Overview
According to the SlowMist Blockchain Hacked Archives (https://hacked.slowmist.io), there were 37 security incidents in July 2024, with a total loss of approximately $279 million, of which $8.76 million was returned. The causes of the security incidents this month involved contract vulnerabilities, account hacking, running away, and domain name hijacking.
Main Events
Bitten Sensor
On July 2, 2024, the decentralized AI project Bittensor was attacked, and some Bittensor wallet users were stolen. The attacker stole about 32,000 TAO, which is about 8 million US dollars according to the market value. On-chain detective ZachXBT believed that the attack may have been caused by a private key leak, but Bittensor later said that the affected users were actually attacked because a malicious Bittensor package was uploaded to Python's PyPi package manager.
Authy
On July 5, 2024, SlowMist Chief Information Security Officer 23pds tweeted that the 2FA service Authy was attacked, resulting in the theft of 33 million users' phone numbers. The official developer Twilio has confirmed the vulnerability. A large number of Web3 users use this 2FA software, so please pay attention to asset security.
(https://x.com/im23pds/status/1809047195750183257)
Doja Cat
On July 8, 2024, rapper Doja Cat's X account was hacked and the attacker used her account to post tweets promoting memecoin. Doja Cat later posted on her Instagram that her X account had been hacked.
Compound
On July 11, 2024, Compound DAO security consultant Michael Lewellen tweeted that the Compound Finance official website had been hacked and was currently hosting a phishing website.
(https://x.com/LewellenMichael/status/1811303839888261530)
LI.FI
On July 16, 2024, according to the monitoring of the SlowMist security team, the cross-chain bridge aggregation protocol LI.FI had suspicious transactions, resulting in user losses of more than $10 million. On July 18, LI.FI released a security incident report stating that the vulnerability originated from a problem in verifying transactions. The problem was related to the way the protocol interacted with the shared LibSwap code base used by multiple decentralized exchanges and other DeFi protocols. The reason was a personal human error in the process of supervising deployment. An estimated 153 wallets were affected, with losses of approximately $11.6 million worth of USDC, USDT, and DAI stablecoins.
(https://x.com/SlowMist_Team/status/1813195343057866972)
WazirX
On July 18, 2024, Indian cryptocurrency exchange WazirX released preliminary findings of a cyber attack on X, stating that a security vulnerability occurred in one of its multi-signature wallets, resulting in losses of more than $230 million (approximately 45% of customer funds).
(https://x.com/WazirXIndia/status/1813843289940058446)
Rho Markets
On July 19, 2024, the lending protocol Rho Markets was arbitraged by a MEV Bot for 2,203 ETH, about $7.6 million, due to an oracle configuration error. On the same day, according to the on-chain detective ZachBXT, the owner of the MEV Bot called out to the Rho Markets team on the chain, saying that the incident was their MEV robot profiting from the configuration error of the Rho Markets price oracle, and was willing to return it in full.
(https://scrollscan.com/tx/0xd9c2e4f0364b13ada759f2dd56b65f5025e70cce4373e7c57ac31bf5226023e0)
Casper Network
On July 26, 2024, Casper Network was attacked, and Casper Network subsequently tweeted that in order to minimize the impact of this security vulnerability, it has cooperated with the validator to suspend the network until this security vulnerability is patched. According to the preliminary report on the security incident released by Casper Network on July 31, 13 wallets were affected in this incident, and the total amount of illegal transactions was approximately US$6.7 million. Casper Network discovered that the attacker exploited a vulnerability that allowed the contract installer to bypass the access permission check for uref, allowing them to grant the contract access to uref-based resources.
(https://x.com/Casper_Network/status/1817145818631098388)
Earth
On July 31, 2024, the Terra chain was attacked. The attacker exploited a known vulnerability related to the third-party module IBC hooks to mint several tokens on the Terra chain, resulting in losses of $5.28 million. The Terra team has taken emergency measures to prevent further losses and coordinated validators to apply patches to fix the vulnerability. According to Zaki Manian, co-founder of Sommelier Finance, although the vulnerability was fixed in the Cosmos ecosystem in April, Terra did not include this patch in the June upgrade, causing the vulnerability to be exposed and exploited again.
(https://x.com/terra_money/status/1818498438759411964)
On the same day, the decentralized trading protocol Astroport released a security incident update on X: the attacker's ASTRO on Neutron has been seized in the Astroport Treasury; the attacker's Terra address has been blacklisted and cannot make any transactions; the IBC Hook vulnerability has been fixed; the official will continue to work closely with the Terra team to find a solution.
Summarize
Data security issues have returned to our attention this month. On July 1, according to Protos, the crypto-friendly bank Evolve Bank & Trust recently admitted that about 33 TB of user data was stolen a month ago. Such security incidents may lead to identity theft, account hacking, financial losses and other consequences. The SlowMist security team reminds users to beware of phishing attacks, update passwords regularly, and avoid using the same password on multiple platforms.
With the craze of memecoin, hacking incidents of project owners/celebrity accounts have occurred frequently. Attackers use the influence of project owners/celebrity to steal X accounts and then post tweets containing phishing links or promote certain tokens. Please pay attention to identification and invest with caution. We have explained how to improve the security of X accounts in SlowMist: X Account Security Troubleshooting and Reinforcement Guide. Click the link to jump to read.
There have been many domain name hijacking incidents recently. Project owners can take the following measures to prevent domain name hijacking and ensure the security of websites and users:
Choose a reliable domain name registrar to reduce the risk of domain name hijacking;
Regularly check and monitor the status of domain names, DNS settings and other related configurations;
Ensure that relevant personnel understand the risks and preventive measures of domain name hijacking, master the ability to identify common phishing and social engineering attacks, and prevent the leakage of sensitive information;
Develop an emergency response plan so that you can react quickly and control the scope of impact when a domain name is hijacked.
Finally, the events included in this article are the main security events of this month. More blockchain security events can be viewed in the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io/). Click to read the original text to jump directly.