Since October, various security incidents have occurred frequently and mainly concentrated at the end of the month. From the perspective of Defi security, the security situation is not optimistic. The maximum loss caused by hacker attacks is as much as 130 million US dollars, which is shocking. Known Chuangyu Blockchain Security Lab summarized various security incidents that occurred in October, and discussed attack methods and exposed problems.
Inventory of security incidents in October
The following are security incidents in various fields that occurred in October:
AutoShark Finance, the DeFI protocol on the BSC chain, suffered a lightning loan attack, and its mining exchange function had loopholes. After being attacked by hackers, it lost approximately US$580,000.
The decentralized lending protocol Compound tried to fix the loopholes contained in the liquid mining token distribution contract through community proposals. At the same time, it injected 200,000 comp tokens into the vulnerable contract due to the call of the drip() function. The agreement has faced potential losses of US$158 million.
SaturnBeam, the DEX MoonSwap IDO project on the Moonriver chain, runs off.
Ethernet Square on passive income agreement Indexed Finance under attack because of its vulnerability arises in that agreement to describe the value of the entire mine pool by means of a token, a loss of about $ 16 million.
The Glide Finance contract vulnerability of the DeFi protocol on the ESC chain was exploited. The reason for the vulnerability was that the team changed the fee parameter after the audit, but did not update the number on the contract from 1,000 to 10,000, resulting in a loss of approximately US$300,000.
Pancake Hunny, the DeFi protocol on the BSC chain, was attacked by a lightning loan. The vulnerability is that the price of the underlying asset exchange process is easily manipulated, allowing an attacker to manipulate a certain transaction with huge amounts of funds to attack the price of arbitrage.
Avaterra Finance, the ecological protocol on the Avalanche chain, was attacked by hackers, and its minting contract has serious loopholes. Anyone can call its minting function.
The DeFi lending protocol Cream Finance on Ethereum was attacked again. The core code of the attack was that the price factor pricePerShare dynamically priced through the simple asset amount ratio, which resulted in a loss of about 130 million U.S. dollars.
AutoShark Finance, the DeFi protocol on the BSC chain, was attacked again this month, with losses exceeding US$2 million.
$58.65 million in funds from the project AnubisDAO launched on the fair launch auction platform Copper was stolen.
The BXH project, a decentralized transaction protocol on the BSC chain, was attacked. The core reason for the attack was that the management authority was directly given to the attacker, and the loss amounted to approximately US$139 million.
The types of security incidents that occurred in October were diversified, and the circumstances of various vulnerabilities were also different. There were problems with the mining pool function, problems with the exchange function, and even problems with the coin function. Know that Chuangyu Blockchain Security Lab reminds us that recent attacks on various chains are still happening frequently. Contract security needs the highest attention. Contract audits, risk control measures, emergency plans, etc. must be implemented.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/summary-and-review-of-october-security-incidents/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.