From December 11, 2023 to December 17, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. OKX Suffers Exploit
On December 13, a centralized exchange OKX suffered an exploit.
The root cause of this incident was due to private key leakage.
The attacker's address is 0x48e3712c473364814ac8d87a2a70a9004a42e9a3 on Ethereum.
Crypto assets worth around US $2.7 million were exploited in this incident.
2. YFI Suffers Exploit
On December 14, an Ethereum deployed dApp YFI suffered an exploit.
The root cause of this incident was due to an error in its multi-signature script.
Crypto assets worth around US $1.4 million were exploited in this incident.
3. Zapper and Sushi Suffer Exploit
On December 14, two Ethereum deployed dApps Zapper and Sushi suffered a front-end exploit.
At the time of writing, no crypto assets had been exploited in this incident.
4. Ledger’s Kit Suffers Attack
On December 15, the kit of a wallet Ledger suffered an attack.
The root cause of this incident was that a wallet-draining payload was injected into the kit’s NPM package.
Crypto assets worth around US $450,000 were exploited in this incident.
5. NFT Trader Suffers Exploit
On December 16, an Ethereum deployed dApp NFT trader suffered an exploit.
37 BAYC and 13 MAYC were stolen.
These NFTs were worth around 1360 ETH (US $2.99 million).
6. Unisat Wallet Suffers Attack
On December 17, a Bitcoin wallet Unisat wallet suffered a DDOS attack.
The attack caused intermittent disruptions to the wallet and API services.
At the time of writing, no loss had been reported in this incident.
RUG-PULLS:
1. OIL Rug-pull
On December 12, an Ethereum deployed token OIL was confirmed to be a rug-pull.
The token is deployed at 0x215d253583d79259c56ffa188dc0744f6a7d26c1 on Ethereum.
476,100,000,000,000 OIL token were dumped for 27 ETH worth around $61.8K.
The price of $OIL dropped nearly 100.00% after the rug-pull.
CONCLUSION-
7 notable security incidents have occurred in the past week. 7 were attacks on smart contracts, wallets or front-ends and 1 was a rug-pull.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/