Discover more from Fairyproof Official Newsletter
Weekly Blockchain Security Watch
Mar 13 to Mar 19
From 13 March 2023 to 19 March 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.
1. Hacker Exploits Euler Finance Through Flash-Loan
On 13 Mar, a hacker attacked Euler Finance, a lending application deployed on Ethereum.
The root cause of this incident was that Euler’s donateToReserves() function did not have a proper check on collateralization status.
An attacker address started this attack with a flash-loan and created a leverage insolvent position through Euler’s mint() function and the donateToReserves() function.
The address liquidated its position in the same transaction to gain a large amount of eTokens and repeated this process on multiple Euler pools.
In this attack, the following assets were stolen:
Eventually crypto assets worth around US $197 million were exploited in this incident.
- 0xB2698C2D99aD2c302a95A8DB26B08D17a77cedd4 (on Ethereum)
- 0xb66cd966670d962C227B3EABA30a872DbFb995db (on Ethereum)
- 0x5F259D0b76665c337c6104145894F4D1D2758B8c (on Ethereum)
- 0xc66dFA84BC1B93df194bD964a41282da65D73c9a (on Ethereum)
- 0x583c21631c48D442B5C0E605d624f54A0B366c72 (on Ethereum)
- 0xe025e3ca2be02316033184551d4d3aa22024d9dc (on Ethereum)
- 0x1b808f49add4b8c6b5117d9681cf7312fcf0dc1d (on Ethereum)
- 0x0275b156cd77c5ed82d44bcc5f9e93eecff20138 (on Ethereum)
- 0xbd1bd5c956684f7eb79da40f582cbe1373a1d593 (on Ethereum)
- 0xeb91861f8a4e1c12333f42dce8fb0ecdc28da716 (on Ethereum)
2. Hacker Exploits Poolz Finance by Exploiting Implementation’s Arithmetic Overflow
On 15 Mar, a hacker attacked a DeFi application deployed on the BNB chain Poolz Finance by exploiting on a vulnerability in an arithmetic overflow in the application’s implementation.
Hackers exploited this vulnerability to attack Poolz Finance’s token vesting protocols on both the BNB chain and Polygon.
The hacker attacked Poolz Finanace’s token vesting protocols on both the BNB chain and Polygon. Consequentially, POOLZ’s price dropped by around 99%.
Crypto assets worth around US $390,000 were exploited in this incident.
3. Echelon Announces Discord Server Compromised
On 16 Mar, a game project deployed on Ethereum Echelon (@EchelonFND) announced on Twitter that their Discord had been compromised.
In a later update by //Kalos (@templecrash) indicated that the project’s Discord server is back up and operational and that the server was undergoing a cleanup and security pass. The user urged others not to click on any links and that the project will not conduct surprise mints or drops.
4. Hacker Attacks Para Space by Exploiting Logic Vulnerability
On 17 Mar, a hacker attacked Para Space, a DeFi application deployed on Ethereum by exploited on a logic vulnerability found in the implementation’s borrow function.
The attacker attempted to borrow more than legitimate tokens as BlockSec had successfully intercepted the attack. 2900 ETHs were rescued.
However, around US$90, 000 to US$270, 000 worth of crypto assets were still exploited in this incident.
At the time of writing the project has been paused and Para Space’s patch is being audited.
1. Harvest Keeper Turns Out to Be A Scam
On 19 Mar, Harvest Keeper (@Harvest_Keeper) deployed on Ethereum, BNB chain and Polygon turned out to be scam.
The contract was deployed at 0x28120471E1e42e15a71Af5E39cA9f93099F34d2d on the BNB chain.
Crypto assets worth around US $933, 000 were exploited by the team in this incident.
5 notable security incidents have occurred in the past week. 4 were attacks on social media, smart contracts, or blockchains, and 1 was a rug-pull.
It is worth noting that the attack on Euler Finance has caused the greatest loss in 2023 so far.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at https://www.fairyproof.com/