Weekly Blockchain Security Watch

Apr 3 to Apr 9

From April 3, 2023 to April 9, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

  1. Sentiment Suffers Re-entrancy Attack

On April 4, Sentiment, a project deployed on Arbitrum suffered a re-entrancy attack.

At the time of writing, the Sentiment team had pushed a fix that remediated the vulnerability.

Crypto assets worth around US $1 million were exploited in this incident.

  • MOM Suffers Exploit

On April 8, MOM, a token deployed on Polygon suffered an exploit.

The root cause of this issue was that its claim function didn’t have a proper check for its parameter.

For more details please refer to the link:

Crypto assets worth around US $185,000 were exploited in this incident.

  • SushiSwap Suffers Exploit

On April 9, SushiSwap, a famous DeFi application deployed on multiple blockchains including Ethereum, Polygon, BNB Chain, Fantom etc was exploited.

The root cause of this incident was that its RouteProcess02 contract had a vulnerability in approval of token spending.

This vulnerability was exploited to steal crypto assets worth around US $3.3 million.

Users who have interacted with SushiSwap on Ethereum, BNB chain, Polygon, Fantom and AVAX during the last four to five days should revoke their approval as soon as possible.

RUG-PULLS:

  1. OG Fan Token Suspected to Be Rug-pull

On April 9, OG Fan token, a project deployed on the BNB chain was suspected to be a rug-pull.

For more details please refer to the link:

CONCLUSION-

4 notable security incidents have occurred in the past week. 3 were security attacks and 1 was a rug-pull.

It is worth noting that SushiSwap suffered an exploit due to an approval bug that should have been detected if it had been professionally audited. 

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Leave a Reply

Your email address will not be published. Required fields are marked *