Attacker Hacks GOL TV’s Twitter Account, Propagates XRP Scam Project
On 23 Jan, a hacker attacked GOL TV’s twitter (@GOLTV) account. The hacker used the account to propagate an XRP scam project that promised extremely high returns to investors.
Hacker Attacks Killabearsnft’s Discord Server
On 24 Jan, a hacker attacked Killabearsnft’s discord server. Killabearsnft is an NFT project deployed on Ethereum.
Hacker Attacks CatsYardNFT’s Discord Server
On 24 Jan, a hacker attacked CatsYardNFT’s discord server. CatsYardNFT is an NFT project deployed on Solana.
Hacker Exploits Moonbirds’ Founder’s Wallet
On 26 Jan, found of Moonbirds Kevin Rose (@kevinrose) announced on Twitter that his wallet was exploited in case of phishing. Kevin Rose had signed “a malicious signature that allowed the hacker to transfer a large number of high-value tokens”.
Crypto assets including 25 Chromie Squiggles and other NFTs totalling around US$1.5 million were exploited in this incident.
He later urged users not to buy and Chromie Squiggles before his stolen ones were marked by OpenSea.
Hacker Attacks Robinhood’s Twitter, Propagates Token Scam Through Phishing Link
On 26 Jan, a hacker attacked Robinhood’s Twitter (@RobinhoodApp) account and used the account to propagate a scam token $RBH through a phishing link. Around 10 people bought this token and lost around US $1000.
Fairyproof Detects New Telegram Phishing Scheme
On 27 Jan, Fairyproof, a pioneering blocking security company detected a new phishing scheme in which hackers would use compromised Telegram user accounts to trick users to send assets to the hackers’ addresses.
For more details: https://twitter.com/FairyproofT/status/1618856301039321088?s=20&t=VdHTeQBaXPTTuBR1vsfL-Q
EtherOrcs Announces Discord Server Compromised
On 28 Jan, on-chain Ethereum-deployed game EtherOrcs (@EtherOrcs) announced on Twitter that their Discord server has been compromised – A member of the team has been hacked. In a follow-up Tweet, they announced that they had regained control of the server through “Wick”, compromised accounts were removed “within 60 seconds”, and that an audit would be done.
Azuki Announces Compromise of Twitter Account
On 28 Jan, Azuki (@AzukiOfficial) announced on Twitter that their account had been compromised. They detailed that “a series of malicious tweets were posted during the morning of Friday, Jan 27th (Pacific Time)”.
Azuki also announced that while the team has regained control of their Twitter account, investigations into the Twitter breach is still ongoing and that their account has been secured with a 2FA. All malicious tweets and links had also been taken down.
Finally, they had urged users to approach the Azuki mod team on discord should users be in doubt of future announcements by Azuki’s social media channels.
Hacker Attacks MTC’s Discord Server
On 29 Jan, a hacker attacked MTC’s discord server. MTC is an NFT project deployed on Solana.
CONCLUSION-
9 notable security incidents have occurred in the past week. It was a big week for the security of various social media accounts – worth noting that 8 of 9 security incidents involve social media accounts.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/
Pioneering Blockchain Security Company Presents Annual Report on Blockchain Security for Year 2022
Singapore, January 30, 2023 – Global pioneering blockchain security company Fairyproof released their annual Review of Blockchain Security in 2022 (Hereafter referred to as “Report”). The Report showed data gathered through the year 2022 and presented a total of 378 prominent, publicly reported blockchain security incidents along with statistics and analysis based on targets who have suffered, and their root causes.
The Report revealed that the entire blockchain ecosystem had witnessed an accumulated loss of US$2.52 billion, highlighting attacks against cross-chain bridges becoming prominent issues accounting for about 40% (US$1.01 billion) of the total losses. The report also accounted for the remaining losses to be caused by cyberattacks against smart contracts (US$571.34 million), leaked private keys (US$999.79 million), and attacks against layer 2 solutions (US$35 million).
Fairyproof CEO Mr. Tan Yuefei noted his awareness that the attacks on cross-chain bridges and its losses in 2022 far surpassed those of 2021. “No doubt, this is a big concern for the entire crypto space. Many project teams are exploring new solutions to improve the security of existing cross-chain bridges. I would gather that MPC technology would be a mature, sustainable base to develop such solutions.”.
Tan proceeded to deliberate on the future of the blockchain ecosystem. “Although most attacks were on cross-chain bridges through 2022, there is a shift in focus to Zero Knowledge (zk) related applications. This would mean that we would soon witness zk-related attacks. That said, I am proud to say that Fairyproof is well-equipped for the rising demand for zk-related audits and are making good progress in developing security solutions for these applications.”
The Report also presented findings on attacks leveraging on different attack types ranked in increasing order involving Price Manipulations, Flash-Loans, and exploiting Logic Vulnerabilities. This led to a conclusion for both Blockchain Developers and Users to practice the following:
Blockchain Developers: Ensure security solutions for cross-chain bridges to be capable of handling off-chain activities safely and securely and increase awareness of security for layer 2 solutions in light of emerging attack trends against layer 2 platforms.
Users: Thoroughly investigate security conditions for cross-chain bridges before interacting with them, pay attention to security of UIs in dApps, and check for audit reports for projects.
“The overall crypto market is experiencing a bear market. However, our findings show that cyberattacks stay relentless. Everyone should focus on keeping their projects and assets safe.” Mr Tan concluded.
To read the annual Review of Blockchain Security in 2022, click here.
About Fairyproof:
Fairyproof is a pioneering blockchain security company established in 2021 with the slogan “Make IT a Safer Place”. They have been actively developing blockchain security solutions and Ethereum standards and have meaningfully contributed to established Web3.0 projects like Ethereum, BNB Smart Chain, and HECO.
For more information, consult the following channels:
On 18 Jan, a hacker attacked an B2B and B2C service provider Quaternion.
The root cause was that there was a wrong conditional check in the QTN token. The hacker acquired its gas from Ankr Exploiter on the BNB chain to launch the attack.
2.546 WETHs worth around US $3800 were exploited in this incident.
On 19 Jan, a hacker attacked Thoreum Finance, a dApp deployed on the BNB chain.
The root cause was that if a wallet sent tokens to itself the number of tokens it held would increase.
In addition it was suspected that the contract deployer’s private key was leaked allowing the hacker to deploy a new contract before upgrading the proxy contract to the malicious contract.
The attacker deposited BNBs to acquire WBNBs, leveraged the vulnerability to mint the THOREUM token and exchanged all the minted tokens on BiSwap to WBNBs and sent the assets back to himself.
2260 BNBs worth around US $580,000 were exploited in this incident.
On 22 Jan, it was reported that a BTC wallet of Solaris was frozen by Kraken. Solaris is a darknet platform for illegal products and drugs. Before this Solaris occupied one fifth of all the darknet’s illegal transactions.
Kraken not only has frozen its BTC wallet but also has taken control of its infrastructure, Gitlab Repo and source code.
CONCLUSION-
7 notable security incidents have occurred in the past week. Most of them were attacks against smart contracts.
A Reminder forProject Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.
A Reminder forCrypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/
For the Year 2022, Presented by Fairyproof on 2023
Executive Summary
The overall crypto market entered a bear market through 2022. However, attacks against the crypto ecosystem were still active.
– Crypto assets worth around US $2.52 billion were exploited in 378 prominent security incidents.
– 11 attacks against cross-chain bridges totaled a loss of US $1.01 billion accounting for 39.94% of the overall total loss in 378 incidents. The security of cross-chain bridges has become a prominent issue.
– Attacks that exploited logic vulnerabilities, flash-loans, price manipulation, governance vulnerabilities and re-entrancy vulnerabilities resulted in a loss of US $571.34 million and this loss accounted for 69.64% of the total loss in the attacks against smart contracts alone. These vulnerabilities could have been uncovered and the loss could have been prevented if these attacked contracts had been professionally audited.
– The loss (US $999.79 million) caused by leaked private keys accounted for 42.18% of the total loss in attacks from hackers. Managing private keys safely and securely should always be the number 1 factor all crypto users should keep in mind.
– The loss (US $35 million) caused by attacks against layer 2 solutions far surpassed the loss (US $5.95 million) caused by attacks against blockchain mainnets. This shows the rise of the need for security of layer 2 solutions to be more severe than for the security of blockchain mainnets.
– In 2022, Fairyproof had extensively researched the ZK (zero-knowledge proof [1]) related technologies and has been familiar with the existing mainstream solutions in the industry. Fairyproof has established its own development process and model, and can promptly deliver solutions based on application requirements. With regards to ZK-related audits, Fairyproof has rich experience and is proficient in converting a problem to ZK circuits, auditing circuits, proof generation, proof verification, and more. In addition, Fairyproof has been actively working on optimizing ZK-related implementation and improving its security such as using MPC technology to decentralize the initial setup in ZK-Snark implementations.
– In 2022, Fairyproof had established strong technical strength in MPC [2] related technologies, and has established its own development process and model. Fairyproof was also capable of promptly delivering solutions for popular applications likeusing MPC to conduct omnichain transactions.
BACKGROUND
Before proceeding, the following terms and technologies are introduced in this report:
CCBS
CCBS stands for “Centralized Crypto or Blockchain Service”. A CCBS refers to a platform or service that provides crypto or blockchain related products or services, and is run by a conventional / centralized organization, entity or company such as conventional crypto exchanges (eg. Binance or Tether).
FLASHLOAN
Flash loans are a popular feature that hackers utilize when attacking EVM-Compatible smart contracts. Flash loans were developed by the team behind the famous DeFi application AAVE [3]. This feature “allows users to borrow any available amount of assets without putting up any collateral, as long as the liquidity is returned to the protocol within one block transaction” [4]. Flash loans are quite often used to borrow ERC-20 tokens [5] and attack DeFi applications. To initiate a flash loan, users will need to write a contract that borrows an available amount of assets and pay back the loan + interest + necessary fees all within the same transaction.
CROSS-CHAIN BRIDGE
A cross-chain bridge is an infrastructure that connects multiple independent blockchains and enables an exchange of cryptos, data or information from one blockchain to another.
As more blockchains have their own ecosystems, cryptos and dApps, the need for exchanging cryptos or data across different blockchains becomes increasingly high while the volume of cross-chain transactions dramatically increase. This causes cross-chain bridges to suffer more attacks.
FOCUS OF THIS REPORT
In this report we list our statistics collected from typical security incidents that happened in the blockchain industry in 2022, give an in-depth analysis of their root causes, and present our recommended best practices.
STATISTICS AND ANALYSIS OF SECURITY INCIDENTS OF 2022
We studied 378 prominent security incidents that occurred in 2022 and present our statistics and analysis based on the targets and root causes.
In 2022 the total value of the exploited assets was US $2.52 billion and the overall market cap of cryptocurrencies according to Tradingview was US $756.15 billion. The value of the exploited assets accounted for 0.33% of the total market cap of cryptocurrencies.
OVERALL TREND OF BLOCKCHAIN SECURITY INCIDENTS OF 2022
We studied each quarter’s blockchain security incidents and derived with the following trend graph:
From this graph we can see that the number of incidents throughout the year had been increasing except Q4 and the amount of loss had been increasing as well except Q3.
INCIDENTS CATEGORIZED BY TARGETS
Our researched incidents can be categorized into four types of targets:
CCBS
Blockchains
DApps
Cross-chain Bridges
A CCBS-related incident is one in which a centralized crypto or blockchain service platform is attacked by hackers resulting in the failure of its services or a loss of crypto assets under its custody.
A blockchain-related incident is one where a blockchain mainnet, side chain or layer 2 is attacked by malicious actors from inside, outside, or both, resulting in its operation going out of order, or that a blockchain fails to work properly due to issues related to software, hardware, or both. Attackers will then be able to exploit the consensus for profits.
A dApp-related incident is one where a dApp’s daily operation goes out-of-order or is attacked, leaving it open for attackers to exploit users and crypto assets under the custody of the dApp.
A cross-chain bridge-related incident occurs when a cross-chain bridge is attacked resulting in a loss of crypto assets under its custody or a failure of the exchange function between multiple blockchains.
There were 378 incidents in total. Here is a figure that shows the percentage for each of these targets respectively.
The number of dApp-related incidents account for more than 84.16% of the total incidents. Out of 378 incidents, 24 were CCBS-related, 15 were blockchain-related, 11 were cross-chain bridge-related, and 328 were dApp-related.
BLOCKCHAIN-RELATED INCIDENTS
Incidents that had occurred in blockchains can be further categorized into three sub-categories:
Blockchain mainnets
Side chains
Layer 2 solutions
A blockchain mainnet, also known as layer 1, is an independent blockchain that has its own network with its own protocol, consensus, and validators. A blockchain mainnet can validate transactions, data, and blocks generated in its network by its own validators and reach a finality. Bitccoin and Ethereum are typical blockchain mainnets.
A side chain is a separate, independent blockchain which runs in parallel to a blockchain mainnet. It has its own network consensus and validators. It is connected to a blockchain mainnet (eg. by a two-way peg [6]).
A layer 2 solution refers to a protocol or network that relies on a blockchain as its base layer (layer 1) for security and finality [7]. Its main purpose is to solve scalability issues of its base layer. It processes transactions faster and costs less resources compared to its base layer. Since 2021, there has been a huge surge in the growth and development of layer 2 solutions for the Ethereum ecosystem.
Both side chains and layer 2 solutions exist to solve the scalability issues of a blockchain mainnet. The significant difference between a side chain and a layer 2 solution is that a side chain does not necessarily rely on its blockchain mainnet for security or finality whereas a layer 2 solution does.
There were 15 blockchain-related incidents in total in 2022. The figure below shows the percentages of blockchain mainnet related incidents, side-chain related incidents, and layer 2 related incidents respectively.
The number of blockchain mainnet related incidents and layer 2 related incidents account for 60% (9) and 40% (6) of the total incidents respectively. No prominent side-chain related incidents were covered in our statistics. The layer 2 solutions that were attacked included 3 Ethereum layer 4 solutions and they were Loopring [8], zkSync [9], Optimism[10] and Arbitrum[11], while the majority of the attacked blockchain mainnet were non-EVM blockchains.
DAPP RELATED INCIDENTS
Among the 328 incidents that occurred toward dApps, 35 were rug-pulls, 148 were involved in exploitations and 145 were directly attacked. An attack against a dApp can specifically target its front-end, server side, or smart contract(s). We can therefore further classify these 41 incidents into three sub-categories:
dApp’s front-end
dApp’s server side
dApp’s smart contract(s)
dApp’s front-end related incidents refers to events where vulnerabilities from the conventional client side are exploited, compromising on the account information and personal details of users which can be used to steal their crypto assets.
dApp’s server side related incidents are those where vulnerabilities present in the conventional server side are exploited, leaving on-chain and off-chain communication open for hijacking and crypto assets of users open for exploitation.
Smart contract related incidents refer to vulnerabilities in a smart contract’s design or implementation, which are leveraged to exploit crypto assets from users.
Here is a figure that shows the percentages of front-end, server-side and smart contract related incidents respectively.
The above figure shows the number of smart contract related incidents, server side related incidents, and front-end related incidents, accounting for 91.03%, 0%, and 8.97% of the total incidents respectively. Among 145 incidents, 13 were front-end related and 132 were smart contract related.
We further studied the amount of loss incurred from these sub-categories. Our study showed that the amount of losses in both front-end related incidents was US $6.06 million, and the amount of loss in smart contract related incidents was US $820.26 million.
It is clear that smart contract related incidents were the biggest issue. Typical vulnerabilities we found pertaining to smart contracts in 2022 include logic vulnerabilities, private key leaks, flash loans, re-entrancy attacks, and more.
We studied the 132 incidents in which smart contracts were directly attacked and derived the following figure based on vulnerability types:
The figure shows that the number of incidents with the highest percentages were logic vulnerabilities and followed by flashloan attacks. Logic vulnerabilities mainly include missing validations for parameters, missing validation for access control, etc. 51 projects suffered from logic vulnerabilities and 24 suffered from flashloan attacks.
The following figure illustrates the amount of loss for each vulnerability type:
The amount of loss caused by logic vulnerabilities still ranked first. 51 incidents were caused by logic vulnerabilities, totaling a loss of US $205.64 million. This loss accounting for 25.07% of the total loss. The amount of loss caused by governance attacks ranked second. 6 incidents were caused by governance attacks, totaling a loss of US $189.51 million. This loss accounted for 23.1% of the total loss. Meanwhile, 8 incidents caused by private key leaks totaled a loss of US $173.85 million and accounted for 21.19% of the total loss, ranking third.
INCIDENTS CATEGORIZED BY ROOT CAUSES
The root cause of these incidents can be categorized into the following:
Attacks from hackers
Rug-pulls
Misc.
We studied these incidents and got the following figure.
The above figure shows that the number of attacks from hackers, rug-pulls and misc. incidents accounted for 90.48% (342) and 9.52% (36) of the total incidents respectively.
We studied the amount of loss of each category of incidents based on the root cause and got the following figure:
The above figure shows that the amount of loss in the incidents that suffered from attacks and the amount of loss in rug-pull incidents each accounted for 94.13% and 5.87% of the total loss respectively. The amount of loss in the incidents that suffered from attacks was US $2.37 billion and the amount of loss in rug-pull incidents was US $0.15 billion. This reveals that attacks from hackers posed the largest threat to the whole crypto ecosystem in 2022.
ATTACKS FROM HACKERS
We studied the targets the hackers attacked and got the following figure:
The figure above shows that the number of attacks on dApps, CCBSs, blockchains and cross-chain bridges accounted for 85.42% (287), 6.85% (23), 4.46% (15) and 3.27% (11) respectively.
After we studied the amount of loss in each of them we got the following figure:
The amount of loss in attacks on cross-chain bridges, dApps, CCBSs and blockchains were 42.64%, 37.05%, 18.57% and 1.74%, resulting in a loss of US $1.01 billion, US $873.95 million, US $438.06 million and US $40.95 million respectively.
RUG-PULLS
The rug-pulls that happened in 2022 were against dApps or CCBSs. 1 was a CCBS rug-pull and 35 were dApp rug-pulls. There were 36 incidents totaling a loss of US $147.85 million which were not as severe as losses caused by attacks.
RESEARCH FINDINGS
dApps were the most prominent target for attacks in 2022 as the most number of attacks were against them. However, the amount of loss caused by cross-chain bridge attacks ranked first totaling a loss of US $1.01 billion and accounting for 42.64% of the total loss that suffered from attacks from hackers. This reveals that the overall security situation of the existing cross-chain bridges is a big concern for the whole crypto space.
Hackers proved to remain as the main threat to the crypto industry, accounting for more than 90% of all the number of incidents and more than 94% of the total loss. It far surpassed any other root causes such as rug-pulls, etc.
Both the number of attacks on layer 2 solutions and the amount of loss in these attacks increased dramatically in 2022 compared to those of 2021. We think this will be an irreversible trend because layer 2 solutions have and will keep emerging drastically in the following years.
A dApp consists of three parts: a front-end, a server-side and smart contracts. Either one or multiple parts are targeted during dApp attacks. According to our statistics, smart contract(s) accounted for an extraordinarily high percentage of attacks compared to the front-ends or server sides with regard to both attack frequencies and amount loss in 2022. This shows that attacks on smart contracts still posed as the biggest threat to dApps.
Most of the rug-pulls in 2022 were dApps accounting for 97.22% of the total number of rug-pulls and 78.36% of the total loss in rug-pulls.
Finally, for smart contract related incidents, we found the number of attack sub-categories (except misc incidents) to be ranked as the following:
Rank 1: Logic vulnerability
Rank 2: Flash-loan
Rank 3: Price manipulation.
The amount of loss in the incidents that suffered from logic vulnerabilities far surpassed any one of these ranks.
TENTATIVE THOUGHTS
In addition, more project teams rushed to or planned to jump in Zero Knowledge (zk) related applications including zk-rollup solutions for Ethereum, zk related social applications, and more. We think there will be an increasing demand for audits of zk related applications.
Both the number of attacks on cross-chain bridges and the amount of loss in these attacks in 2022 far surpassed those of 2021. This has raised a big concern to the whole crypto space. Quite a few teams have been exploring various new solutions to improve the security of the existing cross-chain bridge solutions. The MPC technology is one of the promising solutions. We think more mature and affordable solutions based on the MPC technology will emerge in the following years. And there will be an increasing demand for audits of MPC related applications and solutions.
BEST PRACTICES TO PREVENT SECURITY ISSUES
In this section we present some best practices to help both blockchain developers and users manage the risks posed by the incidents that happened in 2022, and support coordinated and efficient response to crypto security incidents. We would recommend both blockchain developers and users to apply these practices to the greatest extent possible based on the availability of their resources.
Note: “Blockchain developers” refer to both developers of blockchains and developers of dApps, and blockchains or systems pertaining to crypto currencies. Here, “blockchain users” refer to everyone that participates in activities pertaining to crypto system’s management, operation, trading, etc.
FOR BLOCKCHAIN DEVELOPERS
Developers of cross-chain bridges need to pay closer attention to the bridges’ security as cross-chain transactions become increasingly popular. Cross-chain bridge solutions include handling of operations – not only on-chain but also off-chain. Naturally, the off-chain part would be more vulnerable to attacks. Hence, security solutions for cross-chain bridges should be particularly capable of handling off-chain activities safely and securely.
Awareness of security for layer 2 solutions should still be kept even though attacks on them were few with negligible losses as more layer 2 solutions will emerge in the coming years. Research and development for solutions to tackle security challenges in this area must be prompt.
A step to transfer an admin’s access control to a multi-sig wallet or a DAO to manage access control to crypto assets or critical operations is a must-have.
Attackers would employ flash loans to maximize their exploits when they detect vulnerabilities in smart contracts, including issues of re-entrancy, missing validations for access control, incorrect token price algorithm, and more. Proper handling of these issues should have the highest priority for a smart contract developer when designing and coding a smart contract.
Our statistics show that an increasing number of hackers have been using social media tools – especially Discord – to launch phishing attacks. This persisted through the whole year of 2022 and will very likely persist in 2023. Many users have suffered huge losses. Project developers and managers are advised to prioritize safely and securely managing social media accounts and finding security solutions for them on top of project implementation.
FOR BLOCKCHAIN USERS
More users are varying their crypto portfolio across different blockchains. The demand for cross-chain transactions is rapidly increasing. Whenever a user participates in a cross-chain transaction, the user will have to interact with a cross-chain bridge – a popular target among hackers. Hence, before starting a cross-chain transaction, users are advised to investigate the bridge’s security condition and ensure they use a reliable, safe and secure bridge.
While it is necessary to pay great attention to the security for smart contracts when interacting with a dApp, the importance to also pay attention to the security of the user interface while exercising caution to detect suspicious messages, prompts, and behavior presented by the UI is increasing.
We strongly urge users to check whether a project has audit reports and read these reports before proceeding with further actions.
Use a cold wallet or a mutl-sig wallet where possible to manage crypto assets that are not for frequent trading. Be careful about using a hot wallet and make sure the hardware in which a hot wallet is installed is safe and secure.
Be cautious of a dApp where its team members are unknown or lack reputation. Such dApps may eventually be rug-pull projects. Be cautious of a centralized exchange which has not established a reputation or does not have tracked transaction data on third party media as it may also eventually prove to be rug-pull projects.
On 10 Jan, a hacker attacked NFT project based on Ethereum Chimpers’ Twitter account (@ChimpersNFT). The project later reassured followers that their Twitter account has been safely secured.
In their follow-up tweet, they reiterated that the project would “NEVER spontaneously launch a surprise mint, claim or airdrop”. They have also commenced commutations for victims of the hack.
Hacker Attacks BRA on BNB Chain
On 10 Jan, a hacker attacked BRA, a dApp deployed on the BNB chain.
For more details please refer to:
820 BNBs worth around US $ 240,000 were exploited in this incident.
Additional Details:
– Attacker’s Address: 0xE2Ba15be8C6Fb0d7C1F7bEA9106eb8232248FB8B (on BNB chain)
– Attacked Contract: 0x449FEA37d339a11EfE1B181e5D5462464bBa3752 (on BNB chain)
On 10 Jan, a name service deployed on the Sui blockchain Sui Name Service (@snsstork) announced on Twitter that their Discord server was attacked by “a staff member who was paid off” and impersonating an admin.
The account also informed that they are “working on restoring roles” and offered support for those who need it.
Hacker Manipulates ROE Finance Oracle in Attack
On 11 Jan, ROE Finance (@RoeFinance), a DeFi application deployed on Ethereum was attacked.
The root cause of this incident was that the oracle was manipulated.
ROE Finance was built on top of AAVE. The hacker carried out this attack by following the steps below:
Step 1: the attacker-controlled address initially borrowed 5,673,090 USDCs from Balancer, and deposited them to the roeUSDC pool.
Step 2: The same address borrowed 2,953,841,283 UNI-V2s from the pool, left the debt to the contract creator, and deposited the borrowed assets to the pool.
Step 3: The hacker repeated the previous step roughly 49 times, burned 0.295 UNI-V2 and earned 2.96 WBTCs and 51,661 USDCs.
Step 4: The hacker gave 26,024 USDCs to UNI-V2 and called the Uniswap V2 sync function. This manipulated the price of the UNI-V2 obtained from the oracle.
Step 5: The hacker borrowed back 5,673,090 USDCs that had been put into the roeUSDC pool earlier, exchanged 14,345 USDCs to 0.66 WBTCs, and repaid the USDCs back to Balancer.
Crypto assets including 2.29 WBTCs and 39,982 USDCs worth around US $80,000 were exploited in this incident.
On 13 Jan, Lendhub (@LendHubDefi), a dApp deployed on HECO, announced on Twitter that their project had been attacked on 12 Jan.
The root cause was both the old and new IBSV tokens existed simultaneously in the market and both took their price feeds from the new IBSV.
The hacker leveraged the vulnerability to obtain old IBSV tokens by depositing HBSV tokens and borrowed assets from the new market, then redeemed HBSV back in the old market.
The attack resulted in Lendhub’s TVL decreasing from US $ 6 million to US $ 90,305.
Overall, the crypto market witnessed a bear market through Q4 2022. Despite the bear market, attacks against the crypto ecosystem were still active. Crypto assets worth around US$587.57 million were exploited from October 2022 to December 2022.
Before proceeding, the following terms and technologies are introduced in this report:
CCBS
CCBS stands for “Centralized Crypto or Blockchain Service”. A CCBS refers to a platform or service that provides crypto or blockchain related products or services, and is run by a conventional / centralized organization, entity or company such as conventional crypto exchanges (eg. Binance or Tether).
FLASHLOAN
Flash loans are a popular feature that hackers utilize when attacking EVM-Compatible smart contracts. Flash loans were developed by the team behind the famous DeFi application AAVE [1]. This feature “allows users to borrow any available amount of assets without putting up any collateral, as long as the liquidity is returned to the protocol within one block transaction” [2]. Flash loans are quite often used to borrow ERC-20 tokens [3] and attack DeFi applications. To initiate a flash loan, users will need to write a contract that borrows an available amount of assets and pay back the loan + interest + necessary fees all within the same transaction.
CROSS-CHAIN BRIDGE
A cross-chain bridge is an infrastructure that connects multiple independent blockchains and enables an exchange of cryptos, data or information from one blockchain to another.
As more blockchains have their own ecosystems, cryptos and dApps, the need for exchanging cryptos or data across different blockchains becomes increasingly high while the volume of cross-chain transactions dramatically increase. This causes cross-chain bridges to suffer more attacks.
FOCUS OF THIS REPORT
In this report we list our statistics collected from typical security incidents that happened in the blockchain industry in Q4 2022, give an in-depth analysis of their root causes, and present our recommended best practices.
STATISTICS AND ANALYSIS OF SECURITY INCIDENTS OF Q4 2022
We studied 101 publicly reported security incidents that occurred in Q4 2022 and present our statistics and analysis based on the targets and root causes.
In Q4, 2022 the total value of the exploited assets was US $587.57 million and the overall market cap of the cryptocurrency according to Tradingview was US $756.15 billion. The value of the exploited assets accounted for 0.08% of the total market cap of the cryptocurrency.
INCIDENTS CATEGORIZED BY TARGETS
Our researched incidents can be categorized into four types of targets:
CCBS
Blockchains
DApps
Cross-chain Bridges
A CCBS-related incident is one in which a centralized crypto or blockchain service platform is attacked by hackers resulting in the failure of its services or a loss of crypto assets under its custody.
A blockchain-related incident is one where a blockchain mainnet, side chain or layer 2 is attacked by malicious actors from inside, outside, or both, resulting in its operation going out of order, or that a blockchain fails to work properly due to issues related to software, hardware, or both. Attackers will then be able to exploit the consensus for profits.
A dApp-related incident is one where a dApp’s daily operation goes out-of-order or is attacked, leaving it open for attackers to exploit users and crypto assets under the custody of the dApp.
A cross-chain bridge-related incident occurs when a cross-chain bridge is attacked resulting in a loss of crypto assets under its custody or a failure of the exchange function between multiple blockchains.
There were 101 incidents in total. Here is a figure that shows the percentage for each of these targets respectively.
The number of dApp-related incidents account for more than 84.16% of the total incidents. Out of 101 incidents, 9 were CCBS-related, 3 were blockchain-related, 4 were cross-chain bridge-related, and 85 were dApp-related.
BLOCKCHAIN-RELATED INCIDENTS
Incidents that had occurred in blockchains can be further categorized into three sub-categories:
Blockchain mainnets
Side chains
Layer 2 solutions
A blockchain mainnet, also known as layer 1, is an independent blockchain that has its own network with its own protocol, consensus, and validators. A blockchain mainnet can validate transactions, data, and blocks generated in its network by its own validators and reach a finality. Bitccoin and Ethereum are typical blockchain mainnets.
A side chain is a separate, independent blockchain which runs in parallel to a blockchain mainnet. It has its own network consensus and validators. It is connected to a blockchain mainnet (eg. by a two-way peg [4]).
A layer 2 solution refers to a protocol or network that relies on a blockchain as its base layer (layer 1) for security and finality [5]. Its main purpose is to solve scalability issues of its base layer. It processes transactions faster and costs less resources compared to its base layer. Since 2021, there has been a huge surge in the growth and development of layer 2 solutions for the Ethereum ecosystem.
Both side chains and layer 2 solutions exist to solve the scalability issues of a blockchain mainnet. The significant difference between a side chain and a layer 2 solution is that a side chain does not necessarily rely on its blockchain mainnet for security or finality whereas a layer 2 solution does.
There were 3 blockchain-related incidents in total in Q4 2022. The figure below shows the percentages of blockchain mainnet related incidents, side-chain related incidents, and layer 2 related incidents respectively.
The number of blockchain mainnet related incidents and layer 2 related incidents account for 33.33% (1) and 66.67% (2) of the total incidents respectively. No prominent side-chain related incidents were covered in our statistics. The layer 2 solutions that were attacked were Loopring [6] and zkSync [7], while the attacked blockchain mainnet was ZCash [8].
DAPP RELATED INCIDENTS
Among the 85 incidents that occurred toward dApps, 5 were rug-pulls, 39 were involved in exploitations and 41 were directly attacked. An attack against a dApp can specifically target its front-end, server side, or smart contract(s). We can therefore further classify these 41 incidents into three sub-categories:
dApp’s front-end
dApp’s server side
dApp’s smart contract(s)
dApp’s front-end related incidents refers to events where vulnerabilities from the conventional client side are exploited, compromising on the account information and personal details of users which can be used to steal their crypto assets.
dApp’s server side related incidents are those where vulnerabilities present in the conventional server side are exploited, leaving on-chain and off-chain communication open for hijacking and crypto assets of users open for exploitation.
Smart contract related incidents refer to vulnerabilities in a smart contract’s design or implementation, which are leveraged to exploit crypto assets from users.
Here is a figure that shows the percentages of front-end, server-side and smart contract related incidents respectively.
The above figure shows the number of smart contract related incidents, server side related incidents, and front-end related incidents, accounting for 97.56%, 0%, and 2.44% of the total incidents respectively. Among 41 incidents, 1 was front-end related and 40 were smart contract related.
We further studied the amount of loss incurred from these sub-categories. Our study showed that the amount of losses in both front-end related incidents and server-side related incidents were 0, and the amount of loss in smart contract related incidents was US $83.36 million.
It is clear that smart contract related incidents were the biggest issue. Typical vulnerabilities we found pertaining to smart contracts in Q4 2022 include logic vulnerabilities, private key leaks, flash loans, re-entrancy attacks, and more.
We studied the 40 incidents in which smart contracts were directly attacked and derived the following figure based on vulnerability types:
The figure shows that the number of incidents with the highest percentages were flashloans and logic vulnerabilities. Logic vulnerabilities mainly include missing validations for parameters, missing validation for access control, etc. 11 projects suffered from flashloan attacks and 11 suffered from logic vulnerability attacks as well.
The following figure illustrates the amount of loss for each vulnerability type:
It is interesting to note that although the number of incidents that suffered from flash loans were the most, the amount of loss it caused only ranked fifth. 11 incidents were caused by flash loans, totaling a loss of US $4.73 million. The rank comes from 11 incidents caused by logic vulnerabilities totaling a loss of US $141.42 million, accounting for 74.72% of the total loss. Meanwhile, 5 incident caused by private key leaks totaled a loss of US $11.51 million and accounted for 6.08% of the total loss, ranking third.
INCIDENTS CATEGORIZED BY ROOT CAUSES
The root cause of these incidents can be categorized into the following:
Attacks from hackers
Rug-pulls
Misc.
We studied these incidents and got the following figure.
The above figure shows that the number of attacks from hackers, rug-pulls and misc. incidents accounted for 93.07% (94), 4.95% (5) and 1.98% (2) of the total incidents respectively.
We studied the amount of loss of each category of incidents based on the root cause and got the following figure:
The above figure shows that the amount of loss in the incidents that suffered from attacks and the amount of loss in rug-pull incidents each accounted for 99.12% and 0.88% of the total loss respectively. The amount of loss in the incidents that suffered from attacks was US $582.41 million and the amount of loss in rug-pull incidents was US $5.16 million. This reveals that attacks from hackers posed the largest threat to the whole crypto ecosystem in Q4 2022.
ATTACKS FROM HACKERS
We studied the targets the hackers attacked and got the following figure:
The figure above shows that the number of attacks on dApps, CCBSs, cross-chain bridges and blockchains accounted for 84.16% (85), 8.91% (9), 3.96% (4) and 2.97% (3) respectively.
After we studied the amount of loss in each of them we got the following figure:
The amount of loss in attacks on CCBSs, cross-chain bridges, dApps and blockchains were 66.51%, 17.92%, 15.56% and 0.21%, resulting in a loss of US $390.82 million, US $105.3 million, US $91.45 million and US $1.26 million respectively.
RUG-PULLS
All rug-pulls that happened in Q4 2022 were against dApps. There were 5 incidents totaling a loss of US $5.16 million which were not as severe as losses caused by attacks.
RESEARCH FINDINGS
CCBS systems were the most prominent target for attacks in Q4 2022. Although the number of CCBS incidents only accounted for 8.91% of the total, the amount of loss in the CCBS incidents accounted for 66.51% of the total amount of loss and far surpassed the amount of loss in any other incidents. Among all the CCBS incidents the biggest one was when FTX’s crypto assets were abnormally transferred away. This incident was suspected to be closely related to FTX’s crash.
Compared to the data Fairyproof collected for Q3 2022, the number of attacks on cross-chain bridges rose a little bit. However the amount of loss in attacks on cross-chain bridges rose greatly, nearly tripling the loss in Q3. Clearly, cross-chain bridges were still a big honeypot to hackers. They still have a lot of challenges to face and issues to fix before they can show users confidence in security and safety
Hackers proved to remain as the main threat to the crypto industry, accounting for 93.07% among all incidents. It far surpassed any other root causes such as rug-pulls, etc.
A dApp consists of three parts: a front-end, a server-side and smart contracts. Either one or multiple parts are targeted during dApp attacks. According to our statistics, smart contract(s) accounted for an extraordinarily higher percentage of attacks compared to the front-ends and server sides with regard to both attack frequencies and amount loss in Q4 2022. This shows that attacks on smart contracts still posed as the biggest threat to dApps. However, it is worth noting that the number of attack against smart contracts had increased greatly compared to that in Q3 2022, nearly doubling the number of attacks and quintupling the amount of loss.
All rug-pulls in Q4 2022 were dApps.
Finally, for smart contract related incidents, we found the number of attack sub-categories (except the misc incidents) to be ranked as the following:
Rank 1: Flashloan and logic vulnerability
Rank 2: Private key leaked
Rank 3: Re-entrancy attack.
In contrast, the amount of loss in the incidents that suffered from logic vulnerabilities far surpassed any one of these ranks.
TENTATIVE THOUGHTS
Both the number of attacks on layer 2 solutions and the amount of loss in these attacks decreased dramatically compared to that of Q3 2022. However, we don’t think this means the overall security situation of layer 2 solutions improved very much in Q4.
In addition, more project teams rushed to or planned to jump in the Zero Knowledge (zk) related applications including zk-rollup solutions for Ethereum, zk related social applications, and more. We think there will be an increasing demand for audits of zk related applications.
BEST PRACTICES TO PREVENT SECURITY ISSUES
In this section we present some best practices to help both blockchain developers and users manage the risks posed by the incidents that happened in Q4 2022, and support coordinated and efficient response to crypto security incidents. We would recommend both blockchain developers and users to apply these practices to the greatest extent possible based on the availability of their resources.
Note: “Blockchain developers” refers to both developers of blockchains and developers of dApps, and blockchains or systems pertaining to crypto cyrrencies. Here, “blockchain users” refer to everyone that participates in activities pertaining to crypto system’s management, operation, trading, etc.
FOR BLOCKCHAIN DEVELOPERS
Developers of cross-chain bridges need to pay closer attention to the bridges’ security as cross-chain transactions become increasingly popular. Cross-chain bridge solutions include handling of operations – not only on-chain but also off-chain. Naturally, the off-chain part would be more vulnerable to attacks. Hence, security solutions for cross-chain bridges should be particularly capable of handling off-chain activities safely and securely.
Awareness of security for layer 2 solutions should still be kept even though attacks on them were few with negligible losses as more layer 2 solutions will emerge in the coming years. Research and development for solutions to tackle security challenges in this area must be prompt.
A step to transfer an admin’s access control to a multi-sig wallet or a DAO to manage access control to crypto assets or critical operations is a must-have.
Attackers would employ flash loans to maximize their exploits when they detect vulnerabilities in smart contracts, including issues of re-entrancy, missing validations for access control, incorrect token price algorithm, and more. Proper handling of these issues should have the highest priority for a smart contract developer when designing and coding a smart contract.
Our statistics show that an increasing number of hackers have been using social media tools – especially Discord – to launch phishing attacks. This persisted through Q1, Q2, Q3 and Q4 and will very likely persist in 2023. Many users have suffered huge losses. Project developers and managers are advised to prioritize safely and securely managing social media accounts and finding security solutions for them on top of project implementation.
FOR BLOCKCHAIN USERS
More users are varying their crypto portfolio across different blockchains. The demand for cross-chain transactions is rapidly increasing. Whenever a user participates in a cross-chain transaction, the user will have to interact with a cross-chain bridge – a popular target among hackers. Hence, before starting a cross-chain transaction, users are advised to investigate the bridge’s security condition and ensure they use a reliable, safe and secure bridge.
While it is necessary to pay great attention to the security for smart contracts when interacting with a dApp, the importance to also pay attention to the security of the user interface while exercising caution to detect suspicious messages, prompts, and behavior presented by the UI is increasing.
We strongly urge users to check whether a project has audit reports and read these reports before proceeding with further actions.
Use a cold wallet or a mutl-sig wallet where possible to manage crypto assets that are not for frequent trading. Be careful about using a hot wallet and make sure the hardware in which a hot wallet is installed is safe and secure.
Be cautious of a dApp where its team members are unknown or lack reputation. Such dApps may eventually be rug-pull projects. Be cautious of a centralized exchange which has not established a reputation or does not have tracked transaction data on third party media as it may also eventually prove to be rug-pull projects.
From 2 January 2023 to 8 January 2023, all security incidents that have occurred were Security Hacks.
SECURITY HACKS:
1. RTFKT’s COO Nikhil Gopalani Announces He Had Suffered Phishing Attack
On 3 Jan, RTFKT’s COO Nikhil Gopalani (@Nikgopalani) announced on Twitter that he had suffered a phishing attack and that the hacker had sold all his CloneX NFTs along with others.
He lost around US$300, 000 worth of crypto assets during this incident.
2. Worlds Beyond Announces Discord Hacked
On 3 Jan, NFT project on Ethereum Worlds Beyond (@WorldsBeyondNFT) announced on Twitter that their Discord account had been hacked and their server was temporarily compromised. The account also reported that all staff hand been banned from the server.
The account later reminded users that they will “never stealth mint” and urged users to only use their official links to avoid potential scams or hacks.
As of the time of writing, investigations are still ongoing, and the project has opened channels in Discord to aid affected users.
3. Hacker Exploits Vulnerability on Function Lacking Validation for Settings in Attack Against GDS
On 3 Jan, GDS Chain’s application deployed on the BNB chain was attacked.
The root cause of this incident was its “_lpRewardAmount” function had lacked validation for its settings. The hacker leveraged a flash-loan and exploited this vulnerability to launch the attack.
After the hack, the GDS’ price crashed by 84% and crypto assets worth around US $187,000 were exploited.
On 4 Jan, NFT community member Cirrus (@CirrusNFT) announced on Twitter that holders of CryptoPunks, BAYCs, and Meebits suffered phishing scams. CryptoPunks 4607, 965, and BAYC 1723 were exploited.
Later, Twitter user @CryptoNovo311 claimed that 4 CryptoPunks in his possession were stolen.
CryptoPunks and BAYCs worth above 600 ETHs (US$748, 800) were exploited in these attacks.
It was also suspected that the hacker had also exploited 111 KUMALEON NFTs and used FixedFloat to cash out.
5. Hacker Exploits Whale Holder of GMX Through Phishing Attack
On 4 Jan, a whale holder of GMX suffered from a phishing attack on the BNB chain.
The attacker exploited 82519 GMXs worth around US $3.4 million on the BNB chain, exchanged them to 2627 ETHs and cross-chain transferred them from the BNB chain to Ethereum.
6. Hacker Attacks Deviants’ Discord Server
On 4 Jan, a hacker attacked Deviants’ discord server. Deviants is an NFT project on Ethereum.
7. Inkwork Labs Announce Discord Server Compromised
On 5 Jan, NFT project on Solana Inkwork Labs (@InkworkLabs) announced on Twitter that their Discord server had been compromised. The account later posted a follow-up thread revealing that one of their “now older mods, Krypto King#0036” had clicked on a malicious link that caused a Dyno bypass. Dyno is a Discord bot used for various purposes like moderation and user verification.
The account also reported that although the attackers had gained access to the server earlier, the attack was not conducted until everyone was away.
Inkwork Labs also reported that the accounts associated with the exploited were identified and banned. They also urged users not to click on any links unless a drops is scheduled. Moreover, they advised users to “always double check the user who’s posting the announcement. ALWAYS.”.
Relevant channels for affected users have been opened for further assistance.
8. Hacker Attacks Twitter User @TheViralFever
On 6 Jan, a hacker launched a phishing attack against Twitter user @TheViralFever by sending the users a fake link to ENS airdrop.
9. Hacker Attacks PanksNotDed’s Discord Server
On 7 Jan, a hacker attacked PanksNotDed’s discord server. PanksNotDed is an NFT project on Ethereum.
10. Hacker Attacks Cyber Kongz’s Discord Server
On 7 Jan, a hacker attacked Cyber Kongz’s discord server. Cyber Kongz is an NFT project on Ethereum.
11. Mycelium Announces Attack Due to Issue with Price Feed for ETH-USD
On 7 Jan, the team behind a DeFi perpetual application deployed on Arbitrum Mycelium (@mycelium_xyz) announced on its Twitter a that it was attacked.
The team also announced that the attack came due to an issue with its price feed for ETH-USD. Its MLP was exploited by 4% ~ 6% of the total assets, totaling around US$300, 000.
At the time of writing, the issue had been fixed and the application was back to work.
12. Hacker Attacks Yaypegs’s Discord Server
On 8 Jan, a hacker attacked Yaypegs’s discord server. Yaypegs is an NFT project on Ethereum.
13. Hacker Attacks Mech’s Discord Server
On 8 Jan, a hacker attacked Mech’s discord server. Mech is an NFT project on Polygon.
CONCLUSION-
13 notable security incidents have occurred in the past week. Most of them were phishing attacks against Discord or Twitter accounts.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
RTFKT’s COO Nikhil Gopalani Announces He Had Suffered Phishing Attack
On 3 Jan, RTFKT’s COO Nikhil Gopalani (@Nikgopalani) announced on Twitter that he had suffered a phishing attack and that the hacker had sold all his CloneX NFTs along with others.
He lost around US$300, 000 worth of crypto assets during this incident.
Worlds Beyond Announces Discord Hacked
On 3 Jan, NFT project on Ethereum Worlds Beyond (@WorldsBeyondNFT) announced on Twitter that their Discord account had been hacked and their server was temporarily compromised. The account also reported that all staff hand been banned from the server.
The account later reminded users that they will “never stealth mint” and urged users to only use their official links to avoid potential scams or hacks.
As of the time of writing, investigations are still ongoing, and the project has opened channels in Discord to aid affected users.
Hacker Exploits Vulnerability on Function Lacking Validation for Settings in Attack Against GDS
On 3 Jan, GDS Chain’s application deployed on the BNB chain was attacked.
The root cause of this incident was its “_lpRewardAmount” function had lacked validation for its settings. The hacker leveraged a flash-loan and exploited this vulnerability to launch the attack.
After the hack, the GDS’ price crashed by 84% and crypto assets worth around US $187,000 were exploited.
Cirrus Announce Holders of CryptoPunks, BAYCs, Meebits Suffer Phishing Scams
On 4 Jan, NFT community member Cirrus (@CirrusNFT) announced on Twitter that holders of CryptoPunks, BAYCs, and Meebits suffered phishing scams. CryptoPunks 4607, 965, and BAYC 1723 were exploited.
Later, Twitter user @CryptoNovo311 claimed that 4 CryptoPunks in his possession were stolen.
CryptoPunks and BAYCs worth above 600 ETHs (US$748, 800) were exploited in these attacks.
It was also suspected that the hacker had also exploited 111 KUMALEON NFTs and used FixedFloat to cash out.
Hacker Exploits Whale Holder of GMX Through Phishing Attack
On 4 Jan, a whale holder of GMX suffered from a phishing attack on the BNB chain.
The attacker exploited 82519 GMXs worth around US $3.4 million on the BNB chain, exchanged them to 2627 ETHs and cross-chain transferred them from the BNB chain to Ethereum.
Hacker Attacks Deviants’ Discord Server
On 4 Jan, a hacker attacked Deviants’ discord server. Deviants is an NFT project on Ethereum.
Inkwork Labs Announce Discord Server Compromised
On 5 Jan, NFT project on Solana Inkwork Labs (@InkworkLabs) announced on Twitter that their Discord server had been compromised. The account later posted a follow-up thread revealing that one of their “now older mods, Krypto King#0036” had clicked on a malicious link that caused a Dyno bypass. Dyno is a Discord bot used for various purposes like moderation and user verification.
The account also reported that although the attackers had gained access to the server earlier, the attack was not conducted until everyone was away.
Inkwork Labs also reported that the accounts associated with the exploited were identified and banned. They also urged users not to click on any links unless a drops is scheduled. Moreover, they advised users to “always double check the user who’s posting the announcement. ALWAYS.”.
Relevant channels for affected users have been opened for further assistance.
Hacker Attacks Twitter User @TheViralFever
On 6 Jan, a hacker launched a phishing attack against Twitter user @TheViralFever by sending the users a fake link to ENS airdrop.
Hacker Attacks PanksNotDed’s Discord Server
On 7 Jan, a hacker attacked PanksNotDed’s discord server. PanksNotDed is an NFT project on Ethereum.
Hacker Attacks Cyber Kongz’s Discord Server
On 7 Jan, a hacker attacked Cyber Kongz’s discord server. Cyber Kongz is an NFT project on Ethereum.
Mycelium Announces Attack Due to Issue with Price Feed for ETH-USD
On 7 Jan, the team behind a DeFi perpetual application deployed on Arbitrum Mycelium (@mycelium_xyz) announced on its Twitter a that it was attacked.
The team also announced that the attack came due to an issue with its price feed for ETH-USD. Its MLP was exploited by 4% ~ 6% of the total assets, totaling around US$300, 000.
At the time of writing, the issue had been fixed and the application was back to work.
Hacker Attacks Yaypegs’s Discord Server
On 8 Jan, a hacker attacked Yaypegs’s discord server. Yaypegs is an NFT project on Ethereum.
Hacker Attacks Mech’s Discord Server
On 8 Jan, a hacker attacked Mech’s discord server. Mech is an NFT project on Polygon.
CONCLUSION-
13 notable security incidents have occurred in the past week. Most of them were phishing attacks against Discord or Twitter accounts.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/
Fairyproof’s Retrospective for 2022 and Wishes for 2023
2022 was a year full of hardships and challenges
Although the crypto space was still struggling in a bear market, hackers run rampant, ravaging users without mercy.
Numerous crypto users were exploited. They arrived expectant to a new world full of hopes and dreams, but left with tears and despair, away from the “wild west” crypto wasteland.
The positive side is that the crypto space witnessed numerous countries adopting blockchain technology, connecting every corner of the world and forming a seemingly endless new one.
As a blockchain security company, Fairyproof’s mission is to safeguard the blockchain applications and crypto assets of our clients. 2022 may not be a good year for the crypto space, but we were still firmly grounded in fulfilling our mission and striving to provide the best for everyone.
We feel the need to fulfill greater responsibilities, meet higher expectations, and overcome more challenges after experiencing these incidents and observing these losses.
A Retrospective of 2022
Increased Coverage of Fairyproof’s Products and Services
– Fairyproof’s automatic scanning system can scan and detect vulnerabilities in not just smart contracts, but also blockchain mainnets, sidechains, and more.
– Fairyproof’s audit service not only covers technical implementations, but also tokenomical models and governance models.
– Fairyproof’s intelligent system made great strides in big data’s purging, collection and processing, and machine learning particularly algorithm’s self-evolution.
Fairyproof Explored Broader Areas
– For Zero Knowledge (zk) technologies, Fairyproof developed an optimized system which combined the advantages of both Stark and Snark technologies. Fairyproof also greatly improved system efficiency with less resources. We have built a solid ground in zk system’s analysis, auditing and development.
– In Multi-Party Computation (MPC) technologies, Fairyproof has conducted extensive research in TSS signature applications and developed our own solutions which optimized conventional TSS signature technologies. We have also achieved significant efficiency with new features and advantages.
Fairyproof Dived Deeper Into Research
– Fairyproof applied for 3 Chinese patents and 1 US patent
– Fairyproof established a new and systematic model/pattern to describe and detect hacks and attacks from multiple dimensions including locked liquidity, transaction behavior, hacking pattern and more
– Fairyproof studied a series of EIPs including EIP-3475, EIP-4844, EIP-3525 and EIP-4626 and published research articles.
Fairyproof Covered Crypto Incidents More Closely and Timely
– Fairyproof published weekly and quarterly security reports.
– Fairyproof released detailed analysis and updates for various incidents.
Fairyproof Established Broader Social Connections
– Fairyproof actively participated in events held in Singapore, Miami, New York, London, Berlin, and Lisbon, and established close connection with popular projects including Aptos, zkSync, Mina, and more.
– Fairyproof actively participated in events and activities in the Ethereum community and had established a great connection with ECF.
– Fairyproof was interviewed and reported by famous media including Newsfilecorp, Yahoo, PANews and institutions including blockchain organizations from the National University of Singapore.
Fairyproof was Active in Blockchain Education and Non-Profit Events
– Fairyproof audited projects for a blockchain game Hackathon from South Korea.
– Fairyproof recorded videos for an organization in Singapore involving the education of security issues in Web 3 development.
– Fairyproof actively joined AMA events including Ethereum New Era by BlockBeat, Blockchain game-related NFTs and GameFi AMAs, and hosted an AMA for NFT Security during the World Cup.
Looking Forward to 2023
Fairyproof Will Extend its Research into New Applications, New Technologies, and New Regulation Patterns
– Fairyproof will conduct research into new applications including Digital Twin and AR/VR, their trends and security issues.
– Fairyproof will conduct research into Quantum Cryptography and its applications in blockchain.
– Fairyproof will conduct research into new trends and developments in crypto regulations, and how these regulations will be applied to crypto assets and transactions.
Fairyproof Will Build its Products and Services for the Whole Web 3 Architecture
– Fairyproof will build products and services that cover the whole Web 3 ecosystem
– Fairyproof will build products and services for each component of Web 3 architecture.
Fairyproof Will Release More Powerful and Intelligent Products
– Fairyproof is developing a comprehensive and high-level security monitoring system
– Fairyproof will develop products that monitor targets comprehensively from multiple angles
– Fairyproof will develop products that intelligently recognize and detect hackers’ behaviors and patterns
– Fairyproof will provide mutiple-leveled solutions to prevent attacks
– Fairyproof will develop products that detect a project’s risks that arise from correlated products.
Fairyproof Will Serve Customers More Efficiently with Better Services and Products
– Fairyproof will develop customized products and services dedicated to enterprise customers.
– Fairyproof will provide multi-leveled, multi-faceted services for customers.
– Fairyproof will develop products and provide services that cover a project’s entire life-cyle, and meet the different demands for different phases of a project’s life-cycle.
Fairyproof Will Deliver Updates and Reports of Crypto Incidents in a More Timely Manner
– Fairyproof will release updates and reports on security incidents timelier.
– Fairyproof will develop more methods and solutions to trace and track exploited assets, and restore them.
Fairyproof Will Conduct Deeper and Broader Research
– Fairyproof will release more research reports for more specific areas and fields in the crypto space.
– Fairyproof will conduct more research on the security situations of big institutions and organizations by studying both on-chain and off-chain information
Fairyproof Will Actively Establish Connections in the Crypto Space More
– Fairyproof will establish more connections with builders including teams behind blockchain infrastructure projects, mainnets, layer 2 solutions, and more.
– Fairyproof will build more connections with teams behind applications including DeFi, blockchain games, DAOs, NFTs, and more.
Closing Thoughts
We have entered a new year. Fairyproof will soon turn two years old. We are new players in the crypto space and still have a long way to go. We still have a lot to learn from our peers and pioneers. All-in-all, we still cherish our dreams and bear our mission in mind.
No matter what is ahead of us – storm, rain or shine, we will firmly forge ahead, do our best, stand with the crypto space, closely collaborate with our clients, and build a new chapter for us and for all.
From 26 December 2022 to 1 January 2023, all security incidents that have occurred were all Security Hacks.
SECURITY HACKS:
BitKeep’s Client Gets Hacked
On 26 Dec, the team behind BitKeep, a popular wallet claimed that some of its wallet’s downloan links were hijacked by hackers and the normal links were replaced by malware.
It was reported that a lot of BitKeep users suffered from this hack and crypto assets worth around US $3 million were exploited.
The attacker’s address was 0xC6f70B2bC123936B486Bc89110243108FF93B21e on the BNB chain.
Hacker Attacks PECO and DFI
On 26 Dec, Amun, an index product provider claimed that two of this applications PECO and DFI deployed on Polygon were attacked.
The attacker was identified to be 0xf8b17Df4da32FAfDdA970aE1f76D2DbfF7091913 on Polygon. The attacker exploited a vulnerability to take full control of the “relalance” manager, mint 80 billion tokens and dump all these tokens on all available DEXs. The hacker repeated this attack on the DFI token as well.
Right after the Amun team detected this incident, the team promptly rebalanced the contract manager such that it was controlled by the company’s multi-sigs.
The team would compensate all the affected token holders for their loss and will announce a repayment schedule soon.
After this incident happened, PECO’s price crashed to near zero.
Crypto assets worth around US $300,000 were exploited in this incident.
Hacker Attacks BTC.com
On 26 Dec, BIT Mining Limited announced that its child company BTC.com was attacked on December 3 and some crypto assets were exploited.
At the time of writing BTC.com had been back to work. BIT Mining Limited had reported this case to a local police office in Shenzhen, CHINA. This case had been under investigation. The company would do every effort to restore the exploited assets.
Crypto assets worth around US $700,000 were exploited in this incident.
Hacker Attacks Jaypeggerz
On 29 Dec, a hacker attacked Jaypeggerz, a dApp deployed on Ethereum.
The root cause was that the JAY contract allowed users to pass any ERC-21 token to the buyJay function. The hacker exploited this vulnerability to re-enter the JAY contract.
Basically the hacker flash-loaned 72.5 ETHs, bought JAYs with 22 ETHs and then called the buyJay function by passing a fake ERC-721 token with the remaining 50.5 ETHs. With this fake ERC-721 token, the hacker called the sell function to re-enter the JAY contract, manipulated the JAY’s price and sold all JAYs.
The hacker repeated this process and eventually exploited 15.32 ETHs worth around US $18,000 in this incident.
All exploited assets were cashed out via Tornado Cash.
Additional Details:
– Attacker’s Address: 0x0348d20b74ddc0ac9bfc3626e06d30bb6fac213b on Ethereum
– Attacking Contract: 0xed42cb11b9d03c807ed1ba9c2ed1d3ba5bf37340 on Ethereum
– Attacked Contract: 0xf2919d1d80aff2940274014bef534f7791906ff2 on Ethereum
On 29 Dec, a hacker attacked Gummys’ discord server. Gummys is a Web 3 steaming platform.
Hacker Attacks PartisiansNFT’s Discord Server
On 30 Dec, a hacker attacked PartisiansNFT ’s discord server. PartisiansNFT is an NFT project.
Hacker Attacks Kenomi’s Discord Server
On 31 Dec, a hacker attacked Kenomi’s discord server. Kenomi is an NFT project.
Hacker Attacks Everybodys’ Discord Server
On 2 Jan, a hacker attacked Everybodys’ discord server. Everybodys is an NFT project on Ethereum.
CONCLUSION-
8 notable security incidents have occurred in the past week. It is worth noting that the BitKeep incident affected numerous wallet users.
A Reminder forProject Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.
A Reminder forCrypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. Particularly we suggest crypto investors should have a cold wallet and put most of their crypto assets in their cold wallets.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/