Inventory From Beosin | There Were Over 23 Typical Security Incidents In March With An Upward Trend In Crypto Frauds & Scams Incidents

According to the monitoring data for security incidents of Beosin-Eagle Eye: In March 2021, according to incomplete statistics, there were over 23 typical security incidents in the entire Blockchain ecosystem, and the overall security risk rating was MEDIUM. It should be noted that typical security incidents occurred frequently in terms of DeFi and Crypto Frauds/ Crypto Scams in March, showing a significant growth trend compared with February.

Throughout all the typical security incidents in March, the security risks exposed by in terms of DeFi could not be ignored. A number of DeFi projects were attacked by hackers, resulting in huge economic losses, seriously affecting the security and stability of Blockchain ecosystem. In addition, with the popularity and wealth benefits of virtual currencies gradually rising, this month’s incidents related to Crypto Frauds/ Crypto Scams have shown an upward trend and which needed to be focused on.

The following were the detailed matters of this month’s security report.

In terms of Exchange, there was 1 typical security incident occurred in total:

01

Cook protocol, the decentralized asset management platform, issued a warning on Twitter that there were some fake groups, channels and liquidity pools of Cook Protocol at present. The official said that Cook Protocol has not yet launched Uniswap, so users should be careful of fraud.

In terms of DeFi, there were 8 typical security incidents occurred in total:

01

Social information showed that the vault contract of Meerkat Finance, the DeFi project, was attacked by hackers, who took advantage of the loopholes to steal all fund of BNB tokens worth about $31 million in the vault. At present, the project website has been unable to open.

02

Pay Network, the decentralized finance (DeFi) application, whose casting function of contract tokens, has been exploited due to the loopholes, and 60 million PAID tokens have been wrongly cast.

03

DeFiBox.com, the DeFi portal, monitored and found that Heco.cx, which claimed to be launched on Heco, used false media news, and there were many exaggerations in the project publicity, and its auditing report was suspected of counterfeiting.

04

The fund pool of wCRES/USDT on the decentralized exchange DODO seemed to have been attacked by hackers, transferring nearly $980000 worth of Wrapped CRES (wCRES) and nearly $1140000 worth of USDT.

05

True Seigniorage Dollar (TSD), a cross-chain stable token on ETH and BSC, said that malicious attackers used TSD DAO to cast 11.8 billion TSD tokens in their accounts, and all of them were sold in Pancakeswap.

06

On the evening of March 15, Beijing Time, a large number of project front ends of BSC (Binance Smart Chain) were attacked, and Twitter began to remind users not to carry out contract operation. Cream Finance said that DNS has been damaged by a third party, please do not enter any words on the web page; Pancake also said that it was hijacked by DNS similar to Cream, so please do not use the website.

07

There was “Double Spending Trading” on Filecoin, and many exchanges closed the recharge channels of FIL. This attack method was more covert because of the characteristics of Filecoin nodes.

08

SIL.Finance, the DeFi aggregation financial service, said in an article that after discovering that smart contract could not be withdrawn due to high-risk loopholes, after 36 hours of efforts from several parties, it has recovered $12.15 million and saved a multi-signed wallet address.

Comments of Beosin:

All kinds of DeFi projects are booming in the world, and these DeFi projects also lock more than 10 billion virtual currency assets at the same time, which will undoubtedly become the most serious disaster area for hackers to carry out various attacks. Beosin believes that DeFi field is still in the development stage, so all the project parties must ensure that code auditing work is done well before going online.

In terms of Crypto Frauds/ Crypto Scams, there were 7 typical security incidents occurred in total:

01

Polygon (former Matic Network), the Ethereum side-chain expansion program, warned on Twitter that Google’s play store provided a fake “Matic Wallet” app. This malicious app was not related to Matic Network or Polygon.

02

On March 2, 5 BTCs, worth about $243000, were sent by someone to a fraudulent wallet address called Elon Musk, the founder of Tesla.

03

The U.S. Department of Justice announced that Swedish citizen, Roger Nils-Jonas Karlsson, pleaded guilty to securities fraud, wire transfer fraud and money laundering charges. He would face up to 20 years in prison on charges of wire transfer fraud and securities fraud, and up to 20 years in sentence on money laundering charges.

04

Ramesh J, a 38 year old lecturer at a private university in Bangalore, India, reported to police that he suffered a crypto fraud at Coinswitch Kuber, the crypto trading platform, and lost 1 million rupees (About $13780) worth of Bitcoin.

05

The police in Lancashire county, England, said 5 suspects took advantage of the loopholes of a company named Coinspot, operated by Casey Block Services in Australia, to conduct virtual currency frauds, with a fraud amount of 20 million pounds (About $27 million).

06

Mary Kay Vyskocil, the federal judge in New York, USA, has agreed the ruling from CFTC of USA related to the crypto fraud program that there were certain frauds from Benjamin Reynolds, founder of Control-Finance, and ordered him to pay a fine of $429 million and a compensation of $143 million, totaling $572 million.

07

On March 31, a Bitcoin fraud app designed to look like a genuine app was accepted by audit team of Apple’s app store, which eventually cost PhillipeChristodoulou, an iPhone user, 17.1 BTCs, worth more than $600000 when it was stolen.

Comments of Beosin:

The increasing popularity of Blockchain technology and virtual currency has promoted more and more people’s attention on this emerging areas, and also made scammers and speculators sprout new ways of crime. All kinds of frauds or scams based on Blockchain technology and virtual currency came into being. Beosin hereby remind investors always improving vigilance, do not blindly credulous and following.

In terms of Ransomware/ Mining Trojan, there were 2 typical security incidents occurred in total:

01

NiceHash warned the miners of the platform to stop using the Phoenix mining plug-in immediately. The risk control team of NiceHash found that the Phoenix mining software could not be downloaded from its original download address normally, and the value of Control shasum from the new download address was inconsistent with the value released by the developer on its channel.

02

Acer, a well-known computer maker, has been attacked by Revil, the ransomware group, who demanded to pay up to $50 million in XMR to decrypt the company’s computers and not leak data on dark web.

In terms of Dark Web, there was 1 typical security incident occurred in total:

01

The US Department of Justice announced that Tal Prihar, who run DeepDotWeb, pleaded guilty to the conspiracy of money laundering. According to the charge of the Department of Justice, Prihar used DeepDotWeb, a news website, to advertise and direct readers to various dark web markets. Prihar, they said, profited about 8155 BTCs from kickbacks on such ads, based on customers who clicked into the market.

In terms of Others, there were 4 typical security incidents occurred in total:

01

On March 1, the 70GB data of Gab, a social networking platform supporting Bitcoin, was hacked. The hacked data included public posts, personal data and passwords, as well as posts and messages from private accounts.

02

White-hat hacker Taha Karim has detected that the macOS version of Electrum, a Bitcoin wallet,

has been hacked. The attacker injected malicious code into Electrum / util.py and the storage repository of Electrum / storage.py, and the same problem existed in the Windows version of Electrum.

03

NFT index fund, NFTX, launched a new proposal, XIP#2, proposing to pay the loophole reward of $50000 to the independent security researcher Samczsun, because Samczsun found a serious loophole in NFTX’s vault creation contract.

04

On March 10, Cosmos (ATOM), a cross-chain project, officially tweeted that all authentication nodes of Cosmos Hub should pay attention to a serious security loophole found in Gaia v4.0.x, but there was no risk for user funds.

In view of the current security situation of Blockchain ecosystem, Beosin hereby warmly prompts:

On the whole, although the total number of typical security incidents that occurred in March was the same as that in February, the overall security risk rating was rated by the security team of Beosin as MEDIUM, the overall security risk of 2 critical aspects in Blockchain ecosystem, DeFi and Crypto Frauds/ Crypto Scams, were still severe.

It was not difficult to see that typical security incidents in terms of DeFi remained high, and the DeFi projects were still the key attack target in the eyes of hackers. Here, we suggest that on the one hand, all the project parties should carry out comprehensive and professional security auditing work before the contract or project goes online, on the other hand, also need to link the resources of all parties in the industry to build a complete set of security protection and asset tracking mechanism.

Regarding Crypto Frauds/ Crypto Scams, we recommend that all investors must do their best to perform due diligence when selecting investment & wealth management products, and do not blindly follow the trend, and do not listen to the so-called “inside information” or “financial management experts” who claim always profits and never losses.

Beosin (Chengdu LianAn Tech)

Blockchian Security · IDE · Beosin-VaaS · Formal Verification · SAS | China leading enterprise in blockchain security field