Inventory From Beosin | There Were Over 26 Typical Security Incidents In February, And The Overall Risk Rating Was Medium
According to the monitoring data for security incidents of Beosin-Eagle Eye: In February 2021, according to incomplete statistics, there were over 26 typical security incidents in the entire Blockchain ecosystem, and the overall security risk rating was MEDIUM. In terms of the high incidence areas of typical security incidents, DeFi had shown a significant upward trend compared with January, which required special attention.
In February, the currency price of major mainstream digital currencies fluctuated significantly and continued to oscillate, bringing negative impact to the stability of the entire Blockchain ecosystem in a certain extent. Although the number of incidents had decreased in terms of Crypto Frauds/ Crypto Scams and Ransomware/Mining Trojan, the economic losses caused by them were huge and security risks still followed. Therefore, comprehensive and efficient security supervision for the entire ecosystem was essential for the stable and orderly development of the Blockchain industry.
The following were the detailed matters of this month’s security report.
In terms of Exchange, there were 3 typical security incidents occurred in total:
On February 8, KeepChange, the Bitcoin trading market, stated that the exchange received a request for withdrawal from a customer’s account to an address belonging to the attacker. A control subsystem of the platform suspended the request, resulting in no loss of Bitcoin. However, the attacker stole some customer data, including email addresses, names, number of transactions, total transaction amounts, and passwords.
On the morning of February 19, Fishpool was encountered DDos attack, with some addresses experiencing a brief outage, which had now been restored. Fishpool is currently the number one Bitcoin mining pool, with 26E computing power.
New Zealand exchange Cryptopia was hacked again. The hackers stole about NZD 62,000 (USD 45,000) in cryptocurrency.
In terms of DeFi, there were 9 typical security incidents occurred in total:
Yearn core developer banteg tweeted that the attackers of DAI v1 vault stole $2.8 million and vault lost $11 million.
On February 5, according to CoinDesk, the DeFi insurance program ArmorFi had paid a $1.5 million vulnerability bounty to white-hat hacker Alexander Schlindwein. Because the hacker discovered a ‘critical vulnerability’ in the protocol that could have depleted all of the company’s underwriting funds.
The smart DeFi revenue aggregator BT.Finance suffered Flash loan Attack, and the affected strategies included ETH, USDC and USDT.
The zero-collateral cross-agreement loan Iron Bank launched by CreamFinance had about $3,750 in assets stolen, and the attacker borrowed WETH and other assets from IronBank via a large amount of cySUSD.
On February 13, the cross-Blockchain DeFi platform Alpha Finance Lab (ALPHA) tweeted, “We received notification about the attack on Alpha Homora V2 and were now working with Andre Cronje and Cream.Finance to co-respond. “
On February 27, the DAI pool of the DeFi earnings aggregator Yeld.finance was suffered Flash loan Attack, resulting in the loss of 160,000 DAI and involving more than 10 users.
The DeFi aggregation platform Furucombo officially tweeted, “On February 28 at 00:47 BST, Furucombo proxy was compromised by attackers”. The total amount stolen amounted to more than $14 million.
Cream Finance said that the vulnerability attack of Furucombo affected the expiring reserve accounts. The team had revoked all approvals for external contracts from the wallet, but still lost $1.1 million.
The DeFi insurance agreement Armor.Fi stated that a scammer defrauded 1.2 million ARMOR tokens from team members, which had been sold for about 600 ETH (approximately $850,000).
Comments of Beosin:
It could be seen that after the dark tide of DeFi experienced a slight silence in the previous few months, there were signs of resurgence in this month. Since security risks come and go, which fundamentally requires practitioners in the DeFi ecosystem, even the entire Blockchain industry, to be vigilant in daily time and remember not to be indifferent on security protection and security construction.
In terms of Crypto Frauds/ Crypto Scams, there were 3 typical security incidents occurred in total:
On February 4, the network security company Kaspersky Labs stated that a cryptocurrency scam had appeared on the social platform Discord, which promised to provide users with free Bitcoin or Ethereum on a trading platform.
On February 5, German prosecutors confiscated Bitcoin worth more than 50 million euros (approximately 60 million US dollars) from a scammer, but precisely faced an embarrassing problem of being unable to crack the private key and not unlock the asset .
On February 8, Stephen Dediore, a 36-year-old employee of the Florida Telecom Company, was accused of SIM swapping fraud and stealing a victim’s cryptocurrency.
In terms of Ransomware/ Mining Trojan, there were 3 typical security incidents occurred in total:
On February 4, network security researchers from Paolo Alto Networks issued a report stating that there were new malware targeting Kubernetes clusters that used the processing power of computers to mine Monero without the user’s consent or knowledge.
Authorities in the Malaysian state of Johor arrested 7 men. Since 2020, the gang had stolen electricity to mine Bitcoin and had caused the local power company to lose 8.6 million Malaysian ringgits ($2.13 million) in revenue.
The ransomware group DoppelPaymer launched another attack, and leaked sensitive data of KMA this time, the North American branch of the automaker Kia Motors. In detail, criminals demanded Bitcoin to pay the ransom, and the total ransom might be as high as 600 BTCs (worth more than 30 million U.S. dollars).
In terms of Dark Web, there were 3 typical security incident occurred in total:
According to Cointelegraph, the dark web link provider dark.fail administrator stated that after 2 Bitcoin donors donated to dark.fail, their accounts were frozen by the exchange because the exchange implemented Chainalysis’s new KYT (Know Your Transaction) Blockchain monitoring service.
A British youth named Dylan Bailey used Bitcoin to buy ecstasy pills from a Dutch supplier on the dark web, and the supplier hid the pills in a DVD box and sent them to him.
Joker’s Stash, a dark web marketplace dedicated to selling stolen payment card data, officially shut down on February 15, according to a report released by Blockchain analytic firm Elliptic, which noted that the platform’s anonymous founder, Joker Stash, had earned more than $1 billion in profits before shutting down the platform.
In terms of Others, there were 5 typical security incidents occurred in total:
On February 3, more than 75 verifiers in the main network of Ethereum 2.0 of Beacon Blockchain were fined by Slash (the fine collected from 32 ETH pledged in the nodes). Beaconscan data pointed to the fact that the fined nodes this time involved the PoS provider Staked.us, and the total number of fined nodes in the entire Ethereum 2.0 network so far was 114.
The cryptocurrency price tracking APP Blockfolio was suspected to had been hacked, with users mobile APPs receiving push messages related to transferring funds disguised as project parties.
EUROPOL officials announced that 10 suspects had been arrested. The suspects stole $100 million worth of cryptocurrency from celebrities by hijacking phone numbers.
Nomadic Labs, one of the Tezos development teams, said that a vulnerability was discovered in the Tezos Blockchain-based decentralized exchange Dexter contract built by smart contract tool development company camlCase, which allowed for unauthorized withdrawals of funds.
A critical vulnerability was discovered in the Primitive Finance smart contract, an on-Blockchain options protocol on Ethereum Blockchian. Since the contract could not be upgraded or suspended, officials chose to hack the smart contract themselves to protect user funds.
In view of the current security situation of Blockchain ecosystem, Beosin hereby warmly prompts:
In general, the typical security incidents in February were almost the same as those in January, so the security team of Beosin still rated February as MEDIUM for the overall security risk. In terms of incident trends, the typical security incidents in February showed the single-point outbreak of DeFi, and the even distribution of rest.
Thus, the security situation of DeFi remained a key concern for the entire Blockchain ecosystem this month. In response to the various security incidents in DeFi, Beosin hereby appeals that major project parties should carefully check the project itself before going online, regularly perform daily security audit and security reinforcement work, and timely repair potential vulnerabilities to avoid huge losses.
At the same time, it should be noted that Flash Loan Attack was seemingly to be a high-frequency term in typical security incidents of DeFi this month. It is not difficult to see that in most security incidents in DeFi ecosystem, the title of Flash Loan Attack seems to have become the standard. Therefore, in the face of the severe test of Flash Loan Attack, Beosin recommends that major project parties can rely on the help of third-party security companies to prevent Flash Loan Attack by strengthening the security detection and security verification of multiple technologies.