In brief⚡
ArbiSwap on Arbitrum loses ~$137000 to a rug pull scam.
Contract vulnerability cost My Algo a loss of ~$9.2 million.
Launch Zone lost ~$0.7M to exploiters due to the exposure in their smart contracts.
Hackers exploited SwapX for ~$1 million.
DungeonSwap lost $0.728M to an exploit.
Hacks and Scams⚠️
ArbiSwap
Amount of Loss: ~ $137000
Analysis
Before Rug Pull, ArbiSwap deployers created 1 trillion ARBI, which they later converted into USDC, causing an abrupt decline in ARBI in the USDC/ARBI transaction pair.
The robot passed USDC to ARBI in the following block, then traded ETH for spatial arbitrage, earning 68.47 ETH.
ArbiSwap sent 84 ETH to TornadoCash🌪️ after sending them to the Ethereum mainnet.
My Algo
Amount of Loss: ~ $9.2M
Analysis
Ecological wallet by Algorand MyAlgo tweeted a reminder that the hack happened more than a week ago, and nothing else has happened since then.
The attacked users used mnemonic wallets with browser-stored keys and had sizable balances on their accounts.
ZachXBT, an on-chain data analyst, tweeted: "Over $9.2 million in assets (19.5 million ALGOs, 3.5 million USDCs, etc.) may have been stolen on Algorand due to the attack on MyAlgo, Algorand's ecological wallet, from February 19 to 21. ChangeNow reported that they had been successful in freezing $1.5 million.
Launch Zone
Amount of Loss: ~ $700000
Analysis
On the BNB Chain, the Launch Zone was insecure. $700000 was lost due to a smart contracts vulnerability.
The liquidity pool of the DeFi project LaunchZone suddenly lost 80% of its funds, and the price of LZ tokens dropped from its previous value of about US$0.15 to US$0.026.
SwapX
Amount of Loss: ~ $1M
Analysis
Due to a lack of access control, the SwapX Project was exploited on the BNB Chain on February 27th, 2023.
A total of $1 million was lost when the attacker used the flaw to manipulate the price of the DND tokens.
The victim contract does not implement proper access control in the
0x4f1f05bc
function, making it easy for the attacker to transfer user tokens approved for this contract.First, the attacker exchanged 0.0581 BNB for 1,000,000 DND tokens. The attacker then called the victim's contract's
0x4f1f05bc
function numerous times and converted other users' (who had approved the contract) BUSD into DND.
DungeonSwap
Amount of Loss: ~ $728,000
Analysis
On BSC, DND Token (DungeonSwap Token) was abused. The startup money was provided by TornadoCash. The address
0xbaca
still contains all of the illicit funds.The DND token contract approval recipients' BUSD was stolen by the exploiter
0xbaca2500b0f3009b420a7592b1485e7ba419d76
, who later transferred the profits to 1,375 + 567 BNB.The DND token contract approval recipients' BUSD was stolen by the exploiter
0xbaca2500b0f3009b420a7592b1485e7ba419d76
, who later transferred the profits to 1,375 + 567 BNB.The exploit was used several times, yielding a profit of more than 2400 BNB. It appears that the attacker is sending money to FixedFloat continuously.
Explore the Depths of Knowledge: Research Papers & Blogs🔖
Decentralized borrowing and lending protocols must be secure, which is crucial. Before being made public, protocols must be thoroughly audited; failing to do so could have serious repercussions. A hacker could exploit your protocol without adequate security and take everything from you.
Due to a lack of access control, the SwapX Project was exploited on the BNB Chain on February 27th, 2023. A total of $1 million in user money was lost when the attacker used the flaw to manipulate the price of the DND tokens. An unreliable contract was the main source of the exploit.
Tune in to Engaging Twitter Spaces & Webinars! 🎙️
Web3 Community Spotlight🔦
The report includes a thorough analysis of the security issues that Web3 projects dealt with and offers helpful suggestions for businesses and individuals to strengthen their security posture. This information will be an invaluable resource for stakeholders and is also the first to provide a yearly overview of the security landscape of Web3 with practical insights.
The new CTF Challenge Donate went Live!
Innovations Unleashed🚀
QuillAcademy went live!
QuillAcademy is a one-stop platform for anyone interested in Web3 Cybersecurity. No matter if you want to learn it from scratch with our courses, hone your skills with our challenges, or get your hands dirty with real projects.