According to the data monitoring of Chengdu Lianans Security Situation Awareness System (Beosin-Eagle Eye), in September 2020, in the blockchain field, multiple types of security incidents occurred frequently, and the overall situation was not optimistic. According to incomplete statistics, there were more than 44 typical security incidents this month, an increase from last month and the highest in history this year.
Typical Security Event Statistics
The blockchain industry has just started, and the overall technological development is in the exploratory stage. In particular, with the popularity of the DeFi market, various projects have sprung up like mushrooms after rain, and the laying of many aspects such as the underlying technology and logical structure is relatively weak, and security risk loopholes are prone to appear. Therefore, for every link in the blockchain ecology, security issues must be given top priority and cannot be ignored.
A total of 6 typical security incidents occurred in the exchange
01
On September 2, the Seoul police searched Bithumb, the largest cryptocurrency exchange in South Korea. The exchange was accused of pre-selling its 30 billion won worth of BXA tokens but never listing them, leaving investors with losses.
02
The European exchange ETERBASE was stolen on Monday night, involving six addresses related to BTC, ETH/ERC-20, XRP, TRX, XTZ, and ALGO. The exchange did not disclose the specific amount of losses caused by the hacker attack, but according to The Block Research’s statistics, the exchange’s hot wallet lost more than $5 million. The situation has been reported to law enforcement and the exchange is cooperating closely with the investigation. Follow-up tracking of fund transfers found that most of the stolen funds are currently in exchanges such as Binance.
03
Japanese cryptocurrency exchange Fisco has filed a lawsuit against Binance in a US court. Fisco claims Binance facilitated money laundering after Zaif (now acquired by Fisco) was hacked in 2018 and lost $63 million in cryptocurrency.
04
The British crypto exchange Covesting tweeted that in response to KuCoin’s security breach and to protect affected COV token holders, the Covesting team has frozen the COV tokens in the reported address (a total of 3,126,692 pieces, worth $560,522) ).
05
Slovakian cryptocurrency exchange Eterbase was hacked and a total of $5.4 million in digital currency was stolen. Six of its hot wallets have been compromised and funds have been siphoned from Bitcoin, Ethereum, Ripple, Algorand, Tezos and Tron, the exchange said.
06
According to the official announcement of Kucoin, at 03:05:37 on September 26, 2020 (UTC+8), the official discovered a planned hacker attack. Judging from the current internal security audit results, the hacker obtained the The backup image of KuCoin’s early hot wallet launched a cash withdrawal attack. Through this attack, some of the bitcoins and ERC-20 tokens in the hot wallet were withdrawn, worth about 4,800 bitcoins, accounting for about 20% of the total funds held by the platform. 5%.
A total of 14 typical security incidents occurred in DeFi
01
Researchers at ZenGo have correctly disclosed the vulnerability found in the Diogenes protocol proof. This proof is intended to provide raw entropy for the Verifiable Delay Function (VDF) of the Ethereum 2.0 Random Beacon Chain.
02
The Ethereum account was suspected of being attacked by Gas Price and lost 115 ETH. The user withdrew 115.299 ETH from the exchange to the Ethereum account, and was inexplicably and quickly transferred to another account after receiving the account. The strange thing is that the other party actually only received 6.46 Ethereum, but the Gas fee for the transfer was as high as 108.83 Ethereum, about 360,000 RMB.
03
There are loopholes in the SushiSwap copy disk YUNo Finance (YUNO) and KIMCHI.finance (KIMCHI) smart contracts. Smart contract owners can take advantage of loopholes to issue unlimited tokens corresponding to the project, leading to inflation and eventual collapse.
04
On the evening of September 3, Philippe Castonguay, a developer of Ethereum, tweeted that both DeFi projects BaconSwap and shroom.finance have time-locking vulnerabilities, which will allow project owners to issue unlimited tokens without time-locking.
05
The Blockstream Research team announced that it has developed a solution, MuSig-DN, that can be used to protect users of the MuSig multi-signature scheme from key disclosure attacks caused by malicious random number generators and virtual machine reset attacks.
06
Developers have discovered major governance flaws in SushiSwap, which appears to be vulnerable to a bug that could multiply someones governance power without needing to acquire new tokens.
07
A large amount of pledged funds of the EOS DeFi liquidity mining project EMD contract emeraldmine1 was transferred. Among them, USDT is being resold through channels such as DeFibox currency trading.
08
A user of YFIs imitation disk Soft Year received $250,000 in return for $200 due to a vulnerability in the rebase mechanism.
09
The wRAM of the EOS ecological DeFi liquidity mining project Coral was hacked, and more than 120,000 EOS were lost. As of September 10, 46,000 EOS have been transferred to ChangeNOW for money laundering.
10
On September 14, bZx officially tweeted that the loopholes in the iToken contract code have been fixed, and the protocol has resumed normal operation.
11
The DeFi stablecoin protocol Lien issued an announcement stating that the teams auditors discovered a loophole in the Lien App and decided to temporarily maintain the platform to prevent the loophole from being exploited.
12
News on September 23, DeFi Pulse said on Twitter on Tuesday night that it has identified and fixed the loopholes, and has corrected historical data.
13
According to the news on September 23, the DeFi project Soda protocol, which was previously exposed to vulnerabilities, has recently announced the repair of the vulnerabilities, and the newly deployed smart contract is expected to take effect at 21:00 on September 22. As of September 23, there are still 2156 SoETH equivalent to ETH in the SoETH/WETH fund pool of the Soda protocol.
14
Beosin Review
Beosin Review
This month, the security issues of DeFi projects were frequently exposed, and many aspects such as technical codes and business logic are areas where vulnerabilities cannot be ignored for DeFi security. Chengdu Lianan once again calls on all major project parties to do a good job of security audit before the project goes online. At the same time, investors are advised to pay attention to the security audit report and carefully select the project party before investing.
A total of 3 more typical security incidents occurred in the field of scams and encryption scams
01
On September 26, the SushiSwap imitation disk project called GemSwap was exposed to run away, and LP was swept away. The query found that the project had tweeted that it had been attacked by the developer of whatitdobb. It is understood that the developer who launched the attack obtained the relevant permission before the liquidity migration was completed, and was able to take away the tokens in the liquidity pool. The specific loss is not yet clear.
02
On Sept. 3, Texas Securities Board (TSSB) Commissioner Travis J. Iles issued an emergency cease and desist order against two crypto scams named Forex Birds and PEK Universe. They are accused of fraudulently issuing securities related to foreign exchange (forex) and cryptocurrencies. Forex Birds allegedly promised returns of up to 11 percent to investors with deposits of up to $1 million.
03
The French Financial Markets Authority (AMF) has published a new list of investment websites that are not authorized to operate within the country, including so-called digital asset service providers (DASPs). The app BitcoinFrance allegedly trades on the cryptocurrency market on behalf of its clients, generating $1,000 a day without any risk. Clearly, these descriptions bear the hallmarks of investment fraud.
A total of 9 typical security incidents occurred in ransomware/mining Trojans
01
Tencent Security Threat Intelligence Center detected MrbMiner, a new mining Trojan horse family. Hackers invaded by blasting through the weak password of the SQL Server server. After successful blasting, they released the Trojan horse assm.exe written in C# language on the target system, and further communicated with the C2 server through the Trojan horse, and then Download the Monero mining trojan and maintain the mining process.
02
Tesla founder Elon Musk confirmed in a tweet that Russian man Egor Igorevich Kriuchkov bribed an employee at a Tesla factory in Nevada with $1 million in bitcoin to install ransomware on Teslas computer network.
03
Argentinas official immigration agency, the Dirección Nacional de Migraciones, has been hit by a Netwalker ransomware attack, temporarily halting entry and exit across the countrys borders. Hackers demanded $4 million in ransom. The Argentine government has refused to negotiate with the hackers and will not pay the ransom.
04
Hackers have launched a ransomware attack on Israels Nasdaq-listed wireless chip and camera sensor maker Tower Semiconductor Ltd (TSEM), demanding hundreds of thousands of dollars in bitcoin.
05
Banco Estado, one of the three largest banks in Chile, had to close its nationwide operations on the 7th due to a cyber attack by the REvil ransomware. REvil is known for auctioning off data stolen in attacks and often demands ransom payments in Monero (XMR).
06
Players of Activision Blizzards Call of Duty: Warzone have complained about account hacks. In some cases, hackers demanded bitcoin payments to redeem gaming accounts. The address provided by the hacker has received 1.2 BTC to date.
07
Pakistans largest electricity producer, K-Electric, suffered a ransomware attack, and hackers demanded a ransom of about $7.7 million in bitcoin.
08
Data center and hosting giant Equinix has been hit by the Netwalker ransomware, with threat actors demanding $4.5 million for a decryptor to prevent leaks of stolen data.
09
According to news on September 13, not long ago, a private enterprise in Hangzhou High-tech Zone (Binjiang) reported to the public security organ that someone maliciously attacked the company’s official website and extorted 1 bitcoin. After receiving the report, the investigative agency quickly locked the suspect Zhong. The Binjiang District Procuratorate prosecuted Zhong for the crime of destroying computer information systems, and Zhong was sentenced to five years and six months in prison by the court.
A total of 2 typical security incidents occurred on the darknet
01
On September 2, the U.S. Department of Justice announced on Tuesday that Bryan Connor Herrell, a mediator of the darknet market AlphaBay, a darknet contraband market that can be accessed through Tor onion routers, was sentenced to 11 years in prison. Offenders use cryptocurrencies such as Bitcoin, Monero, and Ethereum to conduct transactions.
02
More than $6.5 million in cash and virtual currencies have been confiscated in a crackdown on darknet crimes carried out by multiple organizations including the U.S. Department of Justice, the Joint Drug and Darknet Enforcement Team (JCODE) and Europol.
A total of 10 more typical safety incidents occurred in other aspects
01
ShiftCrypto, the Swiss company that developed the BitBox hardware wallet, has revealed that it has discovered a vulnerability in the Trezor and KeepKey hardware wallets that allows attackers to hold users cryptocurrencies for ransom without being near the devices.
02
Swiss hardware wallet provider Shift Crypto says a vulnerability exists in Trezor and KeepKey hardware wallets that could trigger a potential ransom attack. SatoshiLabs, maker of the Trezor hardware wallet, paid a bounty to Shift Crypto and said it had fixed the issue in a recently released upgrade.
03
Venture capitalist Tim Draper previously claimed that the purchase of BCH may be an oolong event. In the early morning of September 5th, Tim Draper tweeted that he had purchased BCH and expressed his gratitude to Roger Ver. The tweet also caught the attention of the crypto community. But OpenNode co-founder João Almeida later confirmed that the Tim Draper Twitter account had been compromised.
04
On the morning of September 9, the encrypted browser Brave officially announced that it has integrated the open source solution of the network security company PhishFort to prevent phishing attacks. Brave will then detect crypto scams and warn users about suspicious domains.
05
At present, there is a bitcoin wallet that has become the target of many hackers. The wallet contains 69370 BTC, worth 714 million US dollars. The wallet has not been cracked yet.
06
On Sept. 16, the U.S. Department of Justice, the U.S. Department of Homeland Security, and the U.S. Treasury Department’s Office of Foreign Assets Control announced that they had charged at least $16.8 million in theft of at least $16.8 million from customers of three different cryptocurrency exchanges using a sophisticated phishing campaign. sanctions against Russian nationals.
07
On September 22, the encrypted derivatives exchange Deribit tweeted that it encountered a DDOS attack in the early morning, making the platform server difficult to access. Officials are stopping the attack. Currently, the DDOS attack has been blocked, and officials have taken steps to reduce other potential problems.
08
There are loopholes in wumbo, a large-amount channel of the Lightning Network, allowing attackers to attack payment channels with little effort and zero cost, or cause the channel to be paralyzed for two weeks.
09
Nick Percoco, chief security officer of crypto exchange Kraken, announced that four new security enhancements have been released on Kraken and will be available to all customers of the exchange starting today. Including security protection, safety check, device approval and device management, among which the Device Approval function will especially combat phishing attacks.
10
In view of the new situation in the current blockchain security field, Chengdu Lianan warm reminder
In view of the new situation in the current blockchain security field, Chengdu Lianan warm reminder
On the whole, the number of blockchain security incidents in September increased compared with August, and the overall number of security incidents was relatively high. The blockchain security situation is still grim.
This month, DeFi projects are still a hot topic of security, and the smart contracts of many projects have been exposed to vulnerabilities, and some have even been exploited by hackers, causing losses. Chengdu Lianan hereby appeals to the project party to maintain rigorous logic when writing contract codes, and to find a professional security company to do a security audit before the project goes live.
In addition, there are fewer fraudulent escape incidents this month, but the majority of users still cannot relax their vigilance. They still need to be cautious when choosing projects, and pay attention to project qualifications and security audit reports.
