From 19 December to 25 December, 2022, all security incidents that have occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. Hacker Attacks Splattercat’s Discord Server
On 20 Dec, a hacker attacked Splattercat’s discord server. Splattercat is a game project.
2. Hacker Attacks xHamster’s Discord Server
On 20 Dec, a hacker attacked xHamster’s discord server. xHamster is an NFT project on Ethereum.
3. Hacker Attacks Sol City Poker Club’s Discord Server
On 21 Dec, a hacker attacked Sol City Poker Club’s discord server. Sol City Poker Club is an NFT project on Solana.
4. Hacker Attacks David Di Franco’s Discord Server and Twitter Account
On 21 Dec, a hacker attacked David Di Franco’s discord server and twitter account. David Di Franco is a social media influencer.
5. Hacker Attacks DR/VRS’ Discord Server
On 22 Dec, a hacker attacked DR/VRS’ discord server. DR/VRS is an NFT project on Ethereum.
6. Hacker Attacks F1 Dog’s Discord Server
On 23 Dec, a hacker attacked F1 Dog’s discord server. F1 Dog is an NFT project on Aptos.
7. Hacker Attacks Rubic
On Dec 25, Rubic, a cross-chain aggregator deployed on Ethereum was attacked.
The root cause was that it suffered from an injection attack.
For more details about this attack, please refer to:
https://twitter.com/FairyproofT/status/1607219687099858945?s=20&t=EdPTY0W1BoijR5NeID3ZQA
Rug-pulls:
1. Defrost Finance Suspected to be Rug-pull
On 25 Dec, Defrost Finance, a dApp deployed on the Snow blockchain was suspected to be a rug-pull.
For more details about it please refer to :
https://twitter.com/FairyproofT/status/1606955396903899146?s=20&t=YD9hgJCJQU-1RbkY4MgFCw
CONCLUSION-
8 notable security incidents have occurred in the past week. Seven of them were attacks on smart contracts and social media and one was suspected to be a rug-pull.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. Particularly we suggest crypto investors should avoid investing in projects whose admins(owners) obtained their gases from Tornado Cash. If projects of this kind turn out to be rug-pulls, it is hard to take back/recover assets from them.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
All Comments