Blockchain Incident loss arising $3M in October 2023

Here is a summary of blockchain incidents for October 2023.

  1. Galxe Frontend UI under attack
    https://twitter.com/Galxe/status/1710305141016944654
    On October 6, 2023 9:44 PM (UTC+7) Galxe made an announcement about the website being down for preparing fix the issue and alert to user don’t connect wallet/sign any transaction on frontend UI, this situation is the same on the balancer frontend attack. this incident has placed malicious contract code on the frontend and attacked users when they interact their web3 wallet to drain funds, this incident is affecting around ~$150k loss arising
  2. Stars Arena Exploit
    https://twitter.com/starsarenacom/status/1710540444075978846
    On October 7, 2023 1:19 PM (UTC+7) Stars Areana alerted a community about a major security breach with a smart contract, approximately 266,104 AVAX drained and then on October 12, 2023 2:43 PM exploiter has returned 239,493 AVAX back to Stars Arena, this incident is affecting around ~$315k (Exploiter return funds back and get 10% bounty fee)
  3. Fantom Foundation wallet drained
    https://twitter.com/FantomFDN/status/1714337765502992798
    On October 18, 2023 12:49 PM (UTC+7) Fantom Foundation announced that Fantom Foundation wallet was compromised, CertiK reported 2 wallets has loss arising around ~$470k on FTM, ~$187 k on ETH (https://twitter.com/CertiKAlert/status/1714289040873418763) this incident is affecting around ~$657k loss arising
  4. HopeLend Protocol Exploit
    https://twitter.com/Hope_money_/status/1714692934719992075
    On October 19, 2023 12:20 AM (UTC+7) Hope.money announced that HopeLend Protocol fell victim to a hacker attack this attack resulted in a loss of approximately 528 ETH
    this incident is affecting around ~$1M loss arising
  5. Astrid Restaking Pool Exploit
    https://twitter.com/AstridFinance/status/1718254655288066501
    On October 28, 2023 8:13 PM (UTC+7) Astrid Restaking Protocol announced that smart contract was exploited, Astrid have sent a message on tx https://etherscan.io/tx/0xa56fdb1fc7c192b23cda44901d2871289cf28831cb94ccc731d089d4fb593793 to discuss a bounty, they offering 20% for a bounty of any funds stolen
    After that AstridFinance Exploiter returned funds back to Astrid Deployer 102 ETH on tx https://etherscan.io/tx/0x27cbd5f2f12067bcc9be3bafa9140b849ee1ee68ae5329c2a4ba789685111ad7
    this incident is affecting around ~$244k (Exploiter return funds back and get 20% bounty fee)
  6. Unibot Exploit
    https://twitter.com/0xScopescan/status/1719222329224704307
    On October 31, 2023 12:18 PM (UTC+7) Scopescan Alert that Unibot seems exploited around ~$560k
    Unitbot announced: https://twitter.com/TeamUnibot/status/1719239188514844735
    this incident is affecting around ~$560k loss arising

SCRL, formerly known as SECURI LAB, aims to enhance Web3 project security through the expertise of security researchers. We provide robust security solutions and employ industry-standard technology, including internal tools and KYC solutions, to assess the security of smart contracts. SCRL primary mission is to tackle security challenges in Web3 projects with a focus on concise security audits. We created Python tools, namely WAS for internal purposes and aspire to foster the growth of Thailand’s crypto industry by promoting security protection technology.

Follow SCRL On:

Website: https://scrl.io/
Twitter: https://twitter.com/scrl_io
Telegram: https://t.me/scrl_io
Medium: https://scrl.medium.com/

--

--