August 8 to August 14
From August 8 to August 14 2022, all security incidents that had occurred can be categorized into:
Security Hacks
Vulnerability Research Findings
SECURITY HACKS:
1. Attacker Redirects Curve Finance Users to Cloned Site with Malicious Code for Exploit
On August 10, an attacker had infiltrated Curve Finance’s ENS Server and programmed a redirect from Curve.fi’s official site to a cloned site.
The attacker had also injected malicious code into the cloned site, tricking users to approve token spending, and exploited around US$620, 000 worth of USCs and DAIs.
Additional Details:
- Attacker’s Address: 0x50f9202e0f1c1577822BD67193960B213CD2f331 (Ethereum)
- Attacking Contract: 0x50f9202e0f1c1577822BD67193960B213CD2f331 (Ethereum)
2. Attacker Leverages on Acala’s Configuration Error to Exploit Honzon
On August 13, an attacker had leveraged on to an iBTC/aUSD configuration error in one of Polkadot’s parachains Acala to exploit Acala’s cross-chain bridge Honzon. The exploit allowed the attacker to mint around 1 billion additional aUSDs at will. Right after the incident, the Acala team claimed that the bug had been fixed.
The Acala community decided that these additionally minted aUSDs and the tokens converted from a part of these aUSDs are to be frozen before further actions were made.
Additional Detail:
- Attacker’s Address: 26JmEcghNmggvT46sojckg34Py9zFRKkCcFy3gr49hrFgT2k (Acala)
3. Hackers Attack Mogul Productions’ Discord
On August 13, hackers attacked Mogul Productions’ Discord server. Mogul Productions is a DeFi and NFT platform for movies.
4. Hackers Attack Saphire’s Discord Server
On August 13, hackers attacked Saphire’s Discord server. Saphire is an NFT project.
5. Hacker Attacks Daisuki’s Discord
On August 13, hackers attacked Daisuki’s Discord server. Daisuki is an NFT project.
6. Attacker Attacks Alpha Mutants’ Discord
On August 13, hackers attacked Alpha Mutants’ Discord server. Alpha Mutants is an NFT project.
VULNERABILITY RESEARCH FINDINGS:
1. Researchers Discover Vulnerability in Bitcoin’s Lightning Network
On August 13, two researchers Cosimo Sguanci and Anastasios Sidiropoulos in the University of Illinois discovered a vulnerability in Bitcoin’s Lightning Network. In a paper co-authored by both, they wrote of a vulnerability that could be exploited to launch double-spend attacks to the Lightning Network. As few as 30 nodes could conclude and launch such an attack. If this attacks like these were launched, around 750 bitcoins (about US$17 million) would be stolen.
CONCLUSION-
6 notable incidents and 1 discovery had occurred in the past week.
None of the hacks was related to smart contracts. Most of them were attacks on social media. The attack on Curve was a traditional security attack. The attack on Acala was based on an operation issue.
A Reminder for Project Teams: Secure daily maintenance plays an important role in a project’s security. Be aware of potential issues that may arise in manual operations and maintenance.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
Looking to strengthen the security of your project? Contact us at