Weekly Blockchain Security Watch
November 14 to November 20
From November 14 to November 20, 2022, all security incidents that have occurred can be categorized into Security Hacks and Rug-pulls.
1. Fairyproof Sends Warnings of Phishing Link Surge in Twitter
On 17 Nov, Fairyproof sent a warning following a surge of phishing links (such as arts-blocks.com) to Twitter users who have participated in NFT minting.
If these links were clicked, users would be prompted to approve spending their NFTs in their wallets.
For more details, refer to:
2. Hacker Attacks Sheep Farm by Leveraging Register Function
On 15 Nov, a hacker attacked Sheep Farm, a dApp deployed on the BNB chain, by leveraging on the “register” function which could be called repeatedly.
The hacker called the register function to repeatedly increase the gems, then called the upgradeVillage function to increase the yield. The hacker then proceeded to call the sellVillage function to exchange the yield to “money” and cashed out.
262 BNBs worth around US$72,000 were exploited in this incident.
- Attacker’s Address: 0x2131C67eD7b6AA01B7aA308c71991Ef5BaEdd049 (BNB chain)
- Attacking Contract: 0xf2db8665d82e1a23895ed78b213d36d62eec6bbc (BNB chain)
- Attacked Contract: 0x4726010da871f4b57b5031E3EA48Bde961F122aA (BNB chain)
1. Boxer Inu Rug-Pulls Crypto Assets Worth Around US$146, 000
On 17 Nov, BNB chain-deployed Boxer Inu (@BoxerInuFinance) rug-pulled crypto assets worth around US$146, 000.
The project’s token (deployed at 0x192e9321b6244d204d4301afa507eb29ca84d9ef) was exchanged to WBNB and sent to 0x18078a777ddb681e2180945be9562cd11f989d3c.
At the time of writing, there were still some assets left in the address.
3 notable security incidents have occurred in the past week.
2 of them were attacks on smart contracts and social media, and 1 was a rug-pull.
It is worth noting that a lot of crypto users suffered from the phishing links sent in Twitter.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. In addition, manage and store private keys with great care.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
To stay updated on notable security incidents in the world of Web3.0
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at https://www.fairyproof.com/