Weekly Blockchain Security Report by Fairyproof- May 23 to May 29
During the week from May 23 to May 29, 2022, security incidents that happened in the crypto space were either security hacks or rug-pulls.
During the week from May 23 to May 29, 2022, security incidents that happened in the crypto space were either security hacks or rug-pulls.
Here is a list of the security hacks:
1. Moonbirds
On May 25, an NFT collector’s Moonbirds collection was exploited. The Moonbirds collection is an NFT application deployed on Ethereum.
The attackers were from multiple addresses including:
0xe8250Bb4eFa6D9d032f7d46393CEaE18168A6B0D,
0x8e73fe4d5839c60847066b67ea657a67f42a0adf,
0x6035B92fd5102b6113fE90247763e0ac22bfEF63,
0xBf41EFdD1b815556c2416DcF427f2e896142aa53 and
0x29C80c2690F91A47803445c5922e76597D1DD2B6
The attacked NFT collector was a “DigitalOrnithologist”. Basically, the collector suffered from a phishing attack such that the collector’s Moonbirds NFTs were exploited.
In this incident, this collector lost 29 Moonbirds NFTs which were worth 750 ETHs and valued at around $1.5 million.
It is highly possible this attack was related to a Twitter account “@DVincent_”. At the time of writing, both this Twitter account and its corresponding Opensea page have been deleted.
It was reported that before the attack, “@DVincent_” had conversations about NFT deals with other NFT collectors. A Bored Ape holder “@just1n_eth” claimed that they had some agreement on the deals and “@DVincent_” insisted on using a website http://p2peers.io/ for the transactions. This made “@just1n_eth” suspicious because the website was never heard of. At the time of writing, http://p2peers.io/ which was registered in Finland was suspended.
2. Mirror
On May 28, Mirror, a popular application deployed on the Terra blockchain was publicly reported to be attacked.
The attacker’s address was terra1200zm8crgjaj949ta8r7p6pay0qq638js4sdmh on Terra.
In this incident, crypto-assets valued at around $30 million were exploited.
Basically, the root cause of this incident was the implementation lacked validation for the funding source of crypto assets. This vulnerability was exploited by the attacker to stake assets valued at around only $10 to repeatedly withdraw the staked assets in the application.
This vulnerability had existed for more than 1 year and had been exploited multiple times. However, it hadn’t been detected by the Mirror team until recently. After the team detected this, it silently patched the bug on May 9.
Here is a list of the rug-pulls:
1. Pokemoney
On May 27, Pokemoney, an NFT application deployed on the BNB Chain turned out to be a rug-pull.
In this incident, 11800 BNBs valued at around $3.5 million were exploited. The price of Pokemoney plummeted by 99.98%.
Closing thoughts
In the past week, there were three incidents, the root cause of the Mirror incident was a smart contract vulnerability. The phishing attack could have been prevented if the victims had paid more attention and acted with care and caution. The rug-pull could have been avoided if the token holders could have done basic research and investigations before buying the token.
A reminder to project teams: always test thoroughly and do smart contract audits before deploying smart contracts on-chain.
A reminder to crypto users: be cautious about suspicious links, emails or websites, and projects that are launched by teams without an established reputation.
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing