Weekly Blockchain Security Report by Fairyproof- May 30 to June 5
During the week from May 30 to June 5, 2022, security incidents that happened in the crypto space were all security hacks.
During the week from May 30 to June 5, 2022, security incidents that happened in the crypto space were all security hacks.
Here is a list of the security hacks:
1. Novo
On May 29, Novo, a DeFi application deployed on the BNB chain was attacked.
The attacker’s address was 0x31A7CC04987520cEfaCd46F734943A105b29186E on the BNB chain.
The attacking contract was deployed at 0x3463a663de4ccc59c8b21190f81027096f18cf2a on the BNB chain.
The hash values of the attack transactions were:
0xc346adf14e5082e6df5aeae650f3d7f606d7e08247c2b856510766b4dfcdc57f and
0x23fd14a46b539c81ca4491a577de118925d9339a63fcf4c8a3ff36c14d6cec35
The attacked contracts were deployed at the following two addresses:
0x6Fb2020C236BBD5a7DDEb07E14c9298642253333 and
0xa0787DaAD6062349f63b7c228CBFd5d8A3dB08F1
In this incident, 279 BNBs valued at around $800,000 were exploited.
The root cause of the incident was that its “transferFrom” function didn’t deduct the “approval” amount.
The attacker leveraged a flash-loan to borrow BNBs and exchanged the BNBs for NOVOs on Pancake. Then the attacker exploited the vulnerability of the “transferForm” function and eventually pumped NOVO’s price and exchanged the NOVOs for WBNBs.
2. Mirror
On May 30, Mirror, a dApp deployed on the Terra 2.0 blockchain was attacked.
In this incident, crypto-assets valued at around $2 million were exploited.
The root cause was that Terra 2.0 Mirror still used the oracle that was used on Terra Classic and the price of LUNA fed by this oracle was incorrect. The attack exploited this vulnerability to use LUNAs as collateral to borrow crypto assets including mBTC, ETH, mGLXY, mDOT, etc.
3. BAYC
On June 4, BAYC, the most popular NFT application on Ethereum was attacked.
In this incident, the project’s Discord server was attacked, and quite a few users suffered from a phishing attack. NFTs valued at around 200 ETH were exploited.
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing
Closing thoughts
In the past week, there were three incidents, the root cause of the Mirror incident was using an inappropriate oracle. The root cause of the NOVO incident was a smart contract vulnerability. The phishing attack could have been prevented if the victims had paid more attention and acted with care and caution.
A reminder to project teams: always test thoroughly and do smart contract audits before deploying smart contracts on-chain.
A reminder to crypto users: be cautious about suspicious links, emails or websites, and projects that are launched by teams without an established reputation.