7 月 Web3 安全事件盘点：总损失约 2.79 亿美元

链捕手ChainCatcher · 2024-08-01T15:05:21.000Z

作者：慢雾安全团队概览据慢雾区块链被黑档案库 (https://hacked.slowmist.io) 统计，2024 年 7 月，共发生安全事件 37 起，总损失约 2.79 亿美元，其中有 876 万美元得到返还。本月安全事件的原因涉及合约漏洞、账号被黑、跑路和域名劫持等。主要事件 Bittensor 2024 年 7 月 2 日，去中心化 AI 项目 Bittensor 遭攻击，一些 Bittensor 钱包用户被盗，攻击者盗走约 3.2 万个 TAO，按市值计算约为 800 万美元。链上侦探 ZachXBT 认为此次攻击可能是由于私钥泄露导致的，但 Bittensor 后来称受影响的用户实际上是因为一个恶意的 Bittensor 软件包被上传到 Python 的 PyPi 软件包管理器而受到攻击。 Authy 2024 年 7 月 5 日，慢雾首席信息安全官 23pds 发推表示，2FA 服务 Authy 遭攻击，导致 3300 万用户的电话号码被盗。官方开发者 Twilio 已确认该漏洞，有大量 Web3 用户使用这款 2FA 软件，请注意资产安全。 (https://x.com/im23pds/status/1809047195750183257) Doja Cat 2024 年 7 月 8 日，饶舌歌手 Doja Cat 的 X 账号被盗，攻击者使用她的账号发布推广 memecoin 的推文。Doja Cat 随后在她的 Instagram 上发帖表示，她的 X 账号被盗。 Compound 2024 年 7 月 11 日，Compound DAO 安全顾问 Michael Lewellen 发推表示，Compound Finance 官网被攻击，当前正在托管一个钓鱼网站。 (https://x.com/LewellenMichael/status/1811303839888261530) LI.FI 2024 年 7 月 16 日，据慢雾安全团队监测，跨链桥聚合协议 LI.FI 发生可疑交易，导致用户损失超过 1000 万美元。7 月 18 日，LI.FI 发布安全事件报告表示，该漏洞源于验证交易时出现的问题，该问题跟协议与多个去中心化交易所和其他 DeFi 协议使用的共享 LibSwap 代码库的交互方式有关，原因是在监督部署过程中出现个人人为错误。估计有 153 个钱包受到影响，损失价值约 1160 万美元的 USDC、USDT 和 DAI 稳定币。 (https://x.com/SlowMist_Team/status/1813195343057866972) WazirX 2024 年 7 月 18 日，印度加密货币交易所 WazirX 在 X 上发布网络攻击的初步调查结果，称其一个多重签名钱包出现了安全漏洞，导致损失超过 2.3 亿美元（约占客户资金的 45%）。 (https://x.com/WazirXIndia/status/1813843289940058446) Rho Markets 2024 年 7 月 19 日，借贷协议 Rho Markets 由于预言机配置错误被某 MEV Bot 套利 2203 ETH，约 760 万美元。同日，据链上侦探 ZachBXT 监测，该 MEV Bot 所有者于链上喊话 Rho Markets 团队，表示该事件是他们的 MEV 机器人通过 Rho Markets 价格预言机的配置错误获利，并愿意全数返还。 (https://scrollscan.com/tx/0xd9c2e4f0364b13ada759f2dd56b65f5025e70cce4373e7c57ac31bf5226023e0) Casper Network 2024 年 7 月 26 日，Casper Network 遭攻击，随后 Casper Network 发推表示，为了尽量减少此安全漏洞的影响，已与验证者合作暂停网络，直到此安全漏洞得到修补。根据 7 月 31 日 Casper Network 发布的安全事件初步报告，此事件中有 13 个钱包受到影响，非法交易总额约为 670 万美元。Casper Network 发现攻击者利用了一个允许合约安装者绕过对 uref 的访问权限检查的漏洞，从而使他们能够授予合约对基于 uref 的资源的访问权。 (https://x.com/Casper_Network/status/1817145818631098388) Terra 2024 年 7 月 31 日，Terra 链遭攻击，攻击者利用与第三方模块 IBC hooks 相关的已知漏洞在 Terra 链上铸造了数种代币，导致的损失已达 528 万美元。Terra 团队已采取紧急措施防止进一步损失，并协调验证者应用补丁以修复漏洞。据 Sommelier Finance 联合创始人 Zaki Manian 称，尽管该漏洞在 4 月已在 Cosmos 生态系统中修复，但 Terra 在 6 月的升级中未包含此补丁，导致漏洞再次暴露并被利用。 (https://x.com/terra_money/status/1818498438759411964) 同日，去中心化交易协议 Astroport 于 X 发布安全事件更新：攻击者在 Neutron 上的 ASTRO 已被扣押在 Astroport Treasury 中；攻击者的 Terra 地址已被列入黑名单，无法进行任何交易；IBC Hook 漏洞已被修复；官方将继续与 Terra 团队密切合作，寻求解决方案。总结本月数据安全问题又回到我们的视线，7 月 1 日，据 Protos 报道，加密友好银行 Evolve Bank & Trust 近日承认，在一个月前发现有约 33 TB 用户数据被盗。这类安全事件可能导致身份盗用、账户被黑、资金损失等后果，慢雾安全团队提醒广大用户谨防钓鱼攻击，定期更新密码，并避免在多个平台使用相同的密码。随着 memecoin 的热潮，项目方 / 名人账号被黑事件频发，攻击者利用项目方 / 名人的影响力，盗取 X 账号后发布含有钓鱼链接的推文或推广某代币，请广大用户注意识别，谨慎投资，我们在慢雾：X 账号安全排查加固指南中讲解了如何提高 X 账号安全性，点击链接可跳转阅读。近期发生了多起域名劫持事件，项目方可采取以下措施来防范域名劫持，确保网站和用户的安全：选择可靠的域名注册商，降低域名劫持的风险；定期检查和监控域名的状态、DNS 设置和其他相关配置；确保相关人员了解域名劫持的风险及防范措施，掌握识别常见的钓鱼手段和社会工程攻击的能力，防止泄露敏感信息；制定应急响应计划，以便在域名被劫持时能够快速反应，控制影响范围。

Author: SlowMist Security Team
 
Overview
According to the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io), there were 37 security incidents in July 2024, with a total loss of approximately US$279 million, of which US$8.76 million was returned. The causes of the security incidents this month involved contract vulnerabilities, account hacking, running away, and domain name hijacking.
Main Events
Bitten Sensor
On July 2, 2024, the decentralized AI project Bittensor was attacked, and some Bittensor wallet users were stolen. The attacker stole about 32,000 TAO, which is about 8 million US dollars according to the market value. On-chain detective ZachXBT believed that the attack may have been caused by a private key leak, but Bittensor later said that the affected users were actually attacked because a malicious Bittensor package was uploaded to Python's PyPi package manager.
Authy
On July 5, 2024, SlowMist Chief Information Security Officer 23pds tweeted that the 2FA service Authy was attacked, resulting in the theft of 33 million users' phone numbers. The official developer Twilio has confirmed the vulnerability. A large number of Web3 users use this 2FA software, so please pay attention to asset security.
(https://x.com/im23pds/status/1809047195750183257)
Doja Cat
On July 8, 2024, rapper Doja Cat's X account was hacked and the attacker used her account to post tweets promoting memecoin. Doja Cat later posted on her Instagram that her X account had been hacked.
Compound
On July 11, 2024, Compound DAO security consultant Michael Lewellen tweeted that the Compound Finance official website had been hacked and was currently hosting a phishing website.
(https://x.com/LewellenMichael/status/1811303839888261530)
LI.FI
On July 16, 2024, according to the monitoring of the SlowMist security team, the cross-chain bridge aggregation protocol LI.FI had suspicious transactions, resulting in user losses of more than $10 million. On July 18, LI.FI released a security incident report stating that the vulnerability originated from a problem in verifying transactions. The problem was related to the way the protocol interacted with the shared LibSwap code base used by multiple decentralized exchanges and other DeFi protocols. The reason was a personal human error in the process of supervising deployment. An estimated 153 wallets were affected, with losses of approximately $11.6 million worth of USDC, USDT, and DAI stablecoins.
(https://x.com/SlowMist_Team/status/1813195343057866972)
WazirX
On July 18, 2024, Indian cryptocurrency exchange WazirX released preliminary findings of a cyber attack on X, stating that a security vulnerability occurred in one of its multi-signature wallets, resulting in losses of more than $230 million (approximately 45% of customer funds).
(https://x.com/WazirXIndia/status/1813843289940058446)
Rho Markets
On July 19, 2024, the lending protocol Rho Markets was arbitraged by a MEV Bot for 2,203 ETH, about $7.6 million, due to an oracle configuration error. On the same day, according to the on-chain detective ZachBXT, the owner of the MEV Bot called out to the Rho Markets team on the chain, saying that the incident was their MEV robot profiting from the configuration error of the Rho Markets price oracle, and was willing to return it in full.
(https://scrollscan.com/tx/0xd9c2e4f0364b13ada759f2dd56b65f5025e70cce4373e7c57ac31bf5226023e0)
Casper Network
On July 26, 2024, Casper Network was attacked, and Casper Network subsequently tweeted that in order to minimize the impact of this security vulnerability, it has cooperated with the validator to suspend the network until this security vulnerability is patched. According to the preliminary report on the security incident released by Casper Network on July 31, 13 wallets were affected in this incident, and the total amount of illegal transactions was approximately US$6.7 million. Casper Network discovered that the attacker exploited a vulnerability that allowed the contract installer to bypass the access permission check for uref, allowing them to grant the contract access to uref-based resources.
(https://x.com/Casper_Network/status/1817145818631098388)
Earth
On July 31, 2024, the Terra chain was attacked. The attacker exploited a known vulnerability related to the third-party module IBC hooks to mint several tokens on the Terra chain, resulting in losses of $5.28 million. The Terra team has taken emergency measures to prevent further losses and coordinated validators to apply patches to fix the vulnerability. According to Zaki Manian, co-founder of Sommelier Finance, although the vulnerability was fixed in the Cosmos ecosystem in April, Terra did not include this patch in the June upgrade, causing the vulnerability to be exposed and exploited again.
(https://x.com/terra_money/status/1818498438759411964)
On the same day, the decentralized trading protocol Astroport released a security incident update on X: the attacker's ASTRO on Neutron has been seized in the Astroport Treasury; the attacker's Terra address has been blacklisted and cannot make any transactions; the IBC Hook vulnerability has been fixed; the official will continue to work closely with the Terra team to find a solution.
Summarize
Data security issues have returned to our attention this month. On July 1, according to Protos, the crypto-friendly bank Evolve Bank & Trust recently admitted that about 33 TB of user data was stolen a month ago. Such security incidents may lead to identity theft, account hacking, financial losses and other consequences. The SlowMist security team reminds users to beware of phishing attacks, update passwords regularly, and avoid using the same password on multiple platforms.
With the craze of memecoin, hacking incidents of project owners/celebrity accounts have occurred frequently. Attackers use the influence of project owners/celebrity to steal X accounts and then post tweets containing phishing links or promote certain tokens. Please pay attention to identification and invest with caution. We have explained how to improve the security of X accounts in SlowMist: X Account Security Troubleshooting and Reinforcement Guide. Click the link to jump to read.
There have been many domain name hijacking incidents recently. Project owners can take the following measures to prevent domain name hijacking and ensure the security of websites and users:
Choose a reliable domain name registrar to reduce the risk of domain name hijacking;
Regularly check and monitor the status of domain names, DNS settings and other related configurations;
Ensure that relevant personnel understand the risks and preventive measures of domain name hijacking, master the ability to identify common phishing and social engineering attacks, and prevent the leakage of sensitive information;
Develop an emergency response plan so that you can react quickly and control the scope of impact when a domain name is hijacked.

Explore More From Creator

Latest News

Explore More From Creator

Latest News

Trending Articles