It’s time for another monthly safety check! According to the security public opinion monitoring data of Chengdu Lianan’s “Eagle Eye-Blockchain Security Situational Awareness Platform”, in August 2022, the number and amount of various security incidents increased significantly compared with July. There were more than “23” more typical security incidents in August, of which the total loss of attack security incidents was about 210.54 million US dollars.
Attacks occurred frequently in August, with many incidents involving high amounts of money and wide-ranging users. This month’s cross-chain bridge Nomad incident, which lost $190 million, may be the most chaotic attack in the Web3 space this year. In addition, a large-scale currency theft incident occurred on the Solana public chain this month. At least 8,000 users’ wallets were stolen, and the total loss amounted to 6 million US dollars. Fraud/runaway incidents continued to occur frequently in August, and users need to be more vigilant to protect the safety of their assets.
A total of “14” typical security incidents occurred:
- No.1 On August 2, the cross-chain bridge Nomad bridge suffered a large-scale hacker attack. Over 500 hacker addresses participated in the attack, and the project party lost 190 million US dollars.
- No.2 On August 2, the hot wallet of the ZB exchange was suspected of being hacked due to the leakage of the private key, with a total loss of about 4.68 million US dollars.
- No.3 On August 2, Reaper Farm’s contract was maliciously exploited, resulting in a loss of approximately $1.7 million.
- No.4 On August 3, a large-scale currency theft incident occurred in the Slope wallet on the Solana public chain, and the loss was estimated at about 6 million US dollars.
- No.5 On August 5th, the EtnProduct project suffered a flash loan attack and lost about $10,000.
- No.6 On August 5, the ANCH project suffered a price manipulation attack and lost about $100,000.
- No.7 On August 6, the Polygon ecological project GenomesDAO was attacked and lost about $43,000.
- No.8 On August 8, the EGD Finance project was attacked by price manipulation and lost about $36,000.
- No.9 On August 10, Curve Finance suffered a DNS attack and lost $612,000.
- No.10 On August 14th, the Polkadot ecological project Acala caused an abnormal additional issuance of 1.2 billion aUSD due to an incorrect setting on the chain. The project party froze the relevant funds urgently, and the actual loss is estimated to be US$6 million (incomplete statistics).
- No.11 On August 17, Stader NearX was attacked by reentrancy and lost about $830,000.
- No.12 On August 18, Celer Network said that cBridge’s front-end interface suffered a DNS cache poisoning attack, costing about $240,000.
- No.13 On August 24, Kaoyaswap was attacked due to a logical error in the contract function and lost about $180,000.
- No.14 On August 28, the token DDC was attacked and lost about $100,000.
Fraud runaway/crypto scam aspect
A total of “7” typical security incidents occurred
- No.1 On August 7, the encryption project Saxon James Musk ran away and transferred $420,000.
- No.2 On August 10, the DeFi project Blur Finance was suspected of having a Rug Pull, and assets worth $600,000 on the chain were transferred.
- No.3 On August 11, a Rug Pull occurred in Wuliangye, an NFT project with the same name as Wuliangye, and the official website and Discord community have been closed.
- No.4 On August 23, the NFT trading platform sudoswap imitated SudoRare was suspected of running away, and 519 ETH ($815,000) were stolen.
- No.5 On August 30, Haikou City cracked the virtual currency “Vikacoin” pension fraud case, involving more than 20 million yuan.
- No.6 On August 30, the founder of the Turkish cryptocurrency trading platform Thodex was arrested in Albania on suspicion of defrauding $2 billion.
- No.7 The Ministry of Public Security cracked down on the new crime of telecommunication network fraud and seized more than 50 million yuan in cash and 885,000 USDT.
A total of “2” typical security incidents occurred
- No.1 On August 8, the U.S. Treasury Department added cryptocurrency mixing service Tornado.Cash to its sanctioned list, with all U.S. individuals and entities barred from interacting with Tornado Cash or any Ethereum wallet addresses associated with the protocol.
- No.2 On August 21, hackers used a zero-day vulnerability to steal cryptocurrencies from Bitcoin ATMs owned by General Bytes.
In view of the current new situation in the field of blockchain security, Chengdu Lian’an summarizes here:
Overall, the number of various blockchain security incidents in August 2022 increased significantly from July. The total loss of attack security incidents in August was about 210.54 million US dollars, an increase of about 700% compared with July.
This month, the number of attack incidents caused by the exploitation of contract loopholes accounted for 50%, and the loss amounted to 192.85 million US dollars. It is still important to conduct professional security audits before the project is launched. In August, some Web2 attacks (such as DNS attacks) increased in the Web3 field. It is recommended that the Web3 project party pay attention to the security of the Web2 field and do a comprehensive security defense.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/inventory-of-security-incidents-in-august-more-than-23-attacks-totaling-210-million-in-losses/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.