Inventory From Beosin | More than 36 typical security incidents in July, DeFi and encryption scams continue to be the hardest hit areas

It’s time for another monthly security roundup! Beosin-Eagle Eye opinion monitoring shows that in July 2021, various security incidents still occurred from time to time. Chengdu Chain Security Technology statistics in July occurred more typical security incidents over 36.

This month’s security incidents are still focused on two areas, DeFi and encryption scams, in addition to ransomware security incidents can not be ignored, the amount of losses caused by this area is often huge. Here again, Beosin recommends that all project parties must monitor the abnormal operations in real time and find and solve them immediately. All users should also enhance their security awareness to avoid serious losses.

In terms of Exchange,

There were 2 typical security incidents occurred in total:

№1 Former employee of New Zealand cryptocurrency exchange Cryptopia stole over $170,000 in cryptocurrency.

№2 The beneficial owner of Bithumb, the largest cryptocurrency exchange in South Korea, was referred for trial on a 100 billion won fraud charge.

In terms of DeFi,

There were 11 typical security incidents occurred in total:

№1 DeFiPie, a lending protocol on the Ether and CoinSwap smart chains, was hacked and officials advised liquidity providers to withdraw liquidity as soon as possible.

№2 Due to the vulnerability of ChainSwap smart contract, it was hacked and 2.9 million RAIs were stolen.

№3 Anyswap, a decentralized cross-chain trading protocol, was attacked at 4am Beijing time on July 11, losing about 8 million USD.

№4 BSC ecological Rabbit Finance code has a large number of vulnerabilities and is suspected of running away.

№5 Aperocket.finance suffered a lightning loan attack and the token Space flashed down 75%.

№6 Polygon Space Token (pSPACE) of Polygon platform suffered a lightning loan attack.

№7 Bondly Finance (BONDLY), a digital collectibles marketplace platform, has been attacked by an unknown party and users are advised to stop trading BONDLY tokens.

№8 THORChain (RUNE), a decentralized cross-chain trading protocol, has been attacked and lost approximately $25 million.

№9 DeFi revenue aggregator PancakeBunny on Polygon has been externally attacked.

№10 DeFi project array finance is suspected to have been attacked by Lightning Lending.

№11 The revenue farming protocol PolyYeld Finance was attacked, causing the price of YELD tokens to go straight to zero.

Beosin Comments:

This month, typical security incidents on DeFi continue unabated, and the Beosin team has analyzed the causes of several security incidents, such as attackers taking advantage of logic flaws in contract collateral and calculation of rewards to attack project parties. Therefore, for project parties, it is important to avoid the appearance of similar vulnerability flaws. If necessary, they can use the power of third-party security companies to carry out project self-inspection work to eliminate possible security risks.

In terms of Crypto Frauds/ Crypto Scams,

there were 11 typical security incidents occurred in total:

№1 South Korean authorities investigated 33 people for $1.48 billion in illegal crypto transactions.

№2 The president of Bitcoin Banco Group, a Brazilian financial management company, was arrested by police for alleged $300 million crypto asset fraud.

№3 U.S. SEC files fraud charges against Telidyne CEO Aron Govil, whose app claimed to offer crypto transactions without encryption capabilities.

№4 Hackers took control of Techy’s tech channel and stole the name of Cardano founder Charles Hoskinson to promote a “free token distribution scam”.

№5 Synthetic asset protocol XCarnival went live on CoinMarketCap (CMC) in July, and someone impersonated the XCarnival project owner to post fake contract address information to induce people to buy tokens.

№6 Circle, a USDC stablecoin issuer, loses $2 million due to email fraud.

№7 E-sports organization FaZe Clan is suspected of cryptocurrency fraud and the team has now fired one member and suspended three others.

№8 Unscrupulous individuals impersonated CryptoArt.Ai staff and spread false information and lured users into scams by illegally setting up Telegram groups.

№9 Security company Lookout discovered a crypto mining scam using hundreds of Android apps.

№10 Rogue elements created a token called Chia on the Stellar network using Chia’s logo and company information and attempted to pass it off as an official Chia product.

№11 Four people behind the “Oz Project” were arrested for allegedly committing a $55 million crypto investment scam. According to local media reports, the number of victims ranged from 10,000 to 20,000.

Beosin Comments:

Beosin would like to remind you that you must pay attention to virtual currency scams, scammers have many ways, they know all kinds of marketing methods and sales schemes, sometimes they are cheated out of their money, but still addicted to the scam woven by scammers, the sky will not fall pie, there is no “sure-fire” investment, be sure to shine your eyes!

In terms of Ransomware/ Mining Trojan,

there were 2 typical security incidents occurred in total:

№1 Saudi Aramco’s 1TB of company data was illegally accessed, and the hackers demanded $50 million as payment for deleting the data, and demanded payment in cryptocurrency.

№2 Hacker group REvil attacked at least 200 US companies and demanded a ransom of about $45,000 in Monero.

In terms of Others,

there were 10 typical security incidents occurred in total:

№1 The DEX trading tool DEXTools (DEXT) was recently hacked and some DEXT holders were affected.

№2 Police in George, Malaysia seized 149 illegal cryptocurrency mining machines.

№3 The Bitcoin Cash fork BSV network has been maliciously attacked. Attackers have recently reorganized the BSV network with blocks several times and used it to carry out double spend attacks.

№4 Four men were arrested by Hong Kong authorities for allegedly laundering HK$1.2 billion with virtual currencies.

№5 Covid-19 vaccine and fraudulent vaccine certificates appear on the dark web, accepting payments using BTC.

№6 Bitcoin Wallet Used by New Zealand Police for Money Laundering Investigation Hacked.

№7 Bitcoin.org suffers massive DDoS attack and is being extorted for Bitcoin.

№8 Axie Infinity, an NFT project, was hit by a DDoS attack.

№9 OptionRoom had 12.3 million ROOM tokens stolen and decided to remove liquidity from Uniswap and Pancakeswap.

№10 Bitcoin trading platform MTI enters final liquidation, with an additional $268 million worth of bitcoin tracked.

In light of the current new situation in blockchain security,Beosin summarizes here.

From a general point of view, blockchain security incidents in July still cannot be underestimated, and the project loss is serious after the project side was attacked, and the overall number of security incidents occurred is still at a high risk level. In this regard, Beosin would like to remind all project parties to strengthen and improve their security protection.

Blockchian Security · IDE · Beosin-VaaS · Formal Verification · SAS | China leading enterprise in blockchain security field