Weekly Blockchain Security Watch
November 27 to December 3
From November 27, 2023 to December 3, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. Ordinals Index Issue
On November 27, a Bitcoin address bc1qhuv3dhpnm0wktasd3v0kt6e4aqfqsd0uhfdu7d showed different ORDI balances on different indexers.
The balances on the UniSat Indexer, OKX Indexer and Ordinalscan Indexer were the same but the balance on the ordiscan.com index was different from the above.
The root cause of this issue was that the decimals were processed differently.
The good thing is that at the time of writing the assets were safe.
2. BitStable Suffers DDOS Attack
On November 29, a Bitcoin deployed dApp BitStable suffered an DDOS attack.
The root cause of this issue was that an unauthorized entity gained control of the majority of the supply.
3. Velodrome Suffers Front-end Attack
On November 29, an Optimism deployed dApp Velodrome suffered a front-end attack.
4. BZX Suffers Exploit
On December 3, an Ethereum deployed dApp BZX.network suffered an exploit.
The root cause was that its implementation had a rounding issue.
The attacker’s address is 0x5A7C7Eb8D13A53D42A15d2B1D1b694CcC5141Ea5 on ETH.
Crypto assets worth around US $208K were exploited in this incident.
5. GEC Suffers Exploit
On December 3, a BNB chain deployed token GEC suffered an exploit.
The attacker’s address is 0x7CAf5f223256f74d378f9770e7F48f863d51dFdA on the BNB chain.
Crypto assets worth around US $10K were exploited in this incident.
RUG-PULLS:
1. IPTV Rug-pull
On November 27, an Ethereum deployed token IPTV was confirmed to be a rug-pull.
The token is deployed at 0x157e8935942ec804349100b80b2f0a277b9b0fb8Â on Ethereum.
474,514,997 IPTV tokens were swapped for 135 ETHs (worth around US $273K).
The price of IPTVÂ dropped 100.00%Â after the rug-pull.
2. Grok-2 Rug-pull
On December 1, a BNB chain deployed token Grok-2 was confirmed to be a rug-pull.
The token is deployed at 0x63DC2DB4E62A23f17202B46F2FeEb8eC962Bb8F5 on the BNB chain.
Crypto assets worth around US $246K were exploited in this rug-pull.
3. GFY Rug-pull
On December 3, an Ethereum deployed token GFY was confirmed to be a rug-pull.
The token is deployed at 0x2bdae8de01684b14ab9e5aa746d68ff27172d9b5 on Ethereum.
Crypto assets worth around US $312K were exploited in this rug-pull.
CONCLUSION-
8 notable security incidents have occurred in the past week. 5 were attacks on smart contracts and 3 were rug-pulls.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/