Weekly Blockchain Security Watch (Mar 27 to Apr 2)

From March 27, 2023 to April 2, 2023, all security incidents that had occurred are all Security Hacks.

SECURITY HACKS:

  1. SafeMoon Suffers From Flash-loan Attack

On March 29, SafeMoon, a project deployed on the BNB chain suffered from a flash-loan attack.

The root cause was the contracts were upgraded such that anyone could burn tokens from any address that held the token.

The hacker exploited this vulnerability to inflate the SafeMoon token’s price and exchanged the SafeMoon tokens it held to WBNBs

Crypto assets worth around US $8.9 million were exploited in this incident.

  • Phishing Link Posted in YogaPetzs Discord Server

On April 1, a phishing link was posted in the Discord server of YogaPetz(@Yogapetz), an NFT project deployed on Ethereum.

  • Phishing Link Posted in Mark Sunsets Twitter Account

On April 1, a phishing link was posted in the Twitter account of Mark Sunset(@sunsetventurer), an influencer in Twitter.

  • Allbridge Suffers From Flash-loan Attack

On April 2, Allbridge, a project deployed on multiple blockchains including the BNB chain suffered from a flash-loan attack.

The root cause was the token price of an Allbridge pool could be manipulated.

Crypto assets worth around US $574,000 were exploited in this incident.

  • Phishing Link Posted in Raise Finances Discord Server

On April 2, a phishing link was posted in the Discord server of Raise Finance(@raise_fi), a wallet project deployed on zkSync.

CONCLUSION-

5 notable security incidents have occurred in the past week. 3 were attacks on social media and 2 were attacks on smart contracts.

It is worth noting that the unaudited contracts lead to a loss of crypto assets worth around US $8.9 million to SafeMoon. 

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Leave a Reply

Your email address will not be published. Required fields are marked *