Inventory From Beosin | There Were Over 27 Typical Security Incidents In November, And The Overall Risk Rating Was High.
According to the data monitoring of Beosin-Eagle Eye: In November 2020, various security incidents occurred frequently in the field of Blockchain. Compared with the easing of security incidents in October, the situation has deteriorated in this month. According to the incomplete statistics, over 27 typical security incidents occurred in November.
In this month, hackers staged continuous repertoires of attacking protocols as if they had undergone concentrated rehearsal, especially in the field of DeFi. Among them, re-entry attack, oracle attack, and other attack methods, with the assistance of flash loan, demonstrated powerful lethality. It has to be said that the DeFi market in November was like a “Catastrophe” with multiple attacks and bombs, causing huge assets loss.
In the meantime, Beosin once calls for that the flash loan attack is just a naming, and the truth behind it cannot be ignored. The DeFi project parties should pay special attention to the manipulation issues of the oracles to prevent the irreversible consequences of data crisis.
Therefore, Beosin once again solemnly recommends that DeFi developers should strengthen the targeted testing of the oracles, simulate various scenarios of price manipulating attacks as much as possible especially before the projects launch, and discover problems in time and find solutions, in order to practically improve the ability against oracle attack of the projects and avoid such risks in advance.
In terms of Exchange, there were 6 typical security incidents occurred in total:
The Longhutang Police Station of Changzhou recently received an alarm that some users were defrauded of investing in virtual currencies on the platform of “Luoma Exchange”. The platform has launched 2 APPs for users to chat and trade, and users would get rebates after operations. Currently, the trading platform can no longer log in.
Akropolis, the decentralized financial platform of Polkadot, was attacked. Hackers used the flash loan on the derivatives platform, dYdX, to carry out re-entry attack, causing a loss of $2 million.
Many citizens in Quanzhou broke the news that they had been scammed by transactions of digital currencies. The exchange involved was called MARK exchange, and the amount involved was about 2.5 billion yuan. It was suspected that about 100,000 people were involved in management.
On November 13, an intrusion incident occurred on Liquid exchange. Hackers changed DNS records and then took control of a large number of internal email accounts. In the end, they partially destroyed the infrastructure of the exchange and accessed stored documents.
The pDAI PickleJar of Pickle Finance was hacked and 19,759,355 DAIs was depleted. This attack also involved many protocol components of Pickle.
The well-known security blog, KrebsOnSecurity, reported that from around November 13, several cryptocurrency platforms hosted by the popular hosting provider Godaddy were attacked, including the cryptocurrency trading platform Liquid.com.
In terms of Defi, there were 5 typical security incidents occurred in total:
TRON’s main network was attacked by malicious contracts at 06:14 on November 2, Hong Kong time. In this attack, hackers used the authority which granted to the contract writers to initiate the malicious transaction which caused “Super Representatives” suspending blocks-production to make profits.
Percent Finance, the DeFi lending platform, wrote in a blog on November 4 that some currency markets have encountered problems that might cause users’ funds to be permanently locked. Therefore, the team has frozen the currency markets specifically for USDC, ETH, and WBTC.
On November 14, the vault of Value DeFi MultiStables of Value DeFi protocol was attacked of oracle manipulation by hacker, which eventually resulted in a loss of more than $7 million.
The stablecoin OUSD of Origin protocol was attacked by flash loan and fell to $0.13. Since then, the liquidity of OUSD in Uniswap has dropped from $350,000 on the 16th to $120,000.
Kiyo of Web3’s decentralized API service API3 tweeted that 88mph (MPH), the protocol generated by DeFi fixed-rate, seemed to exist a vulnerability. An attacker used the vulnerability to mint $100,000 in MPH tokens. Since then, the vulnerability has been fixed.
Comments of Beosin:
In this month, the security issues of DeFi projects were worrying. This might be related to the lack of sufficient attention to the core aspects of the protocols. “It’s not too late to make up for it.” Attacks from hackers seemed to never stop. Faced with the severe security situation, the attitude and action of proactive prevention were crucial.
Beosin believes that security issues must always be the first consideration. In fact, it is not enough to just make a security audit before the projects launch. Multiple cases reflect the problem that the security audit is only the first step in security precaution.
In the process of projects development, it is necessary to sort out system problems at all times to prevent any fatal vulnerabilities. Otherwise, when hackers discover them earlier than projects internally, assets security is likely to be at stake.
In terms of Crypto Frauds/ Crypto Scams, there were 5 typical security incidents occurred in total:
Indian socialite Harpreet Singh Sahni admitted that she was involved in a fairly large-scale cryptocurrency scam and sold crypto software to investors in an Australian crypto company while promoting PGUC tokens. The company’s website was often down, resulting in users unable to withdraw cash. Sanhi might face about 24 years in prison.
The non-profit organization “European Fund Recovery Initiative” (EFRI) filed a lawsuit against Payvision, a company controlled by ABN AMRO Bank ING, claiming that the company promoted fraudulent investment plans and provided services to cryptocurrency companies, causing investors to lose more than $75 million. The organization was seeking compensation on behalf of hundreds of victims. According to documents provided by EFRI, the Cryptopoint crypto trading platform was suspected of being involved in the scam.
On November 5, Beijing time, a hacker disguised as Elon Musk defrauded users of virtual currencies in response to Trump’s tweet. The account used by the hacker was authenticated by Twitter, and the username was displayed as “Elon Musk”. He replied to Trump’s tweet discussing the situation of the presidential election and made more than $250,000 in profits within a few hours.
On November 9, a scammer used fake domain names to steal about 1.1 million XRPs from different users, the current value of which has exceeded $280,000.
On November 17, the Australian Securities and Investments Commission (ASIC) announced that John Louis Anthony Bigatton, the former promoter of BitConnect, has been sued for participating in a cryptocurrency project accused of defrauding investors of millions of dollars.
In terms of Ransomware/ Trojan of Mining, there were 5 typical security incidents occurred in total:
On November 3, host security of Tencent (Yunjing) captured the attack of z0Miner, the group of mining Trojan, using Weblogic’s unauthorized command to carry out the vulnerability (CVE-2020–14882/14883). The group scanned cloud servers in batches and discovered that the machine with Weblogic vulnerability had been implanted with the Monero mining Trojan.
In early November, the gaming giant CAPCOM was attacked by ransomware developed by an organization called “Ragnar Locker”. Security expert Pancak3lullz said that Ragnar Locker encrypted and locked 2,000 devices on CAPCOM network and asked for the Bitcoin ransom worth $11 million. These data included folders, passports, sales reports, bank statements, contracts, and a lot of strategic information database.
Campari Group, a well-known Italian wine merchant, was attacked by hackers on November 1. The company’s important documents, contracts and bank information were stolen. Hackers ransomed Bitcoin worth $15 million.
Bitcoin ransomware Pay2Key has attacked several Israeli companies. It was reported that the leaked data of each victim company was uploaded to a specific folder on the website with information customized by the attacker.
Weibo netizen “BruceLee, BCH enthusiast” said that BCHA chain was currently under attack. The attack was a two-pronged approach (most likely by the same person), and a large number of empty blocks were generated in BCHA network.
In terms of Dark Web, there was 1 typical security incident occurred in total:
The U.S. Department of Justice seized $1 billion in Bitcoin related to the dark web “Silk Road”. It stated in a statement that the confiscated cryptocurrency was related to the dark web “Silk Road”, which was currently the largest-scale cryptocurrency case confiscated by the United States. The authorities seized these Bitcoins from a hacker and called the hacker Individual X in the statement.
In terms of Others, there were 5 typical security incidents occurred in total:
Only a few hours after the launch on November 2, a casting vulnerability appeared in the contract of Axion Network, and $500,000 has been stolen. They even advised users to avoid buying AXN tokens immediately and stay away from the dashboard of the network. A Twitter user pointed out that 79 billion AXNs were accidentally minted and sold.
Phishing and scams targeting owners of Ledger wallet were increasing. One of the scam sites obtained more than 1,150,000 XRPs from the victim. This scam used phishing emails to direct users to a fake Ledger website, tricking victims into downloading malware that pretended to be the security update, resulting in the theft of all balances of Ledger wallet .
According to Reddit, a group of malicious nodes which managed actively attempted to interfere and disrupt the Monero network through Sybil attack to obtain information about users on the Monero Blockchain.
The Grin website suffered 51% attack on November 9. An unknown entity controlled more than 57% of network computing power. According to the Grin website, the team advised people to wait for additional confirmation on payment finality.
Recently, Binance and the U.S. Department of Justice have worked together to prosecute 2 individuals suspected of launching an attack on Binance website in March 2018.
In view of the current new situation in the field of Blockchain security, Beosin hereby warmly prompts:
On the whole, the number of Blockchain security incidents in November increased compared with October, and the overall number of security incidents was at a moderate level.
In terms of DeFi projects in this month, the number of security incidents has increased compared with last month. Under the successive attacks of hackers, the overall security situation in the field of DeFi was not optimistic.
Beosin hereby appeals to all project parties to make a complete set of security screening work before the projects launch, and conduct regular inspections after the projects launch to reduce code vulnerabilities and other security issues, and avoid unnecessary losses.