Discover more from Fairyproof Official Newsletter

Weekly Reports on Notable Security Incidents; Analysis on Hacks, Vulnerabilities, and Solutions; Quarterly and Yearly Reviews; To Make the Community of Web3.0 a Safer Place.

Blockchain Security Watch

Weekly Blockchain Security Watch

November 6 to November 12

Nov 13, 2023

From November 6, 2023 to November 12, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

1. Coinspot Suffers Exploit

On November 7, a centralized exchange Coinspot suffered an exploit.

The exchange’s wallets were drained for $2.4 M worth of $ETH (1,282 ETH).

The attacker’s address is 0x326dc417d96c72349FA3d1fda4aE9C1c77FD89B8 on Ethereum

2. MEV Bot Suffers Exploit

On November 8, an Ethereum deployed MEV bot suffered an exploit.

The MEV bot is deployed at 0x46d9b3dfbc163465ca9e306487cba60bc438f5a2 on Ethereum.

The root cause of this incident was that its contracts lacked access control for asset trading.

The attacker’s address is 0x46d9B3dFbc163465ca9E306487CbA60bC438F5a2 on Ethereum

Crypto assets worth around US $2 million were exploited in this incident.

3. The Standard Suffers Attack

On November 9, an Arbitrum deployed dApp the standard suffered an attack.

The root cause of this incident was that it lacked a check for slippage and LP management.

The attacker’s address is 0x09ed480feaf4cbc363481717e04e2c394ab326b4 on Arbitrum

Crypto assets worth around US $290,000 were exploited in this incident.

4. Poloniex Suffers Exploit

On November 10, a centralized exchange Poloniex suffered an exploit.

The attacker’s address is 0x0A5984f86200415894821bFEFc1c1De036DbF9e7 on Ethereum

Crypto assets worth around US $130 million were exploited in this incident.

5. Raft Suffers Exploit

On November 11, an Ethereum deployed dApp Raft suffered an exploit.

The root cause was the dApp had a precision calculation issue when minting share tokens. The attacker exploited this issue and used a flash-loan to attack the dApp.

The attacker’s address is 0xc1f2b71A502B551a65Eee9C96318aFdD5fd439fA on Ethereum

Crypto assets worth around US $3.6 million were exploited in this incident.

RUG-PULLS:

1. GOW39 Rug-pull

On November 9, a BNB chain deployed token GOW39 was confirmed to be a rug-pull.

The token is deployed at 0x575bad4ea32729711da86045e43535a7c1b4881b on the BNB chain.

After the rug, the token’s price dropped to $0.

117,748,562,677,194 GOW39s were swapped for $205,000.

CONCLUSION-

6 notable security incidents have occurred in the past week. 5 were attacks on smart contracts and 1 was a rug-pull.

It is worth noting that the loss in the Poloniex exploit was $130 million.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.

It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/