Events Under the Spotlight 🔎
BiFi Finance Hack
BiFi issues and uses an address for each user who deposits BTC.
The deposit addresses are signed and delivered to the address issuing server, and the addresses are reflected on BiFi only in the case when the signature is verified.
In the attack, the server key of the address issuing server was exposed, and the attacker could self-sign their deposit address.
Since the attacker could generate a valid signature on the deposit address, BiFi mistakenly recognized the attacker’s BTC transfer as a BTC deposit into BiFi.
As a result, the attacker could borrow 1,852 ETH (~$2.25M) with a fake deposit.
OMNI Hit By Re-Entrancy Exploit
Omni, a non-fungible token (NFT) money market platform, drained about 1,300 ETH ($1.43 million) in a flash loan reentrancy attack.
After acquiring a loan and receiving the crypto, the hackers withdrew some of their NFTs, leaving the loan without sufficient collateral.
This state triggered a callback that returned the remaining NFTs to the hackers, leaving them with ownership of the loaned crypto.
Citizen Finance fell for ~$90,000
Citizen Finance is a multi-chain NFT protocol.
It is suspected of suffering an exploit.
Token CIFI has fallen by more than 50%, and 244 BNB and 57,600 MATIC have been stolen.
Freeway blockchain bridge service provider Coffe was compromised
Freeway’s blockchain bridging service provider Coffe was attacked.
A large number of FWT tokens were removed from Coffe’s bridging wallet and were subsequently sold.
There was no damage to the Freeway platform, nor was the Supercharger affected.
SpaceGodzilla was attacked
SpaceGodzilla was attacked by price manipulation and lost approximately 25,379 USDT.
The attacker first borrowed many flash loans from different platforms (e.g., venus) and then swapped the borrowed USDT for the SpaceGodzilla token to inflate its price.
Uniswap V3 LPs Lose Millions in Fake Token Phishing Attack
Uniswap liquidity providers (LPs) have suffered a phishing attack lasting around eight hours.
It was a fake token phishing attack in which 73,399 addresses received malicious ERC-20 tokens from where the hacker stole the funds and laundered them through Tornado Cash.
To the Numerophiles out there 🔢
Celsius Network: crypto firm reveals a $1.2bn deficit in the bankruptcy filing.
Versus Series🛡️
Layer 1 solution VS Layer 2 solution
Stay updated with the latest happenings in the blockchain world; join our Discord community here🤝.