Weekly Blockchain Security Watch
August 22 to August 28
From August 22 to August 28, 2022, all security incidents that have occurred are Security Hacks.
1. Shevchenko Announces Attack on Aurora Thwarted by Automated Watchdogs
On August 22, EVM-compatible platform Aurora’s CEO Alex Shevchenko announced on Twitter that a hacker had attempted to attack the platform’s rainbow bridge but was thwarted by Aurora’s automated watchdogs. The attacker sent a fake NEAR block but was challenged by the platform’s automatic security system, thwarting the attack within 31 seconds. The attacker lost 5 ETHs in the process.
For more information: https://typefully.com/AlexAuroraDev/llbgC58
2. Hackers Attack CETS ON KREK’s Discord
On August 22, hackers attacked CETS ON KREK’s Discord server. CETS ON KREK is a web3 community project.
3. Secret Project Team Announces Stopped Discord Attack
On August 23, NFT project Secret Project Team announced on Twitter that they had successfully stopped an attack on their Discord server. The account also mentioned that the attack was stopped through the collective efforts of the community and their own security mechanisms.
4. Dininho Announces Discord Server Attacked by Hackers, Losses Compensated
On August 23, crypto game project Dininho announced on Twitter that their Discord server has been hacked. The account urged users not to click on any links. The project later announced they have regained full control of the Discord server and were compensating losses incurred.
5. Hacker Uses Flashloan to Exploit Logic Vulnerability on KaoyaSwap
On August 24, an attacker had exploited more than US$110, 000 worth of crypto assets on KaoyaSwap, a Defi application deployed on the BNB chain.
KaoyaSwap had implemented a proxy/implementation pattern, of which, the proxy contract was deployed at: 0x879ead67c92ec2bfa70fa9d157f500b7b31b64ab
while the implementation was deployed at: 0x97AF028838604C59F93B279D3B6f6cBbF74bc680
In the pattern, a logic vulnerability was found in the “swapExactTokensForETHSupportingFeeOnTransferTokens” function.
The attacker borrowed 1, 800 BNBs through a flashloan, made two token pairs by using the BNBs and another two tokens, and provided the liquidity to the application. The attacker then proceeded to repeatedly execute the vulnerable token-swap function and eventually obtained a net quantity of 37, 294 BUSDs and 271 WBNBs after returning the flashloan.
- Attacker’s Address: 0xd87fc924d4afc6a0d086f12137cddfeccf270307 (on the BNB chain)
- Attacking Contract: 0xa722ca7bf032de8f7a675da75dfec661bc89ace9 (on the BNB chain)
- Hash Value of the Attack Transaction:
6. Hackers Attack OVR’s Discord
On August 26, hackers attacked OVR’s Discord server. OVR is an NFT project.
7. Hackers Attack KAITU’s Discord
On August 26, hackers attacked KAITU’s Discord server. KAITU is an NFT project.
8. Sui by Mysten Labs Announce Discord Server Hacked
On August 27, Sui by Mysten Labs announced that their Discord server has been hacked. They also announced that their team was working to resolve the issue ASAP. Sui is a smart contract platform.
9. Hackers Attack Cosmic Clone’s Discord
On August 28, hackers attacked Cosmic Clone’s Discord server. Cosmic Clone is an NFT project.
9 notable security incidents related to security hacks have occurred in the past week.
Most of them were attacks on social media. The only attack on smart contracts occurred on the BNB blockchain.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
To stay updated on notable security incidents in the world of Web3.0, subscribe to our newsletter
Looking to strengthen the security of your project? Reach out to us at https://www.fairyproof.com/