Cointime

Cointime

Download App
iOS & Android

Weekly Blockchain Security Watch Jan 2 to Jan 8

Validated Project

From 2 January 2023 to 8 January 2023, all security incidents that have occurred were Security Hacks.

SECURITY HACKS:

1. RTFKT’s COO Nikhil Gopalani Announces He Had Suffered Phishing Attack

On 3 Jan, RTFKT’s COO Nikhil Gopalani (@Nikgopalani) announced on Twitter that he had suffered a phishing attack and that the hacker had sold all his CloneX NFTs along with others.

He lost around US$300, 000 worth of crypto assets during this incident.

2. Worlds Beyond Announces Discord Hacked

On 3 Jan, NFT project on Ethereum Worlds Beyond (@WorldsBeyondNFT) announced on Twitter that their Discord account had been hacked and their server was temporarily compromised. The account also reported that all staff hand been banned from the server.

The account later reminded users that they will “never stealth mint” and urged users to only use their official links to avoid potential scams or hacks.

As of the time of writing, investigations are still ongoing, and the project has opened channels in Discord to aid affected users.

3. Hacker Exploits Vulnerability on Function Lacking Validation for Settings in Attack Against GDS

On 3 Jan, GDS Chain’s application deployed on the BNB chain was attacked.

The root cause of this incident was its “_lpRewardAmount” function had lacked validation for its settings. The hacker leveraged a flash-loan and exploited this vulnerability to launch the attack.

After the hack, the GDS’ price crashed by 84% and crypto assets worth around US $187,000 were exploited.

Additional Details:

- Attacker’s Address: 0xcF2362B46669E04B16D0780cf9B6e61c82De36a7

- Hash Value of Attack Transaction:

 0x2bb704e0d158594f7373ec6e53dc9da6c6639f269207da8dab883fc3b5bf6694

4. Cirrus Announce Holders of CryptoPunks, BAYCs, Meebits Suffer Phishing Scams

On 4 Jan, NFT community member Cirrus (@CirrusNFT) announced on Twitter that holders of CryptoPunks, BAYCs, and Meebits suffered phishing scams. CryptoPunks 4607, 965, and BAYC 1723 were exploited.

Later, Twitter user @CryptoNovo311 claimed that 4 CryptoPunks in his possession were stolen.

CryptoPunks and BAYCs worth above 600 ETHs (US$748, 800) were exploited in these attacks.

It was also suspected that the hacker had also exploited 111 KUMALEON NFTs and used FixedFloat to cash out.

Additional Details:

- Attacker’s Address: 0x8E25Ab3382ad5bde35A09E72d3b9a851A7cC8d00

- Attacked Address: 0x52aD8f3C506aA25b954276c5456060DAd6f3Fd7b

5. Hacker Exploits Whale Holder of GMX Through Phishing Attack

On 4 Jan, a whale holder of GMX suffered from a phishing attack on the BNB chain.

The attacker exploited 82519 GMXs worth around US $3.4 million on the BNB chain, exchanged them to 2627 ETHs and cross-chain transferred them from the BNB chain to Ethereum.

6. Hacker Attacks Deviants’ Discord Server

On 4 Jan, a hacker attacked Deviants’ discord server. Deviants is an NFT project on Ethereum.

7. Inkwork Labs Announce Discord Server Compromised

On 5 Jan, NFT project on Solana Inkwork Labs (@InkworkLabs) announced on Twitter that their Discord server had been compromised. The account later posted a follow-up thread revealing that one of their “now older mods, Krypto King#0036” had clicked on a malicious link that caused a Dyno bypass. Dyno is a Discord bot used for various purposes like moderation and user verification.

The account also reported that although the attackers had gained access to the server earlier, the attack was not conducted until everyone was away.

Inkwork Labs also reported that the accounts associated with the exploited were identified and banned. They also urged users not to click on any links unless a drops is scheduled. Moreover, they advised users to “always double check the user who’s posting the announcement. ALWAYS.”.

Relevant channels for affected users have been opened for further assistance.

8. Hacker Attacks Twitter User @TheViralFever

On 6 Jan, a hacker launched a phishing attack against Twitter user @TheViralFever by sending the users a fake link to ENS airdrop.

9. Hacker Attacks PanksNotDed’s Discord Server

On 7 Jan, a hacker attacked PanksNotDed’s discord server. PanksNotDed is an NFT project on Ethereum.

10. Hacker Attacks Cyber Kongz’s Discord Server

On 7 Jan, a hacker attacked Cyber Kongz’s discord server. Cyber Kongz is an NFT project on Ethereum.

11. Mycelium Announces Attack Due to Issue with Price Feed for ETH-USD

On 7 Jan, the team behind a DeFi perpetual application deployed on Arbitrum Mycelium (@mycelium_xyz) announced on its Twitter a that it was attacked.

The team also announced that the attack came due to an issue with its price feed for ETH-USD. Its MLP was exploited by 4% ~ 6% of the total assets, totaling around US$300, 000.

At the time of writing, the issue had been fixed and the application was back to work.

12. Hacker Attacks Yaypegs’s Discord Server

On 8 Jan, a hacker attacked Yaypegs’s discord server. Yaypegs is an NFT project on Ethereum.

13. Hacker Attacks Mech’s Discord Server

On 8 Jan, a hacker attacked Mech’s discord server. Mech is an NFT project on Polygon.

CONCLUSION-

13 notable security incidents have occurred in the past week. Most of them were phishing attacks against Discord or Twitter accounts.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at https://www.fairyproof.com/

Comments

All Comments

Recommended for you

  • Cointime精选 ·

    Calculating Virtual GDP

    Cost Accounting Method

    Calculating Virtual GDP
  • Cointime精选 ·

    State of BNB Chain Q1 2024

    The metrics in this report will focus on BNB Smart Chain (BSC). BSC is an EVM-compatible, layer-1 blockchain secured by a form of Proof-of-Staked-Authority (PoSA) that combines aspects of Proof-of-Authority (PoA) and Delegated Proof-of-Stake (DPoS). In PoSA on BSC, the validator set is of fixed size and is elected by stake weight (staked plus bonded). In addition, validators must continue staking assets to secure the network, and validators chosen to produce blocks are rotated (not based on stake weight). For a full primer on the BNB Chain ecosystem, refer to our Ecosystem report.

    State of BNB Chain Q1 2024
  • Cointime精选 ·

    Holesky SafeStake Testnet & Private mainnet: Why participate now?

    One of SafeStake’s great strengths in the last two years has undoubtedly been the hard work at the development level to deliver a highly resilient and decentralized staking framework and protocol, facilitating the onboarding of thousands of users to the fascinating world of ETH staking with DVT technology.

    Holesky SafeStake Testnet & Private mainnet: Why participate now?

  • Modular Data Layer for Gaming and AI, Carv, Raises $10M in Series A Funding

    Santa Clara-based Carv has secured $10m in Series A funding led by Tribe Capital and IOSG Ventures, with participation from Consensys, Fenbushi Capital, and other investors. The company plans to use the funds to expand its operations and development efforts. Carv specializes in providing gaming and AI development with high-quality data enhanced with human feedback in a regulatory-compliant, trustless manner. Its solution includes the CARV Protocol, CARV Play, and CARV's AI Agent, CARA. The company is also preparing to launch its node sale to enhance decentralization and bolster trustworthiness.

  • The US GDP seasonally adjusted annualized rate in the first quarter was 1.6%

    The seasonally adjusted annualized initial value of US GDP for the first quarter was 1.6%, estimated at 2.5%, and the previous value was 3.4%.

  • The main culprit of China's 43 billion yuan illegal money laundering case was arrested in the UK, involved in the UK's largest Bitcoin money laundering case

    Local time in the UK, Qian Zhimin appeared in Westminster Magistrates' Court for the first time under the identity of Yadi Zhang. She was accused of obtaining, using or possessing cryptocurrency as criminal property from October 1, 2017 to this Tuesday in London and other parts of the UK. Currently, Qian Zhimin is charged with two counts of illegally holding cryptocurrency. Qian Zhimin is the main suspect in the Blue Sky Gerui illegal public deposit-taking case investigated by the Chinese police in 2017, involving a fund of 43 billion yuan and 126,000 Chinese investors. After the case was exposed, Qian Zhimin fled abroad with a fake passport and held a large amount of bitcoin overseas. According to the above Financial Times report, Qian Zhimin denied the charges of the Royal Prosecution Service in the UK, stating that she would not plead guilty or apply for bail.

  • Nigeria’s Central Bank Denies Call to Freeze Crypto Exchange Users’ Bank Accounts

    In response to the news that "the Central Bank of Nigeria has issued a ban on cryptocurrency trading and requested financial institutions to freeze the accounts of users related to Bybit, KuCoin, OKX, and Binance exchanges," the Central Bank of Nigeria (CBN) stated in a document that the CBN has not officially issued such a notice, and the public should check the official website for the latest information to ensure the reliability of the news. According to a screenshot reported by Cointelegraph yesterday, the Central Bank of Nigeria has requested all banks and financial institutions to identify individuals or entities trading with cryptocurrency exchanges and set these accounts to "Post-No-Debit" (PND) status within six months. This means that account holders will not be able to withdraw funds or make payments from these accounts. According to the screenshot, the Central Bank of Nigeria has listed cryptocurrency exchanges that have not obtained operating licenses in Nigeria, including Bybit, KuCoin, OKX, and Binance. The Central Bank of Nigeria will crack down on the illegal purchase and sale of stablecoin USDT on these platforms, especially those using peer-to-peer (P2P) transactions. In addition, the Central Bank of Nigeria pointed out that financial institutions are prohibited from engaging in cryptocurrency transactions or providing payment services to cryptocurrency exchanges.

  • Universal verification layer Aligned Layer completes $20 million Series A financing

    Ethereum's universal verification layer Aligned Layer has completed a $20 million Series A financing round, led by Hack VC, with participation from dao5, L2IV, Nomad Capital, and others. The Aligned Layer mainnet is scheduled to launch in the second quarter of 2024. As the EigenLayer AVS, Aligned Layer provides Ethereum with a new infrastructure for obtaining economically viable zero-knowledge proof verification for all proof systems.

  • The total open interest of Bitcoin contracts on the entire network reached 31.41 billion US dollars

    According to Coinglass data, the total open position of Bitcoin futures contracts on the entire network is 487,500 BTC (approximately 31.41 billion US dollars).Among them, the open position of CME Bitcoin contracts is 143,600 BTC (approximately 9.23 billion US dollars), ranking first;The open position of Binance Bitcoin contracts is 109,400 BTC (approximately 7.07 billion US dollars), ranking second.

  • Bitcoin mining difficulty increased by 1.99% to 88.1T yesterday, a record high

    According to BTC.com data reported by Jinse Finance, the mining difficulty of Bitcoin has increased by 1.99% to 88.1T at block height 840,672 (22:51:52 on April 24), reaching a new historical high. Currently, the average network computing power is 642.78EH/s.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company