From July 24, 2023 to July 30, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. Social Media Accounts Compromised
From July 24 to July 30, the following social media accounts were compromised and phishing links might be sent in these accounts:
Quasar@QuasarFi, Optim Finance@OptimFi and Plena Wallet@PlenaFinance
2. EraLend Suffers Exploit
On July 25, a zkSync deployed DeFi application EraLend suffered an exploit.
The root cause of this incident was that it had a read-only re-entrancy vulnerability. An attacker exploited this vulnerability and leveraged a flash-loan to launch an attack.
The attacker’s address is 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a on zkSync.
Crypto assets worth around US $3.4 million were exploited in this incident.
3. JPEG’d Suffers Exploit
On July 30, an Ethereum deployed NFTFi application JPEG’d suffered an exploit.
The root cause of this incident was that it had a re-entrancy vulnerability in its implementation. An attacker exploited this vulnerability to attack its pETH-ETH pool on Curve.
The attacker’s address is 0x6Ec21d1868743a44318c3C259a6d4953F9978538 on Ethereum.
Crypto assets worth around US $11.4 million were exploited in this incident.
RUG-PULLS:
1. Delta Protocol Rug-pull
On July 24, a BNB Chain deployed project Delta Protocol (0x2feB2274fdD687aa052C827d8354AfeF3D6B1737) was confirmed to be a rug-pull.
165 BNBs worth around US $39,600 were exploited in this incident.
2. IEGT Rug-pull
On July 26, a BNB Chain deployed token IEGT (0x8D07f605926837Ea0F9E1e24DbA0Fb348cb3E97D) was confirmed to be a rug-pull.
Crypto assets worth around US $1.14 million were exploited in this incident.
3. Kannagi Rug-pull
On July 29, a zkSync deployed project Kannagi (0x26aC1D9945f65392B8E4E6b895969b5c01A7B414) was confirmed to be a rug-pull.
Crypto assets worth around US $1.05 million were exploited in this incident.
CONCLUSION-
8 notable security incidents have occurred in the past week. 3 were attacked on social medial accounts, 2 were attacks on smart contracts and 3 were rug-pulls.
It is worth noting that two of the three rug-pulls each caused a loss more than US $1 million and the attack on JPEG’d caused a loss more than US $11 million.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/