Inventory: More than 27 typical security incidents occurred in November, and the overall risk rating was "high"

According to data monitoring by Chengdu Lian'an's "Blockchain Security Situation Awareness Platform" (Beosin-Eagle Eye):

In November 2020, various security incidents occurred frequently in the blockchain field. Compared with the trend of security incidents easing in October, the situation this month has worsened. According to incomplete statistics, more than 27 typical security incidents occurred in November.

This month, especially in the DeFi field, hackers staged a series of protocol "attacks" as if they had been rehearsed. Among them, reentry attacks, oracle attacks and other means, assisted by flash loans, showed strong lethality. It has to be said that the DeFi market in November was like experiencing a "catastrophe", with multiple attacks "bombing" in turn, causing huge asset losses.

During this period, Chengdu Lian'an once called for this, saying that the flash loan attack was just a name, and the truth behind it could not be ignored. DeFi project parties should pay special attention to the problem of oracle manipulation to prevent the data crisis from bringing irreversible consequences.

Therefore, Chengdu Lian'an once again solemnly recommends that DeFi developers should strengthen targeted testing of oracles, especially before the project goes online. They need to simulate various scenarios of price manipulation attacks as much as possible, discover problems and find solutions in a timely manner, and effectively improve the project's ability to resist oracle attacks, so as to avoid such risks in advance.

There were 『6』 typical security incidents in the exchange

01

The Longhutang Police Station of Changzhou Police recently received a report that a user was defrauded by investing in virtual currency on the "Roman Coin Exchange" platform. The platform has launched two APPs for users to chat and trade, and rebates can be obtained after successful operations. At present, the trading platform can no longer be logged in.

02

Polkadot’s decentralized financial platform Akropolis was attacked. Hackers used flash loans on the derivatives platform dYdX to conduct a reentry attack, resulting in a loss of $2 million.

03

Many citizens in Quanzhou reported that they were defrauded in digital currency transactions. The exchange involved was called MARK Exchange, the amount involved was about 2.5 billion yuan, and it was suspected that about 100,000 people were involved in position management.

04

On November 13, Liquid Exchange experienced a breach. Hackers changed DNS records and then took control of a large number of internal email accounts. Eventually, they partially compromised the exchange’s infrastructure and accessed stored documents.

05

Pickle Finance's pDAI PickleJar was hacked, resulting in the draining of 19,759,355 DAI. The attack also involved many Pickle protocol components.

06

Well-known security blog KrebsOnSecurity reported that from around November 13, several cryptocurrency platforms hosted by popular hosting provider Godaddy were attacked, including cryptocurrency trading platform Liquid.com.

A total of 『5』 typical security incidents occurred in DeFi

01

The TRON mainnet was attacked by a malicious contract at 06:14 on November 2, Hong Kong time. In this attack, the hacker used the authority granted to the contract writer to launch a malicious transaction that caused the "super representative" to suspend block production in order to profit.

02

DeFi lending platform Percent Finance wrote in a blog post on November 4 that certain money markets have encountered issues that could cause user funds to be permanently locked. As a result, the team froze money markets specifically for USDC, ETH, and WBTC.

03

On November 14, the Value DeFi MultiStables vault of the Value DeFi protocol was attacked by hackers' oracle manipulation, ultimately resulting in a loss of more than $7 million.

04

Origin Protocol's stablecoin OUSD was attacked by a flash loan and fell to $0.13. Since then, OUSD liquidity in Uniswap has fallen from $350,000 on the 16th to $120,000.

05

Kiyo of Web3 decentralized API service API3 tweeted that the DeFi fixed rate generation protocol 88mph (MPH) appeared to have a vulnerability that an attacker exploited to mint $100,000 worth of MPH tokens. The vulnerability has since been fixed.

Beosin Review

This month, the security issues of DeFi projects are worrying. This may be related to the lack of sufficient attention to the core links of the protocol. "It is never too late to mend the fold after the sheep have been lost." Hacker attacks seem to be unstoppable. In the face of severe security situations, proactive defense mentality and actions are crucial.

Chengdu Lianan believes that security issues should always be the top priority. In fact, it is far from enough to just do a security audit before the project goes online. Many cases reflect the problem that auditing is only the first step in security prevention work.

During the development of the project, it is necessary to constantly sort out system problems to prevent any "fatal" vulnerabilities. Otherwise, when hackers discover them earlier than the internal ones, the security of assets may be in jeopardy.

There were 『5』 typical security incidents in the area of ​​scams and crypto scams

01

Indian socialite Harpreet Singh Sahni admitted that she was involved in a large-scale cryptocurrency scam and sold crypto software to investors at an Australian crypto company while promoting PGUC tokens. The company's website often went down, making it impossible for users to withdraw cash. Sanhi may face about 24 years in prison.

02

The nonprofit European Fund Recovery Initiative (EFRI) has filed a legal complaint against Payvision, a company controlled by Dutch bank ING, claiming that the company promoted fraudulent investment schemes and provided services to cryptocurrency companies, causing investors to lose more than $75 million. The organization is seeking compensation on behalf of hundreds of victims. According to documents provided by EFRI, the Cryptopoint crypto trading platform is suspected of being involved in the scam.

03

Beijing time, November 5th news, a hacker disguised as Elon Musk defrauded users of virtual currency in reply to Trump's tweets. The account used by the hacker was verified by Twitter, and the username was displayed as "Elon Musk". He replied to Trump's tweet discussing the situation of the presidential election and made a profit of more than $250,000 in a few hours.

04

On November 9, scammers used fake domain names to steal about 1.1 million XRP from different users, currently worth more than $280,000.

05

On November 17, the Australian Securities and Investments Commission (ASIC) announced that former BitConnect promoter John Louis Anthony Bigatton was prosecuted for his involvement in a cryptocurrency project that was accused of defrauding investors of millions of dollars.

A total of 『5』 typical security incidents occurred in the ransomware/mining Trojan area

01

On November 3, Tencent Host Security (Cloud Mirror) captured an attack by the mining Trojan group z0Miner using the WebLogic unauthorized command execution vulnerability (CVE-2020-14882/14883). The group discovered through batch scanning of cloud servers that machines with WebLogic vulnerabilities were implanted with Monero mining Trojans.

02

In early November, gaming giant CAPCOM was attacked by a ransomware developed by an organization called "Ragnar Locker". Security expert Pancak3lullz said that Ragnar Locker locked 2,000 devices on the CAPCOM network through encryption and demanded a ransom of $11 million in Bitcoin. The data included folders, passports, sales reports, bank statements, contracts and a large number of strategic information databases.

03

Campari Group, a well-known Italian wine merchant, was attacked by hackers on November 1. The company's important documents, contracts and bank information were stolen. The hackers demanded $15 million worth of Bitcoin.

04

Bitcoin ransomware Pay2Key has attacked multiple Israeli companies. It is reported that the leaked data of each victim company was uploaded to a specific folder on the website with a message customized by the attackers.

05

Weibo user "BCH enthusiast BruceLee" said that the BCHA chain is currently under attack. The attack is two-pronged (most likely done by the same person), and a large number of empty blocks have been generated in the BCHA network.

A total of 『1』 typical security incident occurred on the dark web

01

The U.S. Department of Justice has seized $1 billion in Bitcoin related to the dark web Silk Road. The Department of Justice said in a statement that the confiscated cryptocurrency was related to the dark web Silk Road, and this is the largest cryptocurrency confiscation in the United States so far. The authorities seized the Bitcoins from a hacker, who they named in the statement as Individual X.

A total of 5 typical security incidents occurred in other areas

01

Just hours after going live on November 2, a minting vulnerability appeared in the Axion Network contract, and $500,000 was stolen. They even recommended that users avoid buying AXN tokens immediately and stay away from the network's dashboard. One Twitter user pointed out that 79 billion AXN were accidentally minted and sold.

02

Phishing and scams targeting Ledger wallet owners are on the rise. One of the scam sites has obtained more than 1,150,000 XRP from victims. The scam used phishing emails to direct users to a fake Ledger website, tricking victims into downloading malware disguised as a security update, which resulted in the theft of all Ledger wallet balances.

03

According to Reddit, a group of "actively managed" malicious nodes attempted to interfere with and disrupt the Monero network through Sybil attacks in order to obtain information about users on the Monero blockchain.

04

The Grin website suffered a 51% attack on November 9. An unknown entity controlled more than 57% of the network's computing power. According to the Grin website, the team recommends that people wait for "additional confirmations on payment finality."

05

Recently, Binance worked closely with the U.S. Department of Justice to bring charges against two individuals for their role in the March 2018 attack on the Binance website.

Given the current new situation in the field of blockchain security

『Chengdu Lianan』Warm Tips

Overall, blockchain security incidents increased in November compared to October, and the overall number of security incidents was at a medium level.

In terms of DeFi projects this month, the number of security incidents has increased compared to last month. Under the continuous attacks of hackers, the overall security situation in the DeFi field is not optimistic.

Chengdu Lian'an hereby calls on all project parties to carry out a complete set of security screening work before the project goes online, and conduct regular inspections after the project goes online to reduce code vulnerabilities and other problems and avoid unnecessary losses.