From April 24, 2023, to April 30, 2023, all security incidents that occurred can be categorized into Security Hacks and Rug-pulls.
SECURITY HACKS:
1. Harvest Finance’s Discord Server Compromised
On April 24, the discord server of Harvest Finance(@harvest_finance) was compromised. A phishing link was sent in the Discord Server. Harvest Finance is a DeFi application on Ethereum.Â
2. Kucoin’s Twitter Account Compromised
On April 24, the Twitter account of Kucoin(@kucoincom) was compromised. Kucoin is a centralized exchange.Â
3. FlowX’s Discord Server Compromised
On April 24, the discord server of FlowX(@FlowX_finance) was compromised. FlowX is a DeFi application on SUI.Â
4. HASUKI’s Discord Server Compromised
On April 24, the discord server of HASUKI(@HasukiNFTs) was compromised. HASUKI is an NFT project on Solana.Â
5. SASHIMISASHIMI Suffers Flash-loan Attack
On April 25, SASHIMISASHIMI, a DeFi application deployed on Ethereum and BNB chain suffered a flash-loan attack.
Crypto assets including 37.35 BNBs and 6.58 ETHs total worth US $24.200 were exploited in this incident. Â
6. Merlin Suffers Exploit
On April 26, Merlin, a DeFi application deployed on zkSync suffered an exploit.
The root cause of this incident was reported to be a private key leak.
Crypto assets worth US $1.1 million were exploited in this incident.
7. OVIX Suffers Flash-loan Attack
On April 28, OVIX, a DeFi application deployed on Polygon suffered a flash-loan attack.
The root cause of this incident was a vulnerability in GHST’s price calculation.
Crypto assets worth around US $2 million were exploited in this incident.
8. BreederDAO’s Discord Server Compromised
On April 28, the discord server of BreederDAO(@BreederDAO) was compromised. A fake airdrop link was sent in the Discord Server. BreederDAO is an NFT application on Ethereum.Â
9. SoliMax’s Telegram Account Compromised
On April 29, the Telegram account of SoliMax(@solimax_) was compromised. SoliMax is an application on Fantom.
10. JPEG’d’s Discord Server Compromised
On April 29, the discord server of JPEG’d(@JPEGd_69) was compromised. JPEG’d is an NFT application deployed on Ethereum.
11. Tapio Finance’s Discord Server Compromised
On April 29, the discord server of Tapio Finance(@TapioFinance) was compromised. Tapio Finance is a DeFi application deployed on Ethereum.
12. Monkes’ Discord Server Compromised
On April 29, the discord server of Monkes(@Monkes_NFT) was compromised. Monkes is an NFT application deployed on SUI.
13. XEX’s Discord Server Compromised
On April 30, the discord server of XEX(@XEX_Crypto) was compromised. XEX is an NFT project deployed on multiple blockchains including Ethereum, BNB chain, and Polygon.
RUG-PULLS:
1. Ordinals Finance Confirmed to Be Rug-pull
On April 25, Ordinals Finance, a project deployed on Ethereum was confirmed to be a rug-pull.Â
Crypto assets worth around US $1 million were exploited in this incident.
CONCLUSION-
14 notable security incidents have occurred in the past week. 13 were security attacks or incidents, and 1 was a rug-pull.
A Reminder for Project Teams:Â Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users:Â Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.Â
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:Â
For a better understanding of all things Web3.0:Â https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/