In this week’s digest, Verichains demonstrate how we have helped our client Multichain in securing their platform through our Security Advisory service.

The DeFi market hemorrhaged another USD 9 million last week in recent hacks with SafeMoon in the spotlight.

Verichains Security Advisory

Multichain is an infrastructure developed for arbitrary cross-chain interactions. Born as Anyswap on the 20th July 2020 to service the clear needs of different and diverse blockchains to communicate with each other.

In December 2022 while Verichains was conducting extensive research into threshold ECDSA security. We discovered a specific vulnerability in Multichain’s fastMPC implementation and immediately contacted their team with a Proof-of-Concept ready for their reference.

The vulnerability allows a single malicious party to recover the TSS private key of a TSS group, reducing a t/n threshold scheme to 1/n. The attacker only needs to participate in 1 signing ceremony to do so. All Multichain mainnet and testnet smpc nodes, using version 7.2.5 and 7.2.6 respectively, were at risk.

Through our joint efforts, Multichain was able to quickly patch the vulnerability before any exploitation could happen.

Zhaojun @zhaojun_sh

Great report from Multichain audit partner @Verichains It makes MPC + TSS more secure, all funds are SAFE.

Verichains @Verichains

Verichains has released a new security advisory VSA-2022-120, exposing a key extraction vulnerability in Multichain's fastMPC. Kudos to @MultichainOrg for the swift response and bug bounty. Keep an eye out for upcoming advisories on critical attacks https://t.co/uBR3iTxAcT… https://t.co/KtS6JFACkV

3:54 AM ∙ Mar 28, 2023

---

15Likes8Retweets

This case study underscores the value and protection afforded to our clients through our Security Advisory service. We express our gratitude to the Multichain team for their prompt efforts in addressing the bug as well as the bounty rewarded.

Read the full Security Advisory here:

Verichains

[VSA-2022-120] Multichain: Key Extraction Vulnerability in fastMPC's Secure Multi-Party Client (smpc)

Since October 2022, Verichains has been conducting extensive research on threshold ECDSA security. Our research has led us to discover new key extraction attacks that affect nearly all implementations of the Threshold Signature Scheme (TSS), including popular open-source TSS libraries, despite having undergone multiple security audits. Verichains plans …

Read more

6 months ago · 1 like · Verichains and Thanh Nguyen

Last Week’s Incidents

🚨Project: SafeMoon
⛓️Chain: BSC
💥Type: Access Control
💸Loss amount: $8.9 million

Last week kicked off with the second-largest hack this year (so far) with SafeMoon, a DeFi project hacked for $8.9 million due to an access control vulnerability in the burn() function of the SFM token contract. A malicious actor took advantage of this vulnerability by burning a large number of SFM tokens, causing a sudden surge in the price of SFM tokens. After that, the attacker swapped the SFM tokens for their WBNB equivalent and withdrew a substantial amount of tokens, leading to significant losses for SafeMoon users.

It's also worth noting that the transaction was intercepted and executed by the 0x286e MEV bot. MEV stands for "Maximal Extractable Value," and it refers to the amount of value that can be extracted from a blockchain transaction by miners or other actors. MEV bots are automated tools that seek to maximize this value by executing transactions in a way that maximizes their profits.

Overall, this incident highlights the importance of strong access control mechanisms in smart contracts and the need for constant vigilance in the rapidly-evolving world of blockchain.

🚨Project: Allbridge
⛓️Chain: BSC
💥Type: Price Manipulation
💸Loss amount: $570,000

A project called Allbridge was hacked for over half a million dollars due to price manipulation. The attacker acted as both LP and swapper, allowing them to control the pool and manipulate the swap price. Consequently, the attacker executed trades and drained the pool, resulting in a loss of 282,889 BUSD and 290,868 USDT. At the time of writing, the attacker had agreed to return 1500 BNB tokens (approximately $465,000), keeping the difference as a white hat bounty, a happy ending.

🚨Project: Polar Bear
⛓️Chain: BSC
💥Type: Backdoor
💸Loss amount: $110,000

In an incident that may raise a few eyebrows, a project called Polar Bear was hacked for $110,000 due to a backdoor in the Nuwa contract 0x344, which was not publicly available. The function 0xfa319eee was found to be the culprit, allowing for the swapping of $BUSD for $NUWA and the transfer of all $NUWA in the contract to the caller. During the execution of the transaction, the 0x286E Mev bot front-ran the transaction, resulting in the original transaction being reversed. After the reversal, the 0x286E bot sold the $NUWA for a profit of approximately $110k.

🚨Project: $UNMS
⛓️Chain: BSC
💥Type: Flashloan Attack
💸Loss amount: $100,000

A token called $UNMS suffered a $100,000 flashloan attack last week. The attacker leveraged a flash loan to borrow a substantial amount of $BUSD and modify the ratio between $BUSD and $UNMS in the pair. This alteration enabled the attacker to withdraw a significant amount of $UNMS from the contract, which they later sold for $100K. The use of flash loans in this attack allowed the attacker to perform a large-scale manipulation of the liquidity pool in a short amount of time.