Weekly Blockchain Security Watch
Mar 20 to Mar 26
From March 20, 2023 to March 26, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. Phishing Link Posted in DREAMLAND GENESIS’ Discord Server
On Mar 20, a phishing link was posted in the Discord server of DREAMLAND GENESIS(@DreamlandGEN), an NFT project deployed on Ethereum.
2. Phishing Link Posted in Boba Network’s Discord Server
On Mar 20, a phishing link was posted in the Discord server of Boba Network(@bobanetwork), a layer 2 solution.
3. Phishing Link Posted in The Art Bankers’ Discord Server
On Mar 21, a phishing link was posted in the Discord server of The Art Bankers(@theartbankers), a web 3 art platform.
4. Nuwa Suffers From Flash-loan Attack
On Mar 22, the Nuwa project, a project deployed on the BNB chain suffered from a flash-loan attack. Right after the attack, the price of the Nuwa token (contract address at the BNB chain is 0x7A6e3Fd7a155Cd923F0c51a1bEeC2ED61B6E864B) dropped by 80%.Â
5. FASTSWAP Suffers From Flash-loan Attack
On Mar 24, FASTSWAP(@fastswapdex), a project deployed on the BNB chain suffered from a flash-loan attack. Its token Fast is deployed at 0x3cf0fc9920102CCC2EB4df5E1B3471D555AFb361 on the BNB chain.
26.77 BNBs worth around US $8812 were exploited in this incident.
6. Phishing Link Posted in Kaspa’s Discord Server
On Mar 24, a phishing link was posted in the Discord server of Kaspa(@KaspaCurrency), a blockchain system.
7. Phishing Link Posted in Arbitrum’s Discord Server
On Mar 25, a phishing link was posted in the Discord server of Arbitrum(@arbitrum), a layer 2 solution.
RUG-PULLS:
1. Kokomo Finance Turns Out to Be A Scam
On Mar 26, Kokomo Finance(@KokomoFinance) a dApp deployed on Optimism turned out to be scam.
The contract was deployed at 0x7Da25Bc4cFAed3F29414C6779676e53B19a356f5 on Optimism.
Crypto assets worth around US $4 million were exploited by the team in this incident.
CONCLUSION-
8 notable security incidents have occurred in the past week. 7 were attacks on social media and smart contracts, and 1 was a rug-pull.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/