This article is for analytical reference only and is not intended as financial investment advice.

1. Overview of hacking incidents in May

In recent years, with the booming development of the cryptocurrency market, related security risks have also increased, causing serious losses and troubles to investors.


According to statistics from the SlowMist Technology Platform (https://hacked.slowmist.io/), nearly 20 hacking incidents occurred in May 2024, with a total loss of approximately US$126 million, which is a huge loss.


Among them, the losses of three hacking incidents exceeded 10 million US dollars!#Gala Games lost $21.8 million due to private key leakage, Sonne Finance lost $20 million due to a flash loan attack, and a whale lost $70 million due to an address poisoning attack.

In these hacking incidents, the attack methods used include Rug Pull, address poisoning, security vulnerabilities, contract vulnerabilities, flash loan attacks, and private key leaks. Among them, contract vulnerabilities accounted for the highest proportion, which was 37%, followed by Rug Pull, which was 26%.

2. On-chain security risks

In order to help everyone better understand some of the security risks on the chain, this article will further analyze and explain through specific events.

Event 1: 1155 WBTC phishing incident

On May 3, a whale suffered an address poisoning attack, resulting in the loss of 1,155 #WBTC , worth about $70 million! The loss caused by this incident is shocking.

The victim's address in this incident is 0x1E227979f0b5BC691a70DEAed2e0F39a6F538FD5; its target transfer address is 0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91; the phishing address is 0xd9A1C3788D81257612E2581A6ea0aDa244853a91. We can see that excluding the first 4 bits and the last 6 bits after 0x, the rest is exactly the same as the victim's target transfer address!

Hackers will generate a large number of phishing addresses in advance, and after distributed deployment of batch programs, they will launch phishing attacks with the same first and last digits to the target transfer address based on the user dynamics on the chain.

After the user transferred the money, the hacker immediately used the phishing address that was collided with (about 3 minutes later) to follow up a transaction (the phishing address transferred 0ETH to the user's address). After this step, the phishing address appeared in the user's transaction record.

Because users are accustomed to copying recent transfer information from the wallet history, after seeing this trailing phishing transaction, they did not carefully check whether the address they copied was correct. As a result, 1,155 WBTC were mistakenly transferred to the phishing address!

In order to prevent similar things from happening, we must carefully check the address before performing any operation. We can also save the target address to the wallet's address book, and find the target address from the wallet's address book next time we transfer money. In addition, it is best to turn on the wallet's small amount filtering function to block such zero transfers and reduce the risk of phishing.

Of course, if the wallet you are using only displays the first 4 digits and the last 4 digits of the address by default, and you still insist on using this wallet, you can consider testing it with a small transfer first. If you are unfortunately caught, it will only be a minor injury.

Event 2: Pump.fun was attacked by a flash loan

Pump.fun is a memecoin generator based on Solana. On May 16, the project was attacked and lost about $1.9 million. The attacker then began to airdrop funds to some random wallets. Pump.fun issued a statement on Twitter saying that the attack was caused by a former employee who abused his privileges in the company, illegally obtained withdrawal permissions, obtained the private key of the "hacked account", and then carried out a flash loan attack with the help of the lending agreement.

It is reported that this former employee of Pump.fun has a wallet account that Pump uses to create the functional permissions for each BTC-Raydium trading pair. We call this a "hacked account", and all Bonding Curve LP pots created on Pump before reaching the Raydium standard are called "preliminary accounts".

Then the former employee borrowed a flash loan through Marginfi to fill all the pools that had been created but had not yet reached the state to be listed on Raydium. The original operation was to transfer the $Sol in these pools to the "hacked accounts" because they met the standards for listing on Raydium, but he withdrew the transferred $Sol at this time, resulting in the memecoins that were supposed to be listed on Raydium being unable to be listed on Raydium because the pools had no money.

The reason why this former employee has the private key of the "hacked account" is largely due to poor team management. Secondly, we can speculate that this behavior of filling the pool may be one of his previous jobs, just like when Friendtech V1 was launched last year, there were a large number of robots rushing to buy your Key in the first few days. This is probably the official one, in order to make a market for the Key and guide the initial heat. We can also make a bold guess that when Pump started the project, it asked this employee to be responsible for filling the pool of these coins with the project's own funds, in order to allow them to be listed on Raydium and then pull the market to create attention, but he didn't expect that he would become the key of the insider in the end.

Therefore, copycats must be careful not to just copy the surface and think that there will be transactions as soon as the product goes online. When engaging in mutual assistance, you must provide the initial impetus. At the same time, it is important to do a good job of authority management and pay attention to security.

Event 3: Gala Games hacked for the second time

Recently, the blockchain game Gala Games was attacked by hackers again, exposing serious security vulnerabilities. A hacker minted 5 billion tokens worth about 214 million US dollars through the platform's smart contract, causing the token price to plummet by 20%, causing huge losses to users and the platform.

The hacker quickly sold 592 million tokens through smart contracts and successfully exchanged 5,952 ETH, equivalent to 21.8 million US dollars. After that, the game team immediately took action to reduce the losses as quickly as possible, blacklisted the hacker's address, and froze the authority to sell more tokens.

The statement released expressed a commitment to security and transparency, and told all users that it is currently cooperating with relevant law enforcement agencies to further investigate the hackers.

Gala Games was hacked this time mainly because of a security vulnerability in its system, which allowed the attacker to obtain administrator-level privileges and directly manipulate the smart contract to perform any operation, allowing the hacker to arbitrarily mint token contracts. After the hack, the price of Gala dropped from $0.047 to $0.038, and then rose back to around $0.04.

The hacker attack reflects that the platform still faces security challenges in using smart contracts and needs to strengthen security measures.

3. Recent performance of Golden Dog

From the above content, we can see the severity of the current on-chain security risks. Although the risks exist, there are still some high-quality projects worthy of our attention, which can calm our excitement just now.

WOLF: Landwolf is the epitome of the alpha wolf, the leader of the wolf pack, an unstoppable force, and one of the characters in "The Boys Club". As of now, its ETH listing value is $54.3M, and its trading volume in the past 24 hours is $2.1M.

ANDY: Andy is one of PEPE's friends in the comic "Boys Club". Recently, the meme of PEPE-related animation has continued to heat up. As of now, the market value of the coin on ETH has reached $282.9M, and the transaction volume in the past 24 hours is $7.8M.

BRETT: A meme coin deployed in the Base ecosystem. Brett is also a character in the comic book "Boys Club". He is a frog who loves dancing, fashion and hats. The character resonates with fans around the world who appreciate his laid-back attitude and love for video games. As of now, the market value of the coin has reached $1.40B, and the transaction volume in the past 24 hours is $8.4M.

Basenji: It is a meme coin in the Base ecosystem. Its name comes from the African Basenji dog, which is one of the oldest dog breeds in the world and symbolizes its unique characteristics and qualities. The name just happens to contain "Base", which provides a perfect opportunity for a dog to become a Base dog. As of now, its market value is $53.3M, and its trading volume in the past 24 hours has reached $3.4M.

GME: Reddit platform shows that the YouTube anchor "Roaring Kitty", who once helped drive the stock price of GameStop soared, posted on the platform on June 3. This is his first post in three years. The content shows that he has a $65 million GameStop stock call option with an exercise price of $21 and an expiration date of June 21. As of now, the market value of GME on the Sol ecosystem is $86M, and the transaction volume in the past 24 hours has reached $15.8M.

MOTHER: It was launched by Australian rapper and model Iggy Azalea. Since its release, Mother Iggy has risen by more than 350%. As of now, the market value of the coin has reached $217.4M, and the trading volume in the past 24 hours is $64M.

BEER: The BeerCoin ecosystem launched its native token BEER on the Solana blockchain. Although it suffered a sharp drop in its debut, it quickly showed strong rebound momentum. As of now, the market value of the coin is $428.8M, and the transaction volume in the past 24 hours has reached $36.3M.

We will update some "Golden Dog" projects every week. If you see any projects you want to discuss, you can leave a message or follow @yiyun_dan1 to give us feedback.

END

References for this article:

https://www.chaincatcher.com/article/2123449

https://www.chaincatcher.com/article/2124697

https://www.qklw.com/news/20240521/369168.html