Web3 security incident inventory in January: total losses were approximately US$160 million

Written by: Slow MistSafetyteam

Overview

according to SlowMist Blockchain Hacked ArchivesStatistics, January 2024, a total ofSafetyThere were 56 incidents, with a total loss of approximately US$160 million, due tocontractVulnerabilities, DDoS attacks, flash loan attacks, price manipulation and account hackingstealwait.

main event

Radiant Capital

On January 3, 2024, the multi-chain lending protocol Radiant Capital was attacked, resulting in a loss of 1,900 ETH (approximately $4.5 million). According to analysis, the hackers took advantage of the time window when a new market in the lending market (derived from Compound/Aave) was activated. The vulnerability also relies on a known rounding issue in the current Compound/Aave codebase.

On January 4, Radiant Capital stated that the attack caused the protocol to generate bad debts in the WETH market accounting for approximately TVL 1.3% of the protocol. On January 5, Radiant Capital launched the RFP-27 proposal, aiming to pass Radiant DAO The strategy and timetable for the recapitalization of the Arbitrum lending market and the repayment of excess debt in the WETH market were agreed upon.

(https://twitter.com/RDNTCapital/status/1742638364933714112)

Gamma

On January 4, 2024, the liquidity management protocol Gamma was attacked, resulting in a loss of approximately US$6.18 million. Gamma stated that Gamma’s vault has 4 main sources of deposit protection to prevent flash loans, one of which is “setting a price change threshold, and deposits will not be allowed when the price change exceeds a certain amount.” The main problem is that this price change threshold is set too high, causing the price change range of some LST and stablecoin vaults to be -50% / +100%, which allows attackers to manipulate the price up to the price change threshold and mint large amounts of LP Token.

(https://medium.com/gamma-strategies/post-mortem-remediation-plan-9a62f10d90f3)

Narwhal

On January 5, 2024, the protocol of the liquidity mining project Narwhal was attacked, resulting in a loss of approximately US$1.5 million. All NRW Token已被兑换为 USDT，并通过 Stargate 桥接至 ETH。大部分被steal资金已被转移至 Tornado Cash。

(https://twitter.com/Narwhal_fyi/status/1744042646954488145)

Coinspaid

On January 6, 2024, multiple unauthorized transactions occurred at the crypto payment service provider Coinspaid, and hackers stole crypto assets worth approximately US$7.5 million, including 4.8 million USDT, 500 ETH, 97 million CPD, 10.6 10,000 USDC, 24,000 BSC-USD and 268.5 BNB.

Socket

On January 16, 2024, the interoperability protocol Socket tweeted that the protocol encountered aSafetyevent. The attacker exploits a vulnerability in a newly added module under the Socket aggregator system, which is responsible for conducting transactions on behalf of the user.Tokenexchange. A vulnerability in this module allows an attacker to send unlimited tokens to Socket Gateway from those who have already approved them contractof usersstealWithdraw funds. The attack was carried out via two malicious transactions conducted on Ethereum. The total amount stolen was approximately $3.3 million. On January 23, with the assistance of the SlowMist security team and other partners, Socket successfully recovered 1032 ETH, worth approximately US$2.2 million. At the same time, the Socket team expressed its gratitude to the SlowMist security team.

(https://twitter.com/SocketDotTech/status/1749734794320363802)

Manta Pacific

On January 18, 2024, according to a tweet from Manta Network, the Manta Pacific chain encountered an RPC attack at approximately UTC 9 AM. Manta Network co-founder Kenny Li @superanonymousk updated on Twitter about the attack on Manta Network. He mentioned that Manta Network suffered a well-planned DDoS at 9:30 AM UTC, which was the beginning of their TGE event. attack. The RPC node encountered more than 135 million requests, indicating that this was a very intense and planned attack.

(https://twitter.com/superanonymousk/status/1747968680686993800)

HTX

On January 19, 2024, HTX posted on social media to remind users that its application is currently experiencing interruptions, and the technical team is working hard to solve the problem. Tron founder Justin Sun tweeted that Htx.com and HTX_DAO Suffered a DDoS attack.

(https://twitter.com/justinsuntron/status/1748319971837710471)

Concentric Finance

2024 年 1 月 22 日，基于 Camelot V3 协议构建的 DeFi 协议 Concentric Finance 遭攻击，损失约 170 万美元。Concentric Finance 官方在社交媒体上发文表示，持有其合约部署者walletA team member was subjected to a targeted social engineering attack. The attacker exploited the vulnerability to upgrade the vault, mint new LP tokens, and then deplete the platform assets.

(https://mirror.xyz/concentrictreasury.eth/duXXwBErblGw4CjbsA2JPoRAJqVNsDtiUsK4R6_vhD0)

GMEE

On January 23, 2024, the blockchain game platform GMEE tweeted that the GMEE token contract on Polygon was accessed by GitLab without authorization a few hours ago, resulting in the theft of 600 million GMEE tokens and a loss of approximately US$7 million. . The attacker then exchanged the tokens for Ethereum and MATIC. In the next few hours, the attacker exchanged stolen tokens through various DEXs, affecting variousexchangeGMEE token price.

(https://twitter.com/GAMEEToken/status/1749652962849464727)

NebXiaobai Navigationula Revelation

On January 25, 2024, the staking contract of the space-themed open world Web3 game Nebula Revelation suffered a re-entry attack. On January 28, Nebula Revelation announced the compensation plan. The team promised full compensation and decided to compensate users according to the price before the coins were stolen to ensure fairness.

(https://twitter.com/NBLGAME/status/1751580737768456594)

Somesing

On January 27, 2024, South Korea's Web3 social music service Somesing announced that the platform suffered a vulnerability attack last Saturday, resulting in the loss of 730 million native tokens SSX, approximately US$11.58 million. Somesing said: "It has been confirmed that this hacking incident has nothing to do with any member of the Somesing team. Considering the attack method, it may have been carried out by hackers who specialize in attacking virtual assets." The platform has reported the hacking incident to the National Police Agency is investigating and said it would notify Interpol.

Goledo Finance

On January 28, 2024, Goledo Finance, the Conflux ecological lending protocol, was attacked, resulting in a loss of 7.9 million CFX, approximately US$1.7 million. The Goledo team has completed a preliminary investigation into large loans in the lending pool and confirmed that the attack is related to flash loans.

(https://twitter.com/GoledoFinance/status/1751442740200517984)

Abracadabra Money

2024 年 1 月 31 日，DeFi 协议 Abracadabra Money (MIM_Spell) 遭攻击，损失约 650 万美元。随后 Abracadabra.Money (MIM_Spell) 在推特更新进展，表示其技术团队已找到漏洞原因，该漏洞针对特定 Cauldrons V3 和 V4，允许未经授权的 MIM 借用，目前已将这些 cauldrons 的借贷限额设置为零来缓解问题。团队表示 DAO 金库将为受影响的 650 万美元提供全额抵押，以确保安全运营。

(https://twitter.com/MIM_Spell/status/1752723973891059807)

Ripple

2024 年 1 月 31 日，据链上侦探 ZachXBT 披露，Ripple 遭黑客攻击，被steal取 2.13 亿枚 XRP，约合 1.125 亿美元。Ripple 联合创始人 Chris Larsen 发推称：「昨天，我的一些个人 XRP 账户（不是 @Ripple ）– 我们很快就发现了问题并通知exchangeFreeze affected addresses. Law enforcement has become involved. "

(https://twitter.com/chrislarsensf/status/1752702297971532258?s=20)

Summarize

Five DDoS attacks occurred this month. The project can deploy network monitoring tools to analyze traffic regularly and identify abnormal traffic and potential attacks in a timely manner. There were 17 Rug Pull incidents this month, accounting for approximately 30% of the number of security incidents this month, resulting in losses of approximately US$5.26 million. Users should fully understand the background and team of the project before participating in the project, and choose investment projects carefully; 3 lightning incidents occurred this month The loan attack resulted in a loss of approximately US$6.35 million. The SlowMist security team recommends that project parties remain vigilant and conduct regular security audits to track and resolve new security threats and vulnerabilities to maximize the security of projects and assets.

The article comes from the Internet:Web3 security incident inventory in January: total losses were approximately US$160 million

Related recommendations: Airdrops cause controversy: Starting from Starknet, review the historical airdrop events that triggered public opinion storms

From Arbitrum to SEI, every airdrop is accompanied by huge public opinion storms, and Starknet cannot avoid it. Written by: Web3 Insights The discussion about Starknet airdrops has not stopped throughout December 2023. On December 1st, Starknet officially announced…