlowMist: Beware of watering hole attacks launched by malicious attackers using WordPress plugin vulnerabilities

    SlowMist Security has issued a warning that attackers have recently been exploiting vulnerabilities in WordPress plugins to inject malicious JS code into normal websites and launch watering hole attacks. These attacks involve popping up malicious windows when users visit the site, deceiving them into executing malicious code or performing Web3 wallet signatures, thereby stealing their assets. It is recommended that sites using WordPress plugins check for vulnerabilities, update plugins in a timely manner, and avoid being attacked. When visiting any website, users should carefully identify the downloaded programs and Web3 signature content to avoid downloading malicious programs or having their assets stolen due to malicious signatures.

  • Unverified Ember Sword NFT auction contract vulnerability has caused nearly $200,000 in losses

    Certik has discovered a vulnerability in the unverified Ember Sword NFT auction contract, which has earned 60 WETH (approximately $195,000) from 159 victims who approved the contract. Certik reminds users to revoke their approval of the relevant contract on Polygon.

  • zkSync ecological lending platform xBank Finance suspected of RUG

    xBank Finance, a zkSync ecosystem lending platform, was suspected of being a RUG, and the protocol's TVL was close to zero. The project's official Twitter account has been frozen.

  • Scammers use fake USDT balances to defraud cryptocurrency users

    SlowMist has partnered with Imtoken to uncover a new cryptocurrency scam that uses offline transactions and USDT. Scammers manipulate the Ethereum RPC to falsify the USDT balance in the victim's wallet. The scammer lures the victim to change their Ethereum RPC URL to a URL controlled by them, making it appear that the victim has deposited USDT funds, but in reality, the victim is left empty-handed when attempting to trade. In addition, the scam also deceives users through small transfers to gain trust, then manipulates account balances and contract information, posing serious risks to unsuspecting users and is related to a wider range of pig slaughter scam activities.

  • Cointime April 27th News Express

    1. ETH falls below $3,100

  • HKEX: Accepts BOS HashKey, Huaxia, Harvest Bitcoin and Ethereum ETFs as eligible securities for multiple counters in the central clearing system

    On April 27th, the Hong Kong Stock Exchange issued three notices, announcing the inclusion of Bo Shi HashKey Bitcoin ETF shares and Bo Shi HashKey Ethereum ETF shares, Huaxia Bitcoin ETF shares and Huaxia Ethereum ETF shares, and Jia Shi Bitcoin Spot ETF shares and Jia Shi Ethereum Spot ETF shares as Central Clearing System multi-counterparty eligible securities. It is reported that:

  • Russia’s Central Bank and Rosfinmonitoring unveil pilot of fiat-to-crypto tracking system

    According to reports, since 2023, Russia has been trying to track cryptocurrency transactions and their sources. The Russian Central Bank and the Federal Financial Monitoring Service (Rosfinmonitoring) revealed that there is currently a system that allows private banks to track the connection between fiat-based transactions and cryptocurrency business.

  • PolkaWorld: Coretime trading on Kusama has started

    On April 27th, PolkaWorld announced that Coretime trading on Kusama has begun, marking the end of the era of parallel chains. With the approval and implementation of Kusama proposal 373, the proposal will upgrade the Kusama relay chain runtime to v1.2.0 and bring Coretime functionality. Shortly thereafter, the Kusama community approved Kusmaa proposal 375 last Friday, allowing Coretime chain to begin selling Coretime. Currently, Kusama is in the Renew Period and is selling batches of Coretime.

  • Over $155 million worth of MEME will be unlocked on May 3, accounting for 31.96% of the circulating supply

    According to Token Unlocks data, 5.31 billion MEME tokens, worth over $155 million, will be unlocked on May 3, 2024, accounting for 31.96% of the circulating supply. These tokens will be unlocked and distributed to airdrops, advisors, and investors.

  • The total open interest of BTC options is $17.83 billion, and the open interest of ETH options is $8.07 billion.

    Coinglass data shows that the nominal value of unclosed BTC option positions on the entire network is 17.83 billion US dollars, which is the lowest point since February 26; the nominal value of unclosed ETH option positions is 8.07 billion US dollars, which is the lowest point since February 25.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company