Weekly Blockchain Security Watch

Apr 17 to Apr 23

From April 17, 2023, to April 23, 2023, all security incidents that occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

1. Kyber Urges Liquidity Providers to Withdraw Funds on Elastic

On April 17, Kyber Network, an established DEX deployed on Ethereum urged liquidity providers to withdraw their funds on Elastic since a vulnerability had been detected. No funds were lost.

2. Agility’s Discord Server Compromised

On April 18, the discord server of Agility(@agility_lsd) was compromised. A phishing link was sent in the Discord Server. Agility and LSD application on Ethereum. 

3. Starknet ID’s Discord Server Compromised

On April 18, the discord server of Starknet.id(@Starknet_id) was compromised. A phishing link was sent in the Discord Server. Starknet ID is a name service application on Stark Net.

4. Zebec Protocol’s Discord Server Compromised

On April 18, the discord server of Zebec Protocol(@Zebec_HQ) was compromised. A phishing link was sent in the Discord Server. Zebec Protocol is a dApp deployed on the BNB chain, Solana and AVAX.

5. ETC Cooperative’s Discord Server Compromised

On April 19, the discord server of ETC Cooperative(@ETCCooperative) was compromised. A fake airdrop link was sent in the Discord Server. ETC Cooperative is an organization that helps ETC development.

6. Ocean Life Gets Hacked

On April 19, Ocean Life, a project deployed on the BNB chain suffered an attack.

The root cause was that there was a vulnerability in its reflection mechanism. This was exploited by the hacker to manipulate the price.

32 WBNBs worth around US $11,000 were exploited in this incident.

7. zkLink’s Discord Server Compromised

On April 19, the discord server of zkLink(@zkLinkorg) was compromised. zkLink is a layer 2 solution.

8. Tales of Elleria’s Bridge Contract Gets Hacked

On April 20, Tales of Elleria(@TalesofElleria) announced that their bridge contract was exploited and the liquidity pool was drained.

Tales of Elleria is a dApp deployed on Arbitrum One.

The hacker minted 5,000,000,000 $ELM and proceeded to drain the LP. 

Crypto assets worth around US $273,600 were exploited in this incident.

9. LaunchMyNFT’s Discord Server Compromised

On April 20, the discord server of LaunchMyNFT(@LaunchMyNFT) was compromised. A phishing link was sent in the Discord Server.

10. Unlock Protocol Gets Hacked

On April 21, Unlock Protocol, a dApp deployed on Ethereum got hacked.

16.5 ETH worth US $32,000 were exploited in this incident and cashed out via Tornado Cash.

11. Pob Studio’s Discord Server Compromised

On April 21, Pob Studio(@prrfbeauty) announced that its discord server was compromised. A phishing link was sent in the Discord Server. Pob Studio is an independent NFT production studio.

12. Metallicus’ Discord Server Compromised

On April 22, the discord server of Metallicus(@WeAreMetallicus) was compromised. Metallicus is a crypto service company. 

13. Core DAO’s Discord Server Compromised

On April 23, the discord server of Core DAO(@Coredao_Org) was compromised. A phishing link was sent in the Discord Server. Core DAO is a blockchain project.

14. Dynex’s Discord Server Compromised

On April 23, the discord server of Dynex(@dynexcoin) was compromised. A phishing link was sent in the Discord Server. Dynex is a blockchain project.

RUG-PULLS:

1. Void.Cash Confirmed to Be Rug-pull

On April 23, Void.Cash, a project deployed on Ethereum was confirmed to be a rug-pull. 

Crypto assets worth around US $37,000 were exploited in this incident.

CONCLUSION-

15 notable security incidents have occurred in the past week. 14 were security attacks or incidents, and 1 was a rug-pull.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. 

Everyone in the crypto community needs to gain an understanding and practice sufficient levels of cybersecurity.

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/

(Apr 17 to Apr 23)

From April 17, 2023, to April 23, 2023, all security incidents that occurred can be categorized into Security Hacks and Rug-pulls.

SECURITY HACKS:

1. Kyber Urges Liquidity Providers to Withdraw Funds on Elastic

On April 17, Kyber Network, an established DEX deployed on Ethereum urged liquidity providers to withdraw their funds on Elastic since a vulnerability had been detected. No funds were lost.

2. Agility’s Discord Server Compromised

On April 18, the discord server of Agility(@agility_lsd) was compromised. A phishing link was sent in the Discord Server. Agility and LSD application on Ethereum. 

3. Starknet ID’s Discord Server Compromised

On April 18, the discord server of Starknet.id(@Starknet_id) was compromised. A phishing link was sent in the Discord Server. Starknet ID is a name service application on Stark Net.

4. Zebec Protocol’s Discord Server Compromised

On April 18, the discord server of Zebec Protocol(@Zebec_HQ) was compromised. A phishing link was sent in the Discord Server. Zebec Protocol is a dApp deployed on the BNB chain, Solana and AVAX.

5. ETC Cooperative’s Discord Server Compromised

On April 19, the discord server of ETC Cooperative(@ETCCooperative) was compromised. A fake airdrop link was sent in the Discord Server. ETC Cooperative is an organization that helps ETC development.

6. Ocean Life Gets Hacked

On April 19, Ocean Life, a project deployed on the BNB chain suffered an attack.

The root cause was that there was a vulnerability in its reflection mechanism. This was exploited by the hacker to manipulate the price.

32 WBNBs worth around US $11,000 were exploited in this incident.

7. zkLink’s Discord Server Compromised

On April 19, the discord server of zkLink(@zkLinkorg) was compromised. zkLink is a layer 2 solution.

8. Tales of Elleria’s Bridge Contract Gets Hacked

On April 20, Tales of Elleria(@TalesofElleria) announced that their bridge contract was exploited and the liquidity pool was drained.

Tales of Elleria is a dApp deployed on Arbitrum One.

The hacker minted 5,000,000,000 $ELM and proceeded to drain the LP. 

Crypto assets worth around US $273,600 were exploited in this incident.

9. LaunchMyNFT’s Discord Server Compromised

On April 20, the discord server of LaunchMyNFT(@LaunchMyNFT) was compromised. A phishing link was sent in the Discord Server.

10. Unlock Protocol Gets Hacked

On April 21, Unlock Protocol, a dApp deployed on Ethereum got hacked.

16.5 ETH worth US $32,000 were exploited in this incident and cashed out via Tornado Cash.

11. Pob Studio’s Discord Server Compromised

On April 21, Pob Studio(@prrfbeauty) announced that its discord server was compromised. A phishing link was sent in the Discord Server. Pob Studio is an independent NFT production studio.

12. Metallicus’ Discord Server Compromised

On April 22, the discord server of Metallicus(@WeAreMetallicus) was compromised. Metallicus is a crypto service company. 

13. Core DAO’s Discord Server Compromised

On April 23, the discord server of Core DAO(@Coredao_Org) was compromised. A phishing link was sent in the Discord Server. Core DAO is a blockchain project.

14. Dynex’s Discord Server Compromised

On April 23, the discord server of Dynex(@dynexcoin) was compromised. A phishing link was sent in the Discord Server. Dynex is a blockchain project.

RUG-PULLS:

1. Void.Cash Confirmed to Be Rug-pull

On April 23, Void.Cash, a project deployed on Ethereum was confirmed to be a rug-pull. 

Crypto assets worth around US $37,000 were exploited in this incident.

CONCLUSION-

15 notable security incidents have occurred in the past week. 14 were security attacks or incidents, and 1 was a rug-pull.

A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.

A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations. 

Everyone in the crypto community needs to gain an understanding and practice sufficient levels of cybersecurity.

To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter: 

Fairyproof Official Newsletter

Weekly Reports on Notable Security Incidents; Analysis on Hacks, Vulnerabilities, and Solutions; Quarterly and Yearly Reviews; To Make the Community of Web3.0 a Safer Place.

For a better understanding of all things Web3.0: https://medium.com/@FairyproofT

Looking to strengthen the security of your project or looking for an audit? Contact us at

https://www.fairyproof.com/