Inventory From Beosin | There Were Over 25 Typical Security Incidents In January, And The Overall Risk Rating Was Medium

According to the monitoring data for security incidents of Beosin-Eagle Eye: In January 2021, in the light of incomplete statistics, there were over 25 typical security incidents in the entire Blockchain ecosystem, and the economic losses caused were still mainly covered in these aspects such as Exchange, DeFi, Crypto Frauds/ Crypto Scams, Ransomware/ Mining Trojan, Dark Web and Others. On the whole, the overall security risk rating for January 2021 was Medium, which should still not be taken lightly.

Compared with December 2020, the number of typical security incidents in January has decreased; however, the number of incidents in Crypto Frauds/ Crypto Scams was still high and deserved the key attention of practitioners from all sides of Blockchain industry. As the popularity of Blockchain technology and virtual assets continues to rise, the public’s knowledge base has not improved to the same extent, leading many speculators and scammers to concoct various scams, resulting in the high trend of security incidents in this field.

The following are the detailed matters of this month’s security report.

In terms of Exchange, there were 2 typical security incidents occurred in total:

01

Livecoin, Russian virtual assets exchange, announced that it would terminate its services and urged its customers to continue withdrawals.

02

Liquid, Japanese virtual assets exchange, recently announced the final investigation results of the breach of the users’ data leakage because of invasion in November last year. The 169,782 items of users’ data information including email addresses, names, encryption passwords, API keys, etc., had been leaked.

In terms of DeFi, there were 3 typical security incidents occurred in total:

01

On January 2, NourHaridy, a Twitter user, tweeted that yCredit’s smart contract was vulnerable to be attacked, or caused all user funds to be lost; and it was recommended that users who have used ETH to deposit the contract or purchased yCredit on Sushiswap immediately withdrew or sold it, and then it would release the vulnerability exploit program.

02

The hacker address (0x701781…7a4E08) of the pool of pickle pDAI changed again on January 14 after the change on January 8. Previously, the hacker address transferred 15 million DAI to 5 new addresses. Now, except for the address (0x64bA3e…fF62DB), the other 4 addresses have changed, and a total of 4 million DAI has been transferred.

03

On January 27, the transaction fee of SushiSwap’s DIGG-WBTC trading pair was stolen by attackers through special means.

In terms of Crypto Frauds/ Crypto Scams, there were 6 typical security incidents occurred in total:

01

On January 1, Indian police arrested Umesh Verma, a 60-year-old man, at Indira Gandhi International Airport on charges of defrauding at least 45 people through crypto scams for a total of 250 million rupees (about $3.5 million).

02

The US Federal Bureau of Investigation (FBI) was investigating a Ponzi scheme in which 3 suspects stole about $28 million from investors by promising virtual assets and other investment returns.

03

On January 9, Spanish police detained 4 people of different nationalities for allegedly implementing an crypto Ponzi scheme worth about $15 million.

04

In the past few weeks, there has been an increase in Twitter virtual assets giveaway scams that faked Tesla CEO Elon Musk’s personal information. So far, these scams have obtained more than $580,000 in BTC.

05

A man in California claimed that he lost approximately $27,000 in BTC in the SIM exchange crypto scam.

06

Recently, several liquidity miners reported on the Internet that popcornswap, another DeFi mining project, has run off on Binance Smart Chain. The project has stolen 48,000 BNB worth about $2.15 million. And 3 projects (Zap Finance and Tin Finance, SharkYield) were running off in a few days. At present, SharkYield was suspected of taking away 6,000 BNB.

Comments of Beosin:

Looking at the security situation in recent months, the number of security incidents in terms of Crypto Frauds/ Crypto Scams has been steadily climbing, and the financial losses caused far outweighed the attacks and thefts from hackers. At the same time, both scams and runaways, the range of involving cases were spreading globally through the Internet. In response to such a serious security situation, as users and investors, it was necessary to sharpen eyes and be cautious in screening.

In terms of Ransomware/ Mining Trojan, there were 5 typical security incidents occurred in total:

01

A website owner received an email threat that he needed to post 5-star comments on coinmama.com and also like or share it twice. If the recipient did not complete these things within 48 hours, the blackmailer claimed to create millions of backlinks from the pornographic website to the recipient’s website, destroying his reputation.

02

After companies all over the world were hacked, the operators of Ryuk ransomware allegedly earned more than $150 million in BTC from ransom payments.

03

Intezer, the cybersecurity company, has discovered a new type of malicious virus ElectroRAT, which could run on Windows, Linux and macOS to steal virtual assets. The malicious program has been active for more than a year and has been promoted through special forums and marketing activities. Intezer estimated that the number of victims who downloaded the malicious software was about 6,500.

04

On January 11, the Michigan State Police claimed that an anonymous person mailed a death threat letter to Governor Gretchen Whitmer and employees of the state in an attempt to collect BTC worth about $2 million.

05

5 customers of Radware, a provider of intelligent solution, received blackmail letters in December last year and January this year. The threat stated that if they did not pay 5 BTC (worth about $160,000) to an organization, they would be subject to DDoS attack.

In terms of Dark Web, there were 4 typical security incident occurred in total:

01

Hugbunter, the administrator of the dark web forum Dread, said that all v3 onion addresses were currently inaccessible. The cause of the accident was unknown, but it might cause a huge attack on the entire network.

02

On January 11, the German police cut off and shut down the DarkMarket, which was considered the world’s largest dark web trading platform server. The illegal trading platform had more than 2,400 sellers and nearly 500,000 customers.

03

Check Point, the Cybersecurity company, found many sellers selling Covid-19 vaccine on the dark web. The sellers demanded payment in Bitcoin; but after payment, the goods were not delivered.

04

The dark web Joker’s Stash would be shut down next month. According to a report from Gemini Advisory, the dark web cyber security company, the site’s Bitcoin revenue in the past year exceeded $1 billion.

Comments of Beosin:

The number of security incidents that occurred in terms of Dark Web has increased in this month, sounding an alarm to practitioners who were engaged in cyber security and Blockchain security, and could not ignore the security construction of the entire industry ecosystem. For a long time, the dark web was filled with all kinds of illegal crimes, which invariably threatened the stability and security of the international community. Strengthening the governance technology related to the dark web and enhancing the overall strength of global governance and management of the dark web were the efficient measures that must be taken.

In terms of Others, there were 5 typical security incidents occurred in total:

01

An IT engineer in the UK accidentally threw away the hard drive containing 7,500 BTC private keys as trash, which was estimated to be approximately $240 million based on $32,000 each.

02

According to a report by the Financial Tribune, the Iranian authorities closed 1,620 illegal virtual assets mines, which have consumed 250 megawatts of electricity in the past 18 months.

03

DLive, a streaming media platform owned by BitTorrent, came under attack for broadcasting the violent riots in the U.S. Capitol by the extreme right-wing extremists. Some users alleged that since its establishment, DLive has paid hundreds of thousands of dollars to extremists by embedding virtual assets in the services provided by the website.

04

The Sandbox, a decentralized virtual game platform, stated that the smart contract of The Sandbox ASSET was prone to duplicate problems. Currently, no malicious user has exploited the vulnerability to attack. All other smart contracts were not affected. There was no risks between the smart contracts of SAND and LAND.

05

On January 27, Pete Kim, the engineering director of Coinbase Wallet, tweeted that if anybody used the mobile crypto wallets on Apple’s iOS devices, please update the iOS system as soon as possible. Because the iOS system update included a fix for a remote code execution vulnerability. This vulnerability might threaten the security of mobile crypto wallets.

In view of the current security situation of Blockchain ecosystem, Beosin hereby warmly prompts:

Although the Spring Festival of 2021 is just around the corner, hackers, scammers, attackers and other criminals will not slow down the pace of their illegal acts just because the Spring Festival is approaching. On the contrary, the more festive it is, the more chances that criminals will seize on the public’s negligence. And the hidden security risks will break out in a concentrated manner.

Therefore, the closer we get to the Spring Festival, the more important to build a strong security defense. Although on the whole, the typical security incidents of the entire Blockchain ecosystem in January 2021 were lower than those in December 2020, and the overall security risk has dropped from High to Medium, it was still clear that the situation was severe in terms of Crypto Frauds/ Crypto Scams, Ransomware/ Mining Trojan and Others.

In particular, in terms of Crypto Frauds/ Crypto Scams was involving a plenty of persons, a wide range of cases, and a high amount of money. Various countries around the world have begun to pay attention to the adverse effects caused by Crypto Frauds/ Crypto Scams, and have issued policies and regulations on security regulation and compliance for virtual assets successively to promote the construction of the entire Blockchain ecological regulatory process.

Here, Beosin would like to remind all users and investors to remember to be cautious in the project selection stage, do not be blinded by the so-called “interests”. There is no free lunch in the world, do not lose the main goal because of small gains. During the Spring Festival, it is important to raise your awareness of security and fraud prevention, and abandon the unrealistic mentality.