There were 12 DeFi-related incidents, 2 exchange security incidents, 1 wallet security incident, 1 smart contract security incident, 6 other security incidents and 11 fraud incidents.
In terms of segmentation, according to PeckShield, a total of 12 DeFi-related security incidents occurred in April, with a loss of nearly $125 million and an outbreak trend of DeFi attacks.
With the explosion of the DeFi ecosystem and the increasing amount of money in the liquid pool, hacking attacks have entered a high period, and any one code vulnerability can cause millions of dollars in losses.
On April 5, DeFi quantitative hedge fund Force DAO was attacked, liquidating a total of 183 ETH (about $367,000) of FORCE tokens.
On April 6, Polkatrain was hacked, with hackers using a similar slippage issue to maliciously target the POLT project, stealing about 50,000 DOTs.
On April 7, a vulnerability in the incentive calculation of the algorithmic stable coin Fei was reported. The project said it would stop all minting rewards for FEI; Fei went off-anchor and fell to $0.77 at one point.
On April 19, the DeFi lending protocol EasyFi was hacked, with hackers obtaining the administrator key and transferring $6 million worth of stablecoins USDT, USDC and DAI from the protocol pool; 2.98 million EASY tokens were also transferred to their wallets, costing over $70 million.
On April 21, DeFi’s revenue aggregator AutoFarm experienced a strategy error with a loss of around 1% involving the USDC and USDT Venus strategy pools, caused by the fact that Venus, the largest lending platform on BSC, officially charged a 0.01% withdrawal fee, but Belt, Autofarm The reason for this loss is that Venus, the largest lending platform on BSC, officially charged a 0.01% withdrawal fee, but Belt, Autofarm and several other machine gun pools did not adjust their strategies in time.
On April 28, a serious vulnerability in the DeFi project Uranium Finance’s smart contract code allowed attackers to make off with $50 million.
Prevention and Tips: The operation of the DeFi system needs to be guaranteed by smart contracts, which requires that the code of smart contracts has been meticulously reviewed. If there are any vulnerabilities in a smart contract, it can become a target for hackers.
Under traditional conditions, hackers attack financial systems mainly by virtue of their superior computer skills, while in the existing DeFi ecosystem, the interoperability between chains and applications is not that good, so the chance of arbitrage across chains and applications may be higher. At this point, even a person with less computer skills can become a hacker and attack the DeFi system as long as he has enough financial knowledge and enough market sense.
In addition, as DeFi booms, the opening of assets (internal transfer paths are open) is also expanding rapidly, which requires cross-chain assistance, but there is a risk that hackers will quickly move assets from one chain to another, increasing the cost in time and space, as well as the difficulty of tracking stolen assets.
PeckShield advises investors to do their due diligence before participating in DeFi projects, for example, to check and verify whether the project has conducted a comprehensive and professional security audit, and try not to participate in projects that have not passed any security audit, and not to let down their guard when participating in projects that have passed a security audit.
According to PeckShield, there were 2 typical exchange security incidents in April, the more influential one was the suspected runaway of the founder of Turkish crypto exchange Thodex on April 22nd, which prevented users from taking out the crypto assets in Thodex and accused Thodex of fraud, with its lawyers claiming that the amount involved might reach hundreds of millions of dollars.
According to CoinHolmes, PeckShield’s anti-fraud situational awareness system, there were 11 fraud-related security incidents in April.
In the context of the booming blockchain finance and digital currencies, virtual currency fraud is fast updating, difficult to track and easy to launder, which brings new challenges to the global police, PeckShield has collected and observed 2 new types of typical cases.
Forged identity documents, millions of virtual currencies stolen
A “hacker gang” invaded a virtual currency platform, stole user information, forged documents, and then stole 10 million yuan worth of radar coins from the account by replacing the cell phone card at a business office. A few days ago, this criminal gang was caught by the Longgang Public Security Bureau of Daqing City Public Security Bureau, according to the police, such criminal means in the country are very rare, the first such case cracked in Heilongjiang.
It is reported that this “hacker gang” mainly to forge documents to replenish other people’s cell phone cards for profit, headed by Zhang, Li, Lin, Tang, Kwong, Li for the downline, Zhang and a line, to provide him with the target person cell phone number.
Before the crime, Zhang obtained Liu’s cell phone number from the line, first contacted the downline Kwong, through the cell phone number to check the owner’s identity information, and then for fake documents; then contacted the downline Li Moumou, saying he needed to find someone to go to the location of the cell phone number to replace the card. After Kwong obtained Li’s crown-free photo and made a fake document, Zhang contacted Tang to lead Li to take the fake document for a replacement card.
In addition, Zhang’s online Zhang Moujie, responsible for providing him with the need to replace the cell phone number, a successful replacement, the virtual currency bound within this cell phone card number, according to the equivalent of 30% of the RMB commission to him. “Zhang Moujie and I said, this time earned hundreds of thousands of dollars.” The case, Zhang from Zhang Moujie profit of 170,000 yuan, and then distributed.
The company has been able to steal 50 million virtual currency assets by self-taught programming “hackers”.
After purchasing thousands of ethereum (ETH) virtual currency assets, Zhang of Neijiang, Sichuan Province, kept them in his cell phone and kept the private key close to him, hoping to invest and increase the value. On September 25 last year, he discovered that all these Ether had been transferred away. On April 14 this year, according to information from the Neijiang Public Security Bureau, his Ether was stolen by a man who taught himself hacking skills. With the current market price estimation, the value of his stolen blockchain assets is about 55 million yuan. At present, the suspect has been arrested by execution.
Prevention and Tips: The operation mechanism of virtual currency has natural characteristics of decentralization, anonymity and real-time. Decentralization makes it far more difficult to track the flow of a virtual currency than in a centralized state, which makes it difficult to collect a complete chain of evidence due to the difficulty of obtaining clues; real-time means that asset transfer and money laundering are initiated and completed anywhere in the world at millisecond speed, which makes the police extremely passive in the investigation process and difficult to accurately grasp the flow of funds.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/layer-2-first-hacking-incident-fraud-new-tricks-to-steal-coins-with-fake-ids/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.