Inventory | More than 36 typical security incidents occurred in July, the field of DeFi and encryption scams is still the hardest hit area

It’s time for monthly security inventory again! The public opinion monitoring of Beosin-Eagle Eye (Beosin-Eagle Eye) shows that in July 2021, various security incidents still occur from time to time. According to Chengdu Lian’an Technology, there were more than “36” more typical security incidents in July .

This month’s security incidents are still concentrated in the two areas of DeFi and encryption scams . In addition, ransomware security incidents cannot be ignored. The losses in this area are often huge. Here, Chengdu Lianan once again recommends that the majority of project parties must conduct real-time monitoring of abnormal operations, find them immediately, and solve them immediately. All users should also enhance their own safety awareness to avoid serious losses.

Exchange side

A total of “2” typical security incidents occurred

No.1 A former employee of Cryptopia, a New Zealand cryptocurrency exchange, stole more than $170,000 in cryptocurrency.

No.2 The actual owner of Bithumb, South Korea’s largest cryptocurrency exchange, was handed over to trial on charges of fraud of 100 billion won.

DeFi aspect

A total of “11” typical security incidents occurred

No.1 DeFiPie, the lending protocol on Ethereum and Binance Smart Chain, was attacked by hackers. The official recommends liquidity providers to withdraw liquidity as soon as possible.

No.2 Due to the vulnerability of the ChainSwap smart contract, it was attacked by hackers and 2.9 million RAIs were stolen.

No.3 The decentralized cross-chain transaction protocol Anyswap was attacked at 4 a.m. Beijing time on July 11, resulting in a loss of approximately US$8 million.

No.4 BSC ecological Rabbit Finance code has a large number of loopholes, which is suspected of running away.

No.5 suffered a lightning loan attack, and the token Space plummeted by 75%.

The Polygon Space Token (pSPACE) of No.6 Polygon platform suffered a lightning loan attack.

No.7 Bondly Finance (BONDLY), a digital collectibles market platform, was attacked by an unknown party. It is recommended that users stop trading BONDLY tokens.

No.8 Decentralized cross-chain transaction protocol THORChain (RUNE) was attacked, and the loss was approximately US$25 million.

The version of No.9 DeFi revenue aggregator PancakeBunny on Polygon was attacked by outsiders.

No.10 DeFi project array finance is suspected of being attacked by lightning loans.

The No.11 income farming agreement PolyYeld Finance was attacked, causing the price of YELD tokens to go directly to zero.

Beosin review 

This month, typical security incidents in DeFi have increased unabated. The Chengdu Lianan technical team also analyzed the reasons for several security incidents. For example, attackers used contract mortgages and logical flaws in calculating rewards to attack project parties. Therefore, for the project party, it is necessary to avoid the appearance of similar vulnerabilities. When necessary, the power of a third-party security company can be used to carry out project self-inspection work to eliminate potential safety hazards.

In terms of fraud/encryption scams

A total of “11” typical security incidents occurred

No.1 South Korean authorities investigated 33 people for $1.48 billion in illegal crypto transactions.

No.2 The president of the Brazilian financial management company Bitcoin Banco Group was arrested by the police on suspicion of $300 million in crypto asset fraud.

No.3 The US SEC filed fraud charges against Telidyne CEO Aron Govil. The company’s application claims to provide encrypted transactions without encryption.

No.4 hackers took control of Techy’s technology channel and used the name of Charles Hoskinson, the founder of Cardano, to promote a “free token distribution scam.”

No.5 Synthetic asset protocol XCarnival was launched on CoinMarketCap (CMC) in July. Someone pretended to be the XCarnival project party to publish false contract address information to induce everyone to buy tokens.

Circle, the issuer of the No.6 US dollar stable currency USDC, lost US$2 million due to email fraud.

No.7 E-sports organization FaZe Clan is suspected of cryptocurrency fraud. At present, the team fired one member and suspended the qualifications of three members.

No.8 Criminals impersonate CryptoArt.Ai staff, build Telegram groups in violation of regulations, spread false information, and induce users to commit fraud.

No.9 security company Lookout discovered an encrypted mining scam using hundreds of Android applications.

No.10 Criminals used Chia’s logo and company information on the Stellar network to create a token called Chia and tried to impersonate Chia’s official product.

The four behind the No.11 “Oz Project” were arrested on suspicion of committing USD 55 million in crypto investment fraud. According to local media reports, the number of victims ranged from 10,000 to 20,000.

Beosin review 

Chengdu Lianan reminds everyone that we must pay attention to virtual currency fraud. There are many scammers and they are well versed in various marketing methods and sales routines. Sometimes they are deceived and lose their money, but they are still addicted to the scams weaved by scammers. There is no such thing as a “stable profit but no loss” investment, so you must keep your eyes open!

Ransomware/mining Trojans

A total of “2” typical security incidents occurred

No. 1 Saudi Aramco’s 1TB of company data was illegally accessed. Hackers demanded US$50 million as compensation for deleting the data and demanded payment in cryptocurrency.

The No.2 hacker organization REvil attacked at least 200 US companies and demanded that these companies use Monero to pay a ransom of approximately US$45,000.

 Other aspects

A total of “10” typical security incidents occurred

The No. 1 DEX trading tool DEXTools (DEXT) was recently hacked, and some DEXT holders were affected.

No.2 The police in George Town, Malaysia seized 149 illegal cryptocurrency mining machines.

No.3 The Bitcoin Cash fork BSV network suffered a malicious attack. The attacker has recently reorganized the BSV network several times to carry out a double-spending attack.

No. 4 Four men were arrested by Hong Kong authorities on suspicion of using virtual currency to launder 1.2 billion Hong Kong dollars.

No. 5 Covid-19 vaccine and fraudulent vaccine certificate appeared on the dark web, accepting payment in BTC.

No.6 The Bitcoin wallet used by the New Zealand police for money laundering investigations was hacked.

No.7 suffered a large-scale DDoS attack and was blackmailed for Bitcoin.

No. 8 NFT project Axie Infinity was attacked by DDoS.

No.9 OptionRoom was stolen 12.3 million ROOM tokens and decided to remove liquidity from Uniswap and Pancakeswap.

No. 10 Bitcoin trading platform MTI entered the final liquidation stage, and tracked another $268 million worth of Bitcoin.

In view of the current new situation in the field of blockchain security, “Chengdu Lianan” summarizes here:

On the whole, the blockchain security incident in July still cannot be underestimated. After the project party was attacked, the project suffered serious losses, and the overall number of security incidents is still at a high risk level. Here, Chengdu Lianan reminds all project parties to strengthen and improve their own safety protection.


Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply