In brief ⚡
Cross-Chain Protocol Socket Faces $3.3 Million Exploit, Pauses Contracts Amid Security Breach.
BasketDAO DeFi Protocol Hacked for $107K Due to Smart Contract Vulnerability; Users Warned of Phishing Threats and Advised Contract Revoke
RugPull Tokens of the week
LongNoseDog Token - BNB Chain
Poldo Token - BNB Chain
Cronus Token - BNB Chain
Hacks and Scams⚠️
Socket Protocol
Amount of Loss: ~ $3.3M
Analysis
Cross-chain protocol Socket experienced a security incident resulting in the exploitation of contracts, with $3.3 million drained, as reported in a Jan. 16 social media post from the team.
The incident impacted wallets with infinite approvals to Socket contracts, prompting the team to identify and pause affected contracts.
Socket, a cross-chain infrastructure protocol, is widely used by various Web3 apps, including Synthetix, Lyra, Kwenta, Superform, Plasma Finance, and Level Finance.
Blockchain analyst Spreekaway reported the exploit, indicating that the attacker used a token approval from an Ethereum address ending in 97a5.
Phishing scammers took advantage of the situation, with a fake Socket account posting a link to a malicious app in response to Socket's official post, attempting to exploit users amid the chaos. Users were urged to revoke approvals using another malicious app provided by the fake account.
Basket DAO
Amount of Loss: ~ $107k
Analysis
DeFi protocol BasketDAOOrg hacked on Jan 17 for over $107K due to a vulnerability in its smartcontract.
Attack involved an arbitrary low-level call exploit stemming from a bug in the contract's approval process.
In March 2022, similar vulnerabilities in the same contract and another (0x01A903c12A2Dd87A5410173A29543504DF8bD14B) caused fund losses.
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Tweets
GitHub Repos
Articles
EVM & Yul programming course. Part V - Interacting with smart contracts.
Unit 9: Options, swaps, futures, MBSs, CDOs, and other derivatives
Yesterday's complete hack of Wise Lending was far more complex than reported. Very worth examining.
Web3 Community Spotlight🔦
Developer Research🔦
QuillAudits is building out the future at the intersection of AI and Web3 security with its automated audit security tool QuillAI.
We would really appreciate it if you could spare a few moments of your time to fill out a survey to help us understand your true pain points when it comes to smart contract security.
Thanks for reading HashingBits! Share a summary of our newsletter on your social media platforms, tag us, and use the #AwareToEarn hashtag, and you could win 10 USDT as a reward! Help us build a safer Web3 ecosystem and have a chance to earn rewards and support our work.