In the past two days, two major security incidents occurred in the Web3 space, which shocked the entire market. The two security incidents involved a sum of approximately $130 million
Analysis of Poloniex and Raft Attack.
On November 1, 2023, Beosin EagleEye detected that the oPEPE market contract of OnyxProtocol fell victim to a hacker attack, resulting in a profit of approximately $2.18 million for the hacker.
On October 31, according to Beosin's EagleEye, the previously trending Unibot was unexpectedly attacked by hackers, sparking considerable market attention.
On September 19, 2023, the Hong Kong Securities and Futures Commission held a press conference, revealing that JPEX had ceased its trading operations.
On August 18, 2023, According to Beosin EagleEye monitoring, the Exactly Protocol on Optimism was attacked for $7.3 million.
On August 14, 2023, Beosin EagleEye detected a price manipulation attack on the Zunami Protocol, a protocol on the Ethereum blockchain. The attack resulted in a loss of 1152 ETH($2.1 million).
Circom is a zero-knowledge proof circuit compiler developed in Rust. The team behind Circom has also developed the SnarkJS library, which is used to implement the proof system.
Beosin has discovered a vulnerability in the Circom verification library, identified as CVE-2023–33252, and warns the ZK project team to be mindful of the associated risks.
On Mar 13, 2023, DeFi protocol Euler Finance was exploited with a ~$197M loss in multiple Txs. Around 34,224,863 $USDC, 849 $WBTC, 85,818 $stETH and 8,877,507 $DAI were stolen.
On October 27, 2022, Beosin EagleEye reported that Team Finance on Ethereum was exploited for over $13M.
We have analyzed the attack flow and traced the stolen funds of the recent $850 million BNB Chain exploit in our last article. How did the attacker insert the attack payload and pass the verification