Verichains Weekly Security Digest | February 2023 Week 2
Week 2 of February 2023 saw four notable attacks with losses totaling over $10 million, here’s your weekly digest.
💥Type: Logic Flaw
💸Loss amount: $8.5 million
The protocol was hacked due to a flaw in the USP solvency check mechanism, allowing the attacker to exploit a logic error and steal funds. However, the attacker forgot to code a way to collect the stolen funds. @Platypusdefi recovered the 2.4 million USDC due to a mistake made by the attacker.
💥Type: Arbitrary External Call Vulnerability
💸Loss amount:$1.5 million
A new contract in the Dexible project unintentionally allows for the execution of malicious codes. As a result of this vulnerability, an attacker was able to gain unauthorized access and steal tokens from users who had previously approved this contract. All operations and impacted contracts have been paused.
💥Type: Price Manipulation
💸Loss amount: $12,000
A StarlinkCoin contract on the BNBChain was attacked via a flashloan resulting in a loss of 38 BNB (approximately $12,000). The attacker exploited a fee incurred by the transfer function by using the "skim" method to directly transfer funds to the LP contract, which caused a change in the token proportion in the trading pair contract. The attacker then exchanged the tokens for a profit and left the contract.
🚨Project: DegenMillionairesClub (DMC) token
💥Type: Implementation Error
💸Loss amount: N/A
The attack was caused by a mistake in implementing the mintFromStaking function. This allowed anyone to create and add tokens to specific accounts, including the PancakeSwap pair. The attacker exploited this by generating a significant number of tokens and exchanging them for WBNB to make a profit.
The cost of a hack will most likely be larger than any security spending. We encourage you to strengthen your project by implementing #security best practices and collaborating with a security partner like Verichains for your project.
Since 2017, Verichains has been a pioneer and leading blockchain security firm in APAC, with extensive expertise in security, cryptography and core blockchain technology. More than 200 clients trust us with $50 billion in assets under protection, including several high-profile clients such as BNB Chain, Klaytn, Wemix, Multichain, Line Corp, Axie Infinity, Ronin Network, and Kyber Network.
Our world-class security and cryptography research team have found several vulnerabilities in layer-1 protocol, crypto library, bridge, and smart contracts. We are also proud to be the firm that helped to investigate, root cause analysis, and fix security issues in the two largest global crypto hacks: BNB Chain Bridge and Ronin Bridge (Sky Mavis).
With the in-depth research and development of blockchain technology, Verichains provides blockchain security services such as blockchain protocol and smart contract security audit, mobile application protection, key management solution, on-chain risk monitoring, and red team/penetration testing services.
Thanks for reading Verichains! Subscribe for free to receive new posts and support my work.