From November 20, 2023 to November 26, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. HECO Chain Bridge Suffers Exploit
On November 22, the Ethereum deployed HECO Chain bridge suffered an exploit.
The attacker’s addresses are:
0xFc146D1CaF6Ba1d1cE6dcB5b35dcBF895f50B0C4,   0xe47e6dA16Bb83EB0FD26b3F29b15CE8Fab089B9e,  0x493BB5E2a551aE8FA22EfF0F964820712Ed77Dcb, 0x12FC2841201D5ae5d6e780893De9032BbBc5b231,   0x6CC330b8FE6509EA81702ae14fc1901979211c6b and   0x5DdF1A1dc06b2bCdd836Cc408dEaFa560197d920 on Ethereum.
Crypto assets worth around US $86.6 million were exploited in this incident.
2. Kyber Suffers Exploit
On November 23, a multi-chain deployed DEX Kyber suffered an exploit.
The attacker’s address is 0xC9B826BAD20872EB29f9b1D8af4BefE8460b50c6 on both Arbitrum and Optimism.
Crypto assets worth around US $41.1 million were exploited in this incident.
3. THEDAONFT Suffers Exploit
On November 26, an Ethereum deployed dApp THEDAONFT suffered an exploit.
The root cause is that its implementation had a logic issue.
The attacker’s address is 0x2F746bC70f72aAF3340B8BbFd254fd91a3996218 on Ethereum.
Crypto assets worth around US $19,000 were exploited in this incident.
RUG-PULLS:
1. CREDIX Rug-pull
On November 21, an Ethereum deployed token CREDIX was confirmed to be a rug-pull.
The token is deployed at 0x6b5e9e55921e5e412cf1002599c05d4428cf50c5Â on Ethereum.
2,200,000,000,000,000 CREDIX tokens were swapped for 41.2 ETHs (worth around US $83K).
The price of CREDIX dropped 100.00%Â after the rug-pull.
2. SAI Pro Rug-pull
On November 23, a BNB chain deployed token SAI Pro was confirmed to be a rug-pull.
The token is deployed at 0xBa4cA4A9E1ca603310dF7a171D2291af9f3AfFaA on the BNB chain.
Crypto assets worth around US $1.7 million were exploited in this rug-pull.
CONCLUSION-
5 notable security incidents have occurred in the past week. 3 were attacks on smart contracts and 2 were rug-pulls.
It is worth noting that the loss in the HECO chain bridge exploit exceeded US $86 million.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/