It’s time for another monthly security recap! BEOSIN Eagle Eye reported 21 typical security incidents in December 2021. On the whole, the number of blockchain security incidents in December is not much different from that in November, and the overall number of security incidents is still at a high risk level.
DeFi
There were 8 typical security incidents
№1 Automated market maker protocol MonoX is hacked by a flash loan, losing about $31 million.
№2 DAO tool project 0xHabitat was hacked, and the funds were transferred to Tornado.
№3 Decentralized organization Badger DAO was hacked, resulting in unauthorized transfer of user assets.
№4 On December 9, the NFT project Merge has a contract vulnerability and is being fixed.
№5 News on December 21 said there was a vulnerability from Bent deployment address which added the balance of cvxcrv and mim in an unverified update 20 days ago.
№6 Streaming platform Twitch co-founder Justin Kan’s Fractal NFT project was hijacked before launch and $154,000 was stolen.
№7 Hackers drained 8.8 million VISR tokens in Uniswap V3 liquidity management protocol Visor Finance by exploiting a reentrancy vulnerability, totaling approximately $8.2 million in losses.
№8 Dec. 25 — Mirror, the Terra on-chain synthetic asset protocol, suffered a serious governance attack in which attackers attempted to steal $38 million worth of MIR tokens from the protocol.
Rug pulls/crypto scams
There were 4 typical security incidents
№1 On December 3, Vietnamese police broke up a large illegal online gambling ring using cryptocurrencies for trading, and 59 people were detained.
№2 A victim user suffered a phishing attack, resulting in the NFT listed for sale in OpenSea being maliciously bought at a price much lower than the listed price.
№3 It is reported that the “fraudulent scheme” of some APPs under the guise of “meta-universe blockchain game” and “cloud mining” etc. has increased in December.
№4 On December 28th, another case related to cryptocurrency investment scam occurred in New York, USA, and the loss amount is huge.
Ransomware/Mining Trojans
There were 2 typical security incidents
№1 HP servers were likely controlled by hackers between December 9 and 17, who may have made approximately $110,000.
№2 Copies of “Spider-Man: No Way Home” have been packaged with malware that allows users’ computers to be used to mine the Monero.
Others
There were 7 typical security incidents
№1 ZenGo, a crypto wallet provider, has discovered a double-spending vulnerability that could deplete the funds in Gringotts Bank reserved in DeSo.
№2 Dec. 4 — An illegal crypto mining site was discovered in Ukraine, stealing about 3.5 million hryvnia (about $128,000) of electricity.
№3 Cryptocurrency trading platform BitMart’s hot wallet is stolen, and the loss may exceed $100 million.
№4 8ight Finance project side suspected to be attacked due to private key compromise. Total loss: 868,587 DAI, 123,621 1USDT, 10,843 EIGHT, 80 ONE.
№5 As of December 6, Shaanxi Province of China has solved 52 cases of electricity theft, confiscated more than 2,000 bitcoin miners.
№6 NatWest Bank was fined $348.5 million for violating anti-money laundering laws.
№7 According to news, someone exploited a vulnerability to bypass the 2-piece sale limit to purchase 330 adidas NFTs in a single transaction.
In view of the current new situation in the blockchain security field, BEOSIN hereby summarizes:
This month’s security incidents are still concentrated in two fields, DeFi and crypto scams, and the security incidents in DeFi field have increased compared with November. Once again, BEOSIN reminds users to stay vigilant to protect their funds and attach importance to the security infrastructure.
Contact US
Website: https://beosin.com/
Email:contact@beosin.com
Twitter: https://twitter.com/Beosin_com
Telegram: https://t.me/beosin
Medium:https://medium.com/@Beosin