Inventory | More than 41 typical security incidents occurred in August. How many more hacking schemes do hackers have?

It’s time for another monthly security inventory again! Beosin-Eagle Eye opinion monitoring shows that in August 2021, various security incidents are still frequent. According to Beosin’s statistics, more than 41 typical security incidents occurred in August.

This month’s security incidents continue to focus on exchanges, DeFi, crypto scams and other fields, which often cause huge losses. Here, Beosin advises users learn more before participating in some projects to avoid being cheated. Another thing to notice is that the project party should pay attention to security precautions, and it is best to find a professional security audit company in the industry to conduct audits before the project goes online, so that hidden risks can be found and solved immediately.

For the Exchange

3 typical security incidents occurred

№1 Japanese cryptocurrency exchange Liquid released a report of a hot wallet attack in which an unauthorized party removed approximately $91.35 million in crypto assets from Liquid’s wallet. Among them, $16.13 million of ERC-20 assets have been frozen.

№2 40 million DVPN tokens were stolen from the HitBTC Bitcoin exchange. The theft was due to HitBTC exposing its mnemonic phrase.

№3 The Bilaxy exchange’s hot wallet was hacked and lost over $21 million.

For DeFi

12 typical security incidents occurred

№1 BSV suffered a “massive” 51% attack starting around 23:45 BST on August 3, resulting in three versions of the chain being mined at the same time.

№2 On August 4, BSC and Polygon’s DeFi protocol Wault Finance were suspected to have been attacked by lightning loans, and more than $800,000 worth of funds flowed out through Anyswap in the form of ETH.

№3 On August 4, the Sorbetto Fragola product under Popsicle Finance, a cross-chain yield enhancement platform, was attacked and lost nearly $20.7 million.

№4 Zerogoki, a multi-chain synthetic asset protocol Duet Protocol Pioneer Network, suffered an oracle attack with incorrect prices leading to unrecognizable transactions.

№5 On August 10, Poly Network, a cross-chain protocol, was attacked and nearly $600 million in funds were stolen from three chains, Ethereum, BinanceChain, and Polygon.

№6 Punk Protocol, a decentralized annuity protocol, recently posted that it suffered an attack during a fair launch process, resulting in losses of over $8.9 million. The team has recovered over $4.95 million, which has been transferred to a secure wallet.

№7 Crypto incubator DAO Maker may have been attacked and a large number of USDC topped up by users were transferred out and exchanged for about 2,261 Ether, worth more than $7 million.

№8 On August 13, the Neko Network, a smart on-chain lending protocol of BSC, was attacked and all asset pools have been frozen.

№9 XSURGE said that a potential security vulnerability in the SurgeBNB contract was discovered on August 16, local time. After the statement was released, XSURGE subsequently stated that it had been attacked and that the attacker had stolen $5 million from SurgeBNB through a backdoor vulnerability.

№10 On August 18 at around 7:40 PM Beijing time, PineconeFinance was hacked and lost about 3.53 million PCT tokens (about $200,000).

№11 On August 25, Dot.Finance, the BSC on-chain DeFi revenue aggregator, suffered a lightning loan attack. Analysis have found that the attack was a homologous attack of PancakeBunny.

№12 On August 29, xtokenmarket was attacked by a lighting loan attack and its xSNX contract vulnerability was exploited.

№13 On August 30, the mortgage lending platform Cream Finance suffered a lightning lending attack and lost $18 million.

Beosin’s Review

The largest DeFi hacking incident of the year happened this month! For this incident, the project party was also helpless in front of the hacker. Thankfully, the white hat hacker eventually returned the stolen assets. In addition, for ordinary people, it is also important to take good care of their own digital assets.

For fraudulent incidents / cryptocurrency scams

14 typical security incidents occurred

№1 A California man faces 5 years in prison for his involvement in a securities fraud scheme related to two crypto companies, involving millions of dollars.

№2 The Wulin Police Station of the Public Security Bureau of Honghu City, Hubei Province, China, has successfully arrested two suspects and cracked a case of cyber fraudulent criminal activities by implementing the “Card Breaking” special operation.

№3 An Israeli resident was sentenced to eight years in prison for stealing 75,000 DASH, about $6.8 million in cryptocurrency, from his friend.

№4 The CEO of blockchain technology company Alchemy Coin was sentenced to six years in prison for relief loan fraud and ICO fraud, the U.S. Department of Justice stated.

№5 Russian police officials are investigating one of the country’s largest Ponzi schemes involving cryptocurrencies. One of the founders was arrested and others have reportedly left Russia. Victims could lose as much as $95 million.

№6 Dark Web drug trafficker Ryan Farace has been charged with money laundering involving $136 million worth of bitcoin.

№7 Detectives in the UK seized a USB flash drive containing $9.5 million of Ether (ETH), which was stolen through a cryptocurrency scam.

№8 At 15:14 BST on August 16, KuCoin hackers began to concentrate on money laundering. Over $430,000 was transferred from the KuCoin hacker’s address.

№9 The founder of Bitcoin Mixer Helix has pleaded guilty to money laundering conspiracy, allegedly laundering over 350,000 Bitcoins.

№10 Former Manchester United midfielder Anderson is under investigation by police for his alleged involvement in laundering £4.7 million of cryptocurrencies.

№11 Australian police are investigating drug trafficking on the dark web while seizing a record $8.49 million in cryptocurrency.

№12 On August 26, Police in Brazil seized $28.8 million in cryptocurrency and arrested five people.

№13 On August 29, the Chinese police cracked a $120 million scam of “Mythcoin”. The criminal team induced victims to inject funds to speculate on bitcoin and “mythical coins” through a fake trading app, causing 120 million yuan to quickly “evaporate” from 500 victims across the country.

№14 Wuhan public security authorities raided a virtual coin trading platform in accordance with the law, and the “Shengchang Technology Company”, which provides online trading channels for investment-based fraudsters, was “wiped out” by the police.

Beosin’s Review

The sickle for harvesting leeks has been raised! Where there is interest, there will be crimes. If you dream of overnight riches, then you will often fall into the trap of fraudsters. If you find yourself cheated, you should promptly retain the relevant evidence, transfer the funds out, reduce losses, and then report to the local public security authorities as soon as possible. Beosin here reminds everyone to pay attention to the virtual currency fraud.

For Ransomware / Mining /Trojan horse

7 typical security incidents occurred

№1 Polish police recently discovered illegal bitcoin mining activities at their headquarters in Warsaw.

№2 On August 18, the Chengdu Public Security Bureau issued a notice to file investigate against Yang, Chen and others suspected of using virtual currency of “GUCS” “Kirin Mining Machine” to conduct criminal activities. Six major criminal suspects have been investigated and taken criminal detention compulsory measures.

№3 The Bolivarian National Police (PNB) seized 17 units of equipment used for bitcoin mining in La Pastora Parish, west of Caracas, Venezuela, on August 20, and a bitcoin miner was arrested on suspicion of smuggling charges.

№4 Spanish police seized an illegal cryptocurrency mining operation on August 20.

№5 Turkish authorities are investigating the alleged $119 million Dogecoin mining scam, Aug. 27.

№6 Fortune 500 and consulting firm Accenture suffered a bitcoin ransomware attack by hacker group Lockbit, and data has been leaked on the dark web.

№7 On August 30, Malaysian police and local power company Sarawak Energy took a joint operation and seized 1,069 bitcoin mining machines.

Others

4 typical security incidents occurred

№1 Hodl Hold, a Peer-to-peer bitcoin lending and trading platform, said that it was taking measures to secure user funds after a recent internal and external audit found that some users’ payment passwords may have been compromised.

№2 Blockchain security firm warns of identifying several token scam phishing sites, including ShibaDrop […] io ($SHIB); AAExchange […] io ($AAE),; BSCTOKEN[.] io ($BSCTOKEN); BestAir[.] io ($AIR); AirStack[.] net ($AIR); and BNBw[.] me ($BNBW). Please take precautions against risks.

№3 A bug was found in older versions of the Ethereum client Geth, which can affect BSC, Polygon and other chains. The bug may cause double-spending attack.

№4 A Venezuelan man planned his own fake kidnapping case to steal $1.15 million worth of Bitcoins.

Notes

In light of the current new situation in blockchain security, Beosin hereby summarizes:

On the whole, the overall number of blockchain security incidents in August is still at a high risk level. Once again, Beosin recommends that all project parties must do a good job of the corresponding security protection construction to avoid serious losses.

Blockchian Security · IDE · Beosin-VaaS · Formal Verification · SAS | China leading enterprise in blockchain security field