According to Chengdu Lianan [Lianbian-Blockchain Security Situational Awareness Platform (Beosin-Eagle Eye)] security public opinion monitoring data show that in June 2021, according to incomplete statistics, the typical security incidents that occurred in the entire blockchain ecosystem exceeded 36 cases, the overall safety risk rating is [high]. This month, [DeFi] is still the main position where typical security incidents frequently occur, and flash loan attacks are still the main attack method adopted by hackers. In addition, [in terms of scams and encryption scams] the security situation is also severe and should not be taken lightly.
Compared with May, attacks on the DeFi ecosystem are no longer limited to projects on the BSC chain. As the DeFi ecosystem tends to prosper, various DeFi projects also expose different security risks due to differences in product design and implementation . For example, in the hacking of xWin Finance, the attacker exploited the loopholes in the project itself in the promotion means and reward mechanism to launch the attack; while in the hacking of SafeDollar, the attacker exploited the project contract in the staking and calculating rewards” logical flaws.
secondary title
In terms of exchanges, a total of 2 typical security incidents occurred
01
According to the new regulations of the South Korean authorities, if the trading platform staff conduct transactions on their own platform, their trading platform will face a fine of up to 100 million won (about 90,000 US dollars) and suspension of trading license.
02
secondary title
In terms of DeFi, a total of 11 typical security incidents occurred
01
PancakeHunny was attacked by hackers, and a large number of tokens were issued in a short period of time and thrown into the market.
02
SushiSwap helped Alchemix discover a loophole that could drain ALCX from their reward contract, so Alchemix asked SushiSwap to disable their double mining reward.
03
Yield farm EvoDefi was attacked, causing the price of its token GEN to drop from $2.1 per coin to $0.9 per coin, a drop of 57%.
04
DeFi fixed interest rate generation protocol 88mph, released a repair report for a serious vulnerability in the init() function.
05
There is a suspected loophole in the Alchemix alETH pool, and users can withdraw mortgaged ETH without repaying the alETH debt. At present, the team has stopped the mortgage lending of the pool and launched an investigation.
06
The DeFi protocol Impossible Finance is suspected of being attacked by flash loans.
07
The smart pool related to Nerve in Eleven Finance may be attacked by flash loans. The Nerve Finance team says funds are safe.
08
On June 25, the DeFi protocol xWin Finance on the BSC chain was attacked by flash loans.
09
On June 28, SafeDollar was suspected of being hacked, and an unconfirmed contract siphoned away 250,000 USDC and USDT.
10
THORChain suffered a malicious attack, which caused a loss of 140,000 US dollars of funds, but THORChain stated that user funds will not be affected, and will use the treasury to make up for the loophole funds.
11
Merlin Lab, a revenue aggregator, was attacked by hackers due to a logical loophole in MerlinStrategyAlpacaBNB. The loophole was that the contract mistakenly used the WBNB transferred by the beneficiary as mining revenue, which made the contract issue more $MERL as a reward.
Beosin Comments:
secondary title
In terms of scams running away/encryption scams, there were a total of 8 typical security incidents
01
On June 1, two men were detained for allegedly defrauding LocalBitcoins, a peer-to-peer bitcoin platform. Nearly 36 people were defrauded of approximately $136,000 in virtual currency in the scam.
02
On June 12, a Twitter user claimed to have received an email from a scam team, opened the scr file with the Microsoft Word logo attached to it, and was attacked.
03
A Nottinghamshire man claims to have been robbed of £200,000 ($282,000) in a crypto scam by a bogus brokerage.
04
StableMagnet Finance, an automatic market maker for stable currency exchange on the Binance Smart Chain (BSC), took away $22 million from users and ran away.
05
The founder of the virtual currency investment platform Africrypt lost contact, and 69,000 bitcoins (approximately US$2.3 billion) were transferred on the platform.
06
On June 24, Xichang City Public Security Bureau eliminated for the first time a group that used virtual currency to launder money for telecom network fraud crimes in the process of strengthening the crackdown on telecom network fraud crimes.
07
Europol cracks down on Belgian Ponzi scheme Vitae. During the operation, law enforcement officers recovered 1.1 million euros in cash and 1.5 million euros in virtual currency.
08
There have been scammers posing as virtual currency analyst PlanB to scam on Twitter, and many people have had their funds stolen.
Beosin Comments:
secondary title
In terms of ransomware/mining Trojans, there were 4 typical security incidents
01
The U.S. Department of Justice has charged Latvian citizen Alla Witte with alleged involvement in an international cybercriminal group that created and deployed a suite of computer banking ransomware called Trickbot in an attempt to defraud consumers, businesses and other organizations.
02
The United States has recovered millions in virtual currency previously paid to Colonial Pipeline ransomware hackers.
03
Andre Nogueira, chief executive of JBS USA Holdings, the U.S. subsidiary of Brazilian meatpacker JBS SA, said the company has paid $11 million in ransom to cybercriminals to address a ransomware attack.
04
secondary title
In other respects, a total of 11 typical security incidents occurred
01
On June 3, Apple co-founder Steve Wozniak sued YouTube last July, accusing the platform of allowing others to use his image to post bitcoin scam videos. The lawsuit was dismissed by a California court on Wednesday.
02
Eleven users of South Korean virtual currency exchange Upbit have filed a class-action lawsuit against its operator, Dunamu Inc., seeking damages for allegedly lost funds due to technical glitches.
03
The official website of the Prime Minister of Sri Lanka was hacked by an anonymous hacker group and redirected to another website called Bitcoin, a decentralized virtual currency.
04
SiaStats tweeted that the Sia network has been under DDoS attacks in the last 48 hours. The biggest targets are network hosts and storage providers. About 30% of them suffered power outages.
05
The DeFi asset management platform Zapper tweeted that it had discovered a vulnerability in the old Polygon Bridge smart contract that allowed attackers to steal unlimited approved funds.
06
Some Twitter users said that the $1 million USDC/ETH transaction on Curve has higher slippage than the $10 million USDC/ETH transaction, which is suspected to be caused by routing errors. This vulnerability has been fixed now.
07
Mumbai resident Makarand Pardeep Adivirkar, dubbed the crypto king in the countrys underground drug cycle, has been arrested by Indias Narcotics Control Bureau (NCB). Indian virtual currency exchange Wazirx said the accused is not a client.
08
Algorithmic stablecoin protocol Malt Protocol has unveiled a plan to compensate investors affected by bugs that thwarted the protocol’s launch and locked out liquidity providers.
09
A tax official named Hwang Byung-gwang successfully recovered up to 32 million US dollars of tax funds with his keen investigative skills, and the National Tax Service decided to honor and award him the title of Outstanding Public Servant.
10
The security company Fireblocks responded to the loss of StakeHound’s $75 million worth of Ethereum, saying that the incident was caused by StakeHound’s failure to use a third-party disaster recovery service to back up the BLS key as required, and the requirement had been communicated in writing when the two parties signed the agreement.
11
On June 29, U.K. bank Natwest limited the amount of money customers can send to virtual currency exchanges, including Binance, per day, amid concerns about investment scams and fraud.
text
On the whole, the typical security incidents in June increased slightly compared with May, and the security situation of the entire blockchain ecosystem is still at a [high risk level]. It is not difficult to see that in JuneIn terms of the type distribution of security incidents, [DeFi aspect] and [fraud escape/encryption scam] still need to be paid attention to by practitioners of all parties in the blockchain.
As far as [DeFi] is concerned, with the continuous development of the DeFi ecosystem, all kinds of DeFi projects have sprung up like mushrooms after the spring rain. The higher the concentration of assets on the chain and the wider the user coverage, the more they will naturally become hackers. target of attack. The Chengdu Lianan Security Team recommends that major DeFi project parties must do a good job in security audits and security precautions.
As far as [fraud and escaping/encryption scams], with the rapid expansion of the virtual currency market, all kinds of fraud and escaping criminal activities are also becoming more and more rampant. Chengdu Lianan Qixing Lab has noticed that more and more lawbreakers have recently begun to use virtual currency to carry out illegal and criminal activities such as fraud, pyramid schemes, money laundering, and online gambling. Fall into the trap elaborately concocted by criminals.
