Weekly Blockchain Security Watch

Mar 13 to Mar 19

SECURITY HACKS:

  • Hacker Exploits Euler Finance Through Flash-Loan

On 13 Mar, a hacker attacked Euler Finance, a lending application deployed on Ethereum.

The root cause of this incident was that Euler’s donateToReserves() function did not have a proper check on collateralization status.

An attacker address started this attack with a flash-loan and created a leverage insolvent position through Euler’s mint() function and the donateToReserves() function.

The address liquidated its position in the same transaction to gain a large amount of eTokens and repeated this process on multiple Euler pools.

In this attack, the following assets were stolen:

8,877,507 DAI

8,080 WETH

846.4 WBTC

73,821 stETH

34,224,863 USDC

Eventually crypto assets worth around US $197 million were exploited in this incident.

Additional Details:

Attacker’s Address:

– 0xB2698C2D99aD2c302a95A8DB26B08D17a77cedd4 (on Ethereum)

– 0xb66cd966670d962C227B3EABA30a872DbFb995db (on Ethereum)

– 0x5F259D0b76665c337c6104145894F4D1D2758B8c (on Ethereum)

– 0xc66dFA84BC1B93df194bD964a41282da65D73c9a (on Ethereum)

Attacking Contract:

– 0x583c21631c48D442B5C0E605d624f54A0B366c72 (on Ethereum)

Attacked Contracts:

– 0xe025e3ca2be02316033184551d4d3aa22024d9dc (on Ethereum)

– 0x1b808f49add4b8c6b5117d9681cf7312fcf0dc1d (on Ethereum)

– 0x0275b156cd77c5ed82d44bcc5f9e93eecff20138 (on Ethereum)

– 0xbd1bd5c956684f7eb79da40f582cbe1373a1d593 (on Ethereum)

– 0xeb91861f8a4e1c12333f42dce8fb0ecdc28da716 (on Ethereum)

  • Hacker Exploits Poolz Finance by Exploiting Implementation’s Arithmetic Overflow

On 15 Mar, a hacker attacked a DeFi application deployed on the BNB chain Poolz Finance by exploiting on a vulnerability in an arithmetic overflow in the application’s implementation.

Hackers exploited this vulnerability to attack Poolz Finance’s token vesting protocols on both the BNB chain and Polygon.

The hacker attacked Poolz Finanace’s token vesting protocols on both the BNB chain and Polygon. Consequentially, POOLZ’s price dropped by around 99%.

Crypto assets worth around US $390,000 were exploited in this incident.

  • Echelon Announces Discord Server Compromised

On 16 Mar, a game project deployed on Ethereum Echelon (@EchelonFND) announced on Twitter that their Discord had been compromised.

In a later update by //Kalos (@templecrash) indicated that the project’s Discord server is back up and operational and that the server was undergoing a cleanup and security pass. The user urged others not to click on any links and that the project will not conduct surprise mints or drops.

  • Hacker Attacks Para Space by Exploiting Logic Vulnerability

On 17 Mar, a hacker attacked Para Space, a DeFi application deployed on Ethereum by exploited on a logic vulnerability found in the implementation’s borrow function.

The attacker attempted to borrow more than legitimate tokens as BlockSec had successfully intercepted the attack. 2900 ETHs were rescued.

However, around US$90, 000 to US$270, 000 worth of crypto assets were still exploited in this incident.

At the time of writing the project has been paused and Para Space’s patch is being audited.

RUG-PULLS:

  1. Harvest Keeper Turns Out to Be A Scam

On 19 Mar, Harvest Keeper (@Harvest_Keeper) deployed on Ethereum, BNB chain and Polygon turned out to be scam.

The contract was deployed at 0x28120471E1e42e15a71Af5E39cA9f93099F34d2d on the BNB chain.

Crypto assets worth around US $933, 000 were exploited by the team in this incident.

CONCLUSION-

5 notable security incidents have occurred in the past week. 4 were attacks on social media, smart contracts, or blockchains, and 1 was a rug-pull.

It is worth noting that the attack on Euler Finance has caused the greatest loss in 2023 so far.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Weekly Blockchain Security Watch

Mar 6 to Mar 12

From 6 March 2023 to 12 March 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

  • Hacker Attacks Cheers Bunny’s Discord Server

On 6 Mar, Cheers Bunny’s Discord server was attacked. Cheers Bunny (@CheersBunnyNFT) is an NFT project deployed on Ethereum.

  • zk Bored Apes Announce Scam Hit on Discord Server

On 6 Mar, NFT project deployed on zkSync zk Bored Apes (@zkboredapes) announced on Twitter that there had been a “scam hit” on one of their mod accounts on their Discord server. In the announcement, the account detailed that there was no “serious damage” due to “the intelligent and shrewd community” who have identified and kicked the scammer out of the server.

  • NFT Trader Warns Users on Twitter of Discord Phishing Attack

On 6 Mar, NFT project deployed on Ethereum NFT Trader (@NftTrader) posted a screenshot of a scammer charading as a bot in their Discord server sending phishing links. The account urged followers on Twitter not to click on any links in the server as the “bot” was sending false information.

In a later update, the project announced that “the fire was put out immediately” and that their Discord “is all good and working”.

  • Valibots Announces Discord Compromised

On 6 Mar, NFT project deployed on Polygon ValiBots (@valibots) announced on Discord that one of their co-founder’s discord account had been hacked. The account detailed that the hacker had taken over the accounts, wallets, and contracts of the project and posted a drainage link in their Discord announcements.

As at the time of reporting, ValiBots have claimed that they have regained full control of everything.

  • Hacker Attacks Management of DeFi, WalletDMs and TradeDMs’ Discord Server

On 6 Mar, the Discord servers of multiple platforms for DeFi applications were attacked by hackers. These platforms include Management of DeFi, WalletDMs and Trade DMs.

  • Hacker Exploits Tender Fi

On 7 Mar, a hacker attacked Tender Fi, an application deployed on Arbitrum.

The root cause of this incident was that the project was connected to an old oracle.

The attacker exploited this vulnerability to borrow a huge amount of tokens from the contract.

At the time of writing, the team behind it had paused the borrowing function.

Crypto assets worth around US$1.58 million were exploited in this incident.

  • Hacker Exploits Phoenix Finance

On 7 Mar, a hacker attacked Phoenix Finance, an application deployed on Ethereum, Polygon and BNB chain.

The root cause of this incident was that a fake token was allowed to be used to borrow USDCs. The hacker exploited this vulnerability to use a fake OPT token to borrow USDCs. And the exploited USDCs were bridged to Ethereum and cased out via Tornado Cash.

Crypto assets worth around US $100,000 were exploited in this incident.

  • Hacker Attacks TOR’s Discord Server

On 8 Mar, TOR’s Discord server was attacked. TOR (@ToolsOfRockNFT) is an NFT project deployed on Ethereum.

  • Hacker Attacks Dumpies’ Discord Server

On 9 Mar, the Discord server for NFT project deployed on Ethereum Dumpies (@DumpiesNFT) was reportedly hacked. The project had posted on Twitter updating followers that the server has since remained secure.

  • Hacker Attacks Casual Sloths’ Discord Server

On 9 Mar, Casual Sloths’ Discord server was attacked. Casual Sloths (@CasualSloths) is an NFT project deployed on Ethereum.

  • Hacker Attacks Generative’s Discord Server

On 9 Mar, Generative’s Discord server was attacked. Generative (@generative_xyz) is an NFT platform for BTC crypto art.

  • Hacker Exploits Hedera

On 10 Mar, a hacker attacked Hedera, a blockchain system.

The root cause of this incident was that there was a vulnerability in its mainnet code that supports its Smart Contract Service.

The hacker exploited this vulnerability and targeted accounts used as liquidity pools on multiple DEXs to transfer Hedera Token Service tokens to the hacker’s account.

At the time of writing Hedera turned off its mainnet proxies to remove user access to the mainnet.

No specific details about the loss in this incident were reported by the team.

  • Theta Network Announces Hack on Admin Account in Discord Server

On 11 Mar, blockchain system Theta Network (@Theta_Network) posted on Twitter announcing that their admin account in Discord was hacked. The Twitter post also announced that the account had been removed and the issue was resolved. There was no loss of tokens or user data.

  • Hacker Attacks Danketsu’s Discord Server

On 11 Mar, a hacker had reportedly attacked Danketsu (@DanketsuNFT), formerly ADA Ninjaz, an NFT project deployed on Cardano. The project later updated users on Twitter that their Discord is back online and operational and the hackers were addressed by user @nftluxbug.

  • Fusionist Announces Hack on Discord Bot

On 12 Mar, blockchain game deployed on Ethereum Fusionist (@fusionistio) posted a screenshot containing their announcement of a hack on their Discord server’s bot. The announcement detailed that the Discord team has “implemented stricter measures” to keep the confidentiality of their API secret key. They also mentioned that even though the problem has been resolved, steps are also taken to prevent similar incidents from happening again in the future.

RUG-PULLS:

  • CryptogerClub Turns Out to Be A Scam

On 9 Mar, CryptogerClub (@CryptogerClub) deployed on the BNB chain turned out to be scam.

The token was deployed at 0x910b0Cb55121190d9E4176D449E26EE3BBbBff1F on the BNB chain. However, the contract deployer and EOA removed liquidity after it was unlocked.

105 BNBs worth around US $30.2K were exploited in this incident.

CONCLUSION-

16 notable security incidents have occurred in the past week. 15 were attacks on social media, smart contracts or blockchains , 1 was a rug-pull.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Weekly Blockchain Security Watch

Feb 27 to Mar 5

From 27 February 2023 to 5 March 2023, all security incidents that had occurred were Security Hacks.

SECURITY HACKS:

  • Hacker Exploits SwapX’s Lack of Proper Validation for Access Control

On 27 Feb, a hacker attacked SwapX, an application deployed on the BNB Chain, by leveraging on a vulnerability in the implementation where it lacked proper validation for access control.

Here is how the attack was carried out:

Step 1: the attacker swapped 0.0581 BNB for 1 Million DND tokens.

Step 2: the attacker called the attacked contract’s 0x4f1f05bc function to swap the BUSDs of other users who had approved the contract’s spending for DNDs.

Step 3: the attacker repeated step 2 and swapped 1 million DNDs for 739.6 WBNBs.

The attacker repeated this process and eventually exploited crypto assets worth around US $1 million in this incident.

Additional Details:

– Attacker’s Address: 0x7d192fa3a48c307100c3e663050291fff786aa1f

– Attacking Contract: 0xc4bea60f5644b20ebb4576e34d84854f9588a7e2

– Attacked Contract: 0x6d8981847eb3cc2234179d0f0e72f6b6b2421a01

– Hash Value of Attack Transaction:

0x3ee23c1585474eaa4f976313cafbc09461abb781d263547c8397788c68a00160

  • GangstaGuys Warns of Fake Discord Server Alert on Twitter

On 28 Feb, NFT project deployed on Polygon GangstaGuys (@gangstaguysnft) warned its followers on Twitter that a fake Discord server had been created to scam users. The project urged users not to join the Discord server as it is not official and that the legitimate official Discord server could be accessed through the project’s bio on Twitter.

  • Hacker Attacks Wickens’ Discord Server

On 1 Mar, Wickens’ Discord server was attacked. Wickens (@WickensNFT) is an NFT project deployed on Ethereum.

  • Hacker Attacks Doge Pound’s Discord Server

On 1 Mar, Doge Pound’s Discord server was attacked. Doge Pound (@TheDogePoundNFT) is an NFT project deployed on Ethereum.

  • Aliquo Releases Post-Mortem in Light of Discord Server Attack

On 1 Mar, the Discord server of NFT project deployed on Ethereum Aliquo (@aliquoxyz) was attacked.

In a post-mortem, the project detailed how the scammer had waited in the official server for an opportune time to conduct the phishing attack. The attacker had created a phishing URL to scam users by charading the link as a “surprise ‘airdrop’”.

The project urged users to exit the Discord server as investigations are ongoing. They also assured users that there will not be plans to launch additional tokens above their flagship AQ1, and that “airdrops” to distribute royalty earnings will not be conducted.

  • Hacker Attacks Metaclub Society’s Discord Server

On 2 Mar, Metaclub Society’s Discord server was attacked. Metaclub Society (@MetaclubSociety) is an NFT project deployed on Ethereum.

  • Hacker Exploits Alexa Pro

On 5 March, a hacker had exploited Alexa Pro (@alexapro100), an application deployed on the BNB Chain.

45 BNB worth around US $13,046 were exploited in this incident.

  • NFT Project Friends in High Places Announces Discord Server Attacked

On 5 Mar, an NFT project deployed on Ethereum Friends in High Places (@FiHPnft) announced on Twitter that their Discord server had been attacked. The account urged users not to sign up for the airdrop as one of their moderator’s accounts was hacked.

On a later update, the project announced that the Discord is back in operation, and invited users who had left the server to rejoin.

  • Goofy Gophers Mining Club Announced Hack on Discord Server

On 5 Mar, an NFT project deployed on the Cardano Blockchain Goofy Gophers Mining Club (@GGMC_nft) announced on Twitter that their Discord server was breached.

The project detailed that the hacker had accessed the server over night when the team was asleep to ban the moderators, close all forms of communications and posted a few RTH airdrop scam links in the announcements channel. The links were ETH scams where Metamask wallets would be drained when accessed.

In a later update, Goofy Gophers Mining Club announced that the Discord is now fully back under the project’s control. Moving forward, they will be limiting the permissions of the teams’ ‘hot’ accounts. They have also asked users who were affected to “reach out to the team”.

CONCLUSION-

9 notable security incidents have occurred in the past week. 7 were attacks on social media or phishing attacks, 1 was on a smart contract and 1 was against an individual.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/