Weekly Blockchain Security Report by Fairyproof — June 13 to June 19
During the week from June 13 to June 19, 2022, security incidents that happened in the crypto space are all security hacks.
During the week from June 13 to June 19, 2022, security incidents that happened in the crypto space are all security hacks.
Here is a list of the security hacks:
1. FSwap
On June 13, FSwap, a DeFi application deployed on the BNB chain was attacked.
The attacker’s address was 0x000c84c59385b64c3EA4D48cC3fCa1f08f3ABCfC on the BNB chain.
The attacking contract was deployed at 0x7437e7a923a5b467a197c6fae991f0f0ced9af57 on the BNB chain.
The attacked contract was deployed at 0x0d5F1226bd91b5582F6ED54DeeE739CAC49C37Db on the BNB chain.
The hash value of the attack transaction was:
0xe75e30dafd865331e6a002d50effe084c21e413c96d4550d5e09cf647686fcbe
Crypto assets valued at around $390,000 were exploited in this incident.
The root cause is a bug in its swap algorithm that led to incorrect prices. This vulnerability was exploited, and a flash loan was leveraged to enlarge the loss.
2. Known Origin
On June 14, the team behind one popular NFT platform Known Origin announced that its Discord server was attacked. The team announced on its Twitter that they would never DM anyone or send any mint links.
3. Inverse Finance
On June 16, Inverse Finance, a DeFi application deployed on Ethereum was attacked.
The attacker’s address was 0x7b792e49f640676b3706d666075e903b3a4deec6 on Ethereum.
The attacking contract was deployed at 0xf508c58ce37ce40a40997c715075172691f92e2d on Ethereum.
The hash value of the attack transaction was:
0x958236266991bc3fe3b77feaacea120f172c0708ad01c7a715b255f218f9313c
Crypto assets valued at $1.2 million were exploited in this incident.
The root cause is that the implementation used an inappropriate algorithm to calculate an LP’s price. The implementation used its pair contract’s balance to calculate an LP’s price and the balance was easily manipulated. The attacker leveraged a flash loan to pump an LP’s price, and used the LP as collateral to borrow 10 million DOLAs valued at around $1.2 million.
Just two months ago, on April 12, 2022, Inverse Finance suffered from an attack and then followed by this attack.
4. Tether
On June 18, Tether’s CTO announced that the website suffered from a DDoS attack. Prior to the attack, the attacker asked for a ransom from Tether but got rejected. Then Tether’s website was flushed with 8 million requests within 5 minutes. In general, the frequency is 2000 requests per 5 minutes.
Right after the attack was launched, the Tether team used Couldflare’s AS-CHOOPA to mitigate this attack. No losses were found in this incident.
Closing thoughts
The ones that happened to FSwap and Inverse Finance were typical smart contract vulnerabilities that could have been prevented if they had undergone professional audits.
The one that happened to KnownOrigin was a typical phishing attack.
A reminder to project teams: always test thoroughly and do smart contract audits before deploying smart contracts on-chain.
A reminder to crypto users: be cautious about suspicious links, emails or websites, and projects that are launched by teams without an established reputation.
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing