Weekly Blockchain Security Watch

Apr 10 to Apr 16

From April 10, 2023 to April 16, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

  1. Terraport Finances Liquidity Wallet Breached

On April 10, Terraport Finance’s team announced that they had a breach of their liquidity wallet. At the time of writing, the Terraport team was still investigating the breach.

No specific amout of loss was reported.

Terraport Finance is a DeFi application deployed on the Terra Classic blockchain.

  • Meta Skyer Suffers Flash-loan Attack

On April 10, Meta Skyer (SKYER), a project deployed on the BNB chain suffered a flash-loan attack.

Its token SKYER is deployed at 0x6B77C9202d6E91B8f7B8F0372280db98406005E3 on the BNB chain.

Crypto assets worth around US $20,000 were exploited in this incident.

  • South Korean Exchange GDAC Suffers Wallet Compromise

On April 10, South Korean exchange GDAC experienced a private key compromise.

At the time of writing crypto assets worth around US $13,000,000 were exploited.

  • South Korean Exchange GDAC Suffers Wallet Compromise

On April 11, South Korean exchange GDAC experienced a private key compromise.

Crypto assets worth around US $13M were exploited in this incident.

  • Paribus Suffers Re-entrancy Attack

On April 11, Paribus, a project deployed on Cardano experienced an re-entrancy attack.

Crypto assets worth around US $67,000 were exploited in this incident.

  • Mean DAOs Discord Server Compromised

On April 11, the discord server of Mean DAO(@meanfinance) was compromised. Mean DAO is a DeFi application deployed on Solana.

  • MetaPoint Suffers Exploit

On April 12, MetaPoint, a project deployed on the BNB chain suffered an exploit.

The root cause of this issue was that it gave the caller of the function access to the $META tokens without any restriction.

2513 BNBs worth around US $811,000 were exploited in this incident.

  • Chimps Discord Server Compromised

On April 13, the discord server of Chimps(@chimpsverse) was compromised and a phishing link was sent in the discord server. Chimps is a project deployed on Solana.

  • Suteki – SAISEIs Discord Server Compromised

On April 13, the discord server of Suteki-SAISEI(@Suteki_NFT) was compromised. Suteki is an NFT project deployed on Solana.

  1. Saved Souls Discord Server Compromised

On April 14, the discord server of Saved Souls(@SavedSoulsNFT) was compromised. Saved Souls is an NFT project deployed on Ethereum.

  1. Bitrue Suffers Exploit

On April 14, Bitrue, a centralized crypto exchange suffered an exploit.

Actually, one of the exchange’s hot wallets was breached. Crypto assets including ETH, QNT, GALA, SHIB, HOT and MATIC were stolen.

The Bitrue’s team claimed that the affected hot wallet only held less than 5% of its overall funds and the rest of its wallets remained secure and had not been compromised.

Crypto assets worth around US $23,000,000 were exploited in this incident.

  1. Walker Worlds Twitter Account Compromised

On April 15, the twitter account of Walker World(@walkerworld_) was compromised and a phishing link was sent in the twitter account. Walker World is a project deployed on Ethereum.

  1. Hundred Finance Suffers Exploit

On April 15, Hundred Finance, a DeFi application deployed on Optimism suffered an exploit.

The team announced on their Twitter account that they had been hacked on Optimism. The exchange rate formula was manipulated through Cash value. The attacker exploited it to borrow a large amount of tokens and then got back the amount after the exchange rate was manipulated through redeeming 1 hToken.

Crypto assets worth around US $7,400,000 were exploited in this incident.

  1. Hundred Finance Suffers Exploit

On April 16, Swapos V2, a DeFi application deployed on Ethereum suffered an exploit.

Crypto assets worth around US $468,000 were exploited in this incident.

RUG-PULLS:

  1. SyncDexOG Confirmed to Be Rug-pull

On April 12, SyncDex(@SyncDex_Finance), a project deployed on zkSync was confirmed to be a rug-pull.

200 ETHs worth around US $ 383,000 were exploited in this incident.

CONCLUSION-

15 notable security incidents have occurred in the past week. 14 were security attacks and 1 was a rug-pull.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: https://fairyproof.substack.com/

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

Leave a Reply

Your email address will not be published. Required fields are marked *