It’s time for a monthly security report again! According to the Beosin EagleEye security risk monitoring, warning and blocking platform monitoring of Beosin, in November 2022, the number of various security incidents and the amount involved will decrease compared with October. In November, more than 17 typical security incidents occurred, and the total loss of various security incidents was about 518.09 million US dollars.

Attacks in the DeFi this month have decreased compared with last month. The biggest security incident in November was shortly after the FTX exchange filed for bankruptcy, a hacker stole about $440 million in funds and continued to transfer to the BTC chain. There are still frequent incidents of fraudulent running away this month, and some project parties have paid more than tens of millions of dollars. In addition, the two wallet security incidents this month involved a huge amount, and users and project parties need to be more vigilant.

DeFi

『8』Typical Security Incidents

№1 On November 2, the Skyward Finance project on the Near chain suffered a vulnerability attack and lost about $3.2 million.

№2 On November 2, the lending protocol Solend on Solana was attacked by an oracle machine, resulting in $1.26 million in bad debts.

№3 On November 5, PEAKDEFI was attacked due to a contract vulnerability, and lost about $66,000.

№4 On November 7, the MooCakeCTX project suffered a flash loan attack, and the attacker made a profit of about 140,000 US dollars. The project was attacked again on the same day, and the attacker made a profit of about $470,000.

№5 On November 10, the brahTOPG project on the ETH chain was attacked, and the attacker made a profit of about $89,879.

№6 On November 11, the DFX Finance project on the ETH chain was attacked and lost about $4 million.

№7 On November 12, FTX hackers stole about $440 million in funds and continued to transfer them to the BTC chain.

№8 On November 21, the sDAO project on BNB Chain suffered a vulnerability attack, and the attacker made a profit of about 13,000 US dollars.

Wallet Security

『2』Typical Security Incidents

№1 On November 2, the encrypted derivatives exchange Deribit stated on Twitter that the Deribit hot wallet was stolen and the loss amounted to 28 million US dollars.

№2 The personal wallet of Bo Shen, the founding partner of Fenbushi Capital, was suspected to have leaked his private key and was stolen, resulting in a loss of approximately US$42 million.

Rug Pull /Crypto Scam

『7』Typical Security Incidents

№1 On November 1, the FITE (FTE) project was suspected of being a Rug pull, and scammers had transferred 1,900 BNB to Tornado Cash.

№2 On November 14, a Rug pull occurred in the DeFiAi project, and the contract deployer made a profit of about 4 million US dollars.

№3 Flare on the BSC chain is a fraudulent project, and the contract deployer made a profit of about 17 million US dollars.

№4 A fake account posing as Flow’s official Twitter account used airdrops to defraud user authorizations. Thousands of people have been fooled, and the attackers have made millions of dollars in profits.

№5 Some hackers forged “Apple” phones to carry out phishing attacks on a large number of Web3 celebrities. The attackers forged the caller ID as “Apple, Inc.” and asked for the iCloud “recovery password.” Once successful, they would steal all iCloud sync data and demand a ransom from the victim.

№6 The British London police claimed to have cracked “the largest fraud operation in British history”. More than 100 people were arrested, and the amount involved was about 3.2 million pounds.

№7 The Singapore Police Force issued a statement on November 23 stating that the encrypted lending platform Hodlnaut is being investigated by the Singapore police for alleged fraud.

In view of the current new situation in the field of blockchain security, Beosin recommends:

Wallet security incidents and private key leak incidents are still frequent this month. It is recommended that projects and users should pay attention to the security of wallets, protect private keys, standardize operations, and do not click on links of unknown origin. 80% of the attacks this month were due to the exploitation of contract vulnerabilities. It is recommended to seek a professional company to conduct a security audit before the project goes live.

Contact

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn