Weekly Blockchain Security Watch
Feb 6 to Feb 12
From 6 February 2023 to 12 February 2023, all security incidents that have occurred were all Security Hacks.
1. Hacker Attacks Exoniks’ Discord Server
On 7 Feb, a hacker attacked Exoniks’ discord server. Exoniks is an NFT project.
2. Hacker Attacks CowSwap by Exploiting Inappropriate Approval of Funds Transfer
On 7 Feb, a hacker attacked CowSwap , a DeFi application deployed on Ethereum.
A contract was inappropriately approved to spend a maximum value of DAIs. The hacker had exploited this vulnerability to transfer funds to the hacker’s address.
Here is how the incident happened:
On January 27th 2023 a new solver “Barter” was allowed and moved to production. Shortly after, the Barter solver set an approval to a contract “SwapGuard”.
The SwapGuard contract was used to limit the amount of tokens that could be lost in a single transaction due to slippage.
Because of the vulnerability, the attacker leveraged the approval to transfer funds from the settlement contract to the hacker’s addresses, thus draining the contract.
Crypto assets worth around US $180,000 were exploited in this incident.
At the time of writing, all approvals for the ‘bad contract’ had been revoked, and the Barter Solver has upgraded to a new contract which has no arbitrary execution code functionality built in.
- Attacker’s Address: 0xc0e82c1ed4786f8b7f806d1b8a6335ec485266ff
- Hash Value of Attack Transaction:
3. Hacker Attacks Toxics’ Discord Server
On 7 Feb, a hacker attacked Toxics’ discord server. Toxics is an NFT project deployed on Ethereum.
4. Wanderverse Announces on Twitter Discord Server Compromise
On 8 Feb, NFT project deployed on Ethereum Wanderverse (@TheWanderverse_) announced on Twitter that their Discord server had been compromised.
On a later update, it was revealed that several community members had “lost assets after going to a scam site and signing an illegitimate tx.”. As a response, the community managed to save about “36 Wanderers and spent ~1.5ETH”. The ETH will be doubled and donated on retrieving the stolen Wanderers to the community treasury which will be operated by an elected group of members that will create proposals to protect community members in the future.
5. Drunken Ape Announces Discord Server Hacked
On 8 Feb, NFT project deployed on Solana Drunken Ape (@DrunkenApeSC) announced on Twitter that their Discord server had been hacked. As a response, the account hosted an AMA to address questions from the community. Later, the account announced that a new Discord server had been established.
6. Owner of LGTPoo Exploits LianGoPay Through Deployment of Fake LP Pool
On 9 Feb, LianGoPay, a DeFi application deployed on the BNB chain was exploited.
The root cause of this exploit was that the owner (0xb5950375D392728076449271b305639EFD2FC558) of LGTPool had deployed a fake LP pool and deposited a huge quantity of LP tokens into it and acquired 6.14 million LGT tokens.
Crypto assets worth around US $1.6 million were exploited in this incident.
For more details, please refer to:
- Attacker’s Address: 0x36d173937f3E03074246ADCFD6e4d06F3638c28a
- Hash Value of Attack Transaction:
7. WeAbove Announces Discord Server Hacked
On 10 Feb, NFT project deployed on Ethereum WeAbove (@weaboveofficial) announced on Twitter that their Discord server had been hacked. In a later update, the project announced that their team is working to refund drained money, and retrieve and purchase the WeAbove NFTs to return them to their rightful owners.
8. Hacker Attacks dForcenet in Oracle Manipulation
On 10 Feb, a hacker attacked dForcenet, a DeFi application deployed on both Optimism and Arbitrum.
The root cause of this incident was that the implementation did not have measures to prevent re-entrancy attacks, thus its Oracle was manipulated.
The hacker had managed to exploit 719,437 dForce USDs (USXs) and 1236 ETHs on Arbitrum and transferred the USXs to Optimism. Additionally, the hacker also exploited 1,037,000 USXs on Optimism. All USXs were exchanged to 1110 ETHs worth around US$ 1.75 million and all the ETHs remained in its address on Optimism.
In total, crypto assets worth around US $ 3.7 million were exploited in this incident.
- Attacker’s Address: 0xe0d551017c0111ac11108641771897aa33b2817c
- Hash Values of Attack Transactions:
0x6c19762186c9f32c81eb2a79420fc7ad4485aa916cab37ec278b216757bfba0d on Optimism
0x5db5c2400ab56db697b3cc9aa02a05deab658e1438ce2f8692ca009cc45171dd on Arbitrum
9. Hacker Attacks Sushiswap in Price Difference Leverage
On 10 Feb, a hacker attacked Sushiswap , a DeFi application on Ethereum.
The root cause of this incident was that the price fed by Chainlink did not match the latest market price in its BentoBoxv1 contract.
The hacker flashloaned 574,275 +785,560 xSUSHIs and staked them in Sushi. Later, the price for kmxSUSHI/USDT fed by Chainlink decreased by 16.9%. The hacker leveraged this price difference and called the liquidate() function to acquire 15,429 + 11,333 USDTs.
Crypto assets worth around US $ 26, 000 were exploited in this incident.
9 notable security incidents have occurred in the past week. 5 of 9 security incidents involve social media accounts and 4 were attacks against smart contracts.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
To stay updated on notable security incidents in the world of Web3.0
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at https://www.fairyproof.com/