Weekly Blockchain Security Watch
March 25 to March 31
From March 25, 2024 to March 31, 2024, all security incidents that had occurred are all Security Hacks.
SECURITY HACKS:
1. ARK Token Suffers Exploit
On March 26, a BNB Chain deployed token ARK suffered an exploit.
The root cause of this incident was that its price was manipulated.
The attacker is 0xDd309ea4E99B772C1e6a798a6b159211Bb95b22c on the BNB Chain.
Crypto assets worth US $195,000 were exploited in this incident.
2. Curio Ecosystem Suffers Governance Attack
On March 26, an Ethereum deployed dApp Curio Ecosystem@curio_invest suffered a governance attack.
The attacker is 0xdaAa6294C47b5743BDafe0613d1926eE27ae8cf5 on Ethereum
In this incident, 996 billion CGT tokens were minted, caused by the extremely low vote & execution threshold with the governance token. This was exploited by the attacker to launch the attack.
3. Munchables Suffers Exploit
On March 27, a Blast deployed dApp munchables@munchables suffered an exploit.
The attacker is 0x6e8836f050a315611208a5cd7e228701563d09c5 on Blast.
17,400 $ETH worth around US $62 million were exploited in this incident.
4. Prisma Finance Suffers Exploit
On March 28, an Ethereum deployed dApp Prisma Finance@PrismaFi suffered an exploit.
The attackers are 0x7e39e3b3ff7adef2613d5cc49558eab74b9a4202
and 0x4148310fe4544e82f176570c6c7b649290a90e17 on Ethereum
The root cause is that the `flashloan` function was exploited by the attackers to manipulate any user's position.
Crypto assets worth around US $9.9 million were exploited in this incident.
CONCLUSION-
4 notable security incidents have occurred in the past week. All were attacks on smart contracts.
It is worth noting that the exploit on Munchables caused a loss of US $62 million.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Be alert to any anomalies happening in the various social media accounts you manage.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter:
For a better understanding of all things Web3.0: https://medium.com/@FairyproofT
Looking to strengthen the security of your project or looking for an audit? Contact us at
https://www.fairyproof.com/