From October 3 to October 9, 2022, all security incidents that have occurred are Security Hacks.
SECURITY HACKS:
1. Hacker Conducts Eclipse Attack to Downgrade Performance of ZCash Nodes
On October 6, an anonymous actor launched an eclipse attack on a famous privacy coin ZCash.
The attacker had filled ZCash’s blocks with myriad shielded transaction outputs, severely downgrading ZCash nodes’ performance.
2. Hacker Attacks Xave Finance Through Fake Verification Message
On October 8, Xave Finance, a DeFi application deployed on Ethereum was attacked.
The attacker submitted a fake verification message to Xave’s oracle resulting in four proposals to be successfully passed by the DaoModule (0x8f9036732b9aa9b82D8F35e54B71faeb2f573E2F). This resulted in a mint of 100,000,000,000,000 RNBWs which were sent to the attacker’s address. Subsequently, the attacker exchanged the RNBWs to xRNBWs.
Additional Details:
- Attacker’s Address: 0x0f44f3489D17e42ab13A6beb76E57813081fc1E2 (on Ethereum)
- Attacking Contract: 0xE167cdAAc8718b90c03Cf2CB75DC976E24EE86D3 (on Ethereum)
- Hash Value of Attack Transaction:
0xc18ec2eb7d41638d9982281e766945d0428aaeda6211b4ccb6626ea7cff31f4a
3. Hacker Attacks BNB Chain’s Token Hub
On October 9, BNB Chain’s Token Hub was attacked by 0x489A8756C18C0b8B24EC2a2b9FF3D4d447F79BEc on the BNB chain.
The Hub’s implementation used earlier versions of IAVL library and Multistoreproof implementation which had a vulnerability, allowing users to generate fake messages.
Around 2 million BNBs were exploited in this incident. The attacker then used BNBs to drain the stable coins including USDTs, BUSDs and USDCs from Venus.
Right after the incident, the BNB Chain team halted the BNB Chain’s nodes, froze transactions and limited the total loss to $100 million.
CONCLUSION-
3 notable security incidents related to security hacks have occurred in the past week.
The biggest incident was the attack on the BNB chain, and raised great concerns on cross-chain bridges’ security once again.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at https://www.fairyproof.com/