Weekly Blockchain Security Watch (Dec 19 to Dec 25)

From 19 December to 25 December, 2022, all security incidents that have occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

  1. Hacker Attacks Splattercats Discord Server

On 20 Dec, a hacker attacked Splattercat’s discord server. Splattercat is a game project.

  • Hacker Attacks xHamsters Discord Server

On 20 Dec, a hacker attacked xHamster’s discord server. xHamster is an NFT project on Ethereum.

  • Hacker Attacks Sol City Poker Clubs Discord Server

On 21 Dec, a hacker attacked Sol City Poker Club’s discord server. Sol City Poker Club is an NFT project on Solana.

  • Hacker Attacks David Di Francos Discord Server and Twitter Account

On 21 Dec, a hacker attacked David Di Franco’s discord server and twitter account. David Di Franco is a social media influencer.

  • Hacker Attacks DR/VRS Discord Server

On 22 Dec, a hacker attacked DR/VRS’ discord server. DR/VRS is an NFT project on Ethereum.

  • Hacker Attacks F1 Dogs Discord Server

On 23 Dec, a hacker attacked F1 Dog’s discord server. F1 Dog is an NFT project on Aptos.

  • Hacker Attacks Rubic

On Dec 25, Rubic, a cross-chain aggregator deployed on Ethereum was attacked.

The root cause was that it suffered from an injection attack.

For more details about this attack, please refer to:

Rug-pulls:

  1. Defrost Finance Suspected to be Rug-pull

On 25 Dec, Defrost Finance, a dApp deployed on the Snow blockchain was suspected to be a rug-pull.

For more details about it please refer to :

CONCLUSION-

8 notable security incidents have occurred in the past week. Seven of them were attacks on smart contracts and social media and one was suspected to be a rug-pull.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. Particularly we suggest crypto investors should avoid investing in projects whose admins(owners) obtained their gases from Tornado Cash. If projects of this kind turn out to be rug-pulls, it is hard to take back/recover assets from them.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at:

https://www.fairyproof.com/

Leave a Reply

Your email address will not be published. Required fields are marked *