From October 30, 2023 to November 5, 2023, all security incidents that had occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. Unibot Suffers Exploit
On October 31, a multi-chain deployed dApp Unibot suffered an exploit.
The root cause of this exploit was that its contracts lacked a check on validation.
The attacker’s address is 0x413e4Fb75c300B92fEc12D7c44e4c0b4FAAB4d04 on Ethereum
Crypto assets worth around US $560,000 were exploited in this incident.
2. Onyx Suffers Exploit
On November 1, an Ethereum deployed dApp Onyx suffered an exploit.
The root cause of this incident was that its token precision was incorrect.
The attacker’s addresses are
0x085bDfF2C522e8637D4154039Db8746bb8642BfF and
0x5083956303a145f70ba9f3d80c5e6cb5ac842706 on Ethereum
Crypto assets worth around US $2.1 million were exploited in this incident.
3. Frax Finance Suffers Attack
On November 1, an Ethereum deployed dApp Onyx suffered an attack.
The project’s domain name misfunctioned.
At the time of writing, no loss has been reported.
RUG-PULLS:
1. BEG Rug-pull
On October 31, an Ethereum deployed token BEG was confirmed to be a rug-pull.
The token is deployed at 0x388877890b95416e50192fe7a946bbe516fe7c73 on Ethereum
Crypto assets worth around US $97,000 were rug-pulled in this incident.
2. KGT Rug-pull
On November 1, a BNB chain deployed token KGT was confirmed to be a rug-pull.
The token is deployed at 0x316878fef81a307d474c042683088942c8116fd7 on the BNB chain.
Crypto assets worth around US $172,000 were rug-pulled in this incident.
3. AMO Rug-pull
On November 3, an Ethereum deployed token AMO was confirmed to be a rug-pull.
The token is deployed at 0x49c7b02063966aadbe3a88032af58d93615d1519 on Ethereum.
Crypto assets worth around US $215,000 were exploited in this incident.
CONCLUSION-
6 notable security incidents have occurred in the past week. 3 were attacks on smart contracts and 3 were rug-pulls.
It is worth noting that the loss in the Onyx exploit was $2.1 million.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/