Crypto December 2022 Report: Following the devastating collapse of several major exchanges and the tumultuous year-end attacks

As we ring in the new year, it’s important to reflect on the challenges that the crypto market has faced, particularly due to the global economic slowdown. While the bear market may have caused hardship for some, it has also served as a test of resilience. Looking ahead to 2023, we remain hopeful for a stronger year ahead. As part of our monthly commitment to keeping our readers informed, we have compiled a report on the current state of safety in the crypto industry.

Bitkeep Wallet — The attack by embedding code in .apk files, which is an application file for the android operating system, bitkeep wallet users’ wallets can be stolen by accessing assets and transferring unauthorized. Approximately $8M loss

Bitkeep Wallet Attacked By Burying Unwanted Into the application version 7.2.9 of android users That results in access to the user assets fund without permission This resulted in approximately $8M damage.

However, SECURI LAB, we raise some doubts and questions about the security measures of the Bitkeep Wallet developers team, why is it possible to access the source code from outside before uploading after compilation is not checked first? The attack is believed to be caused by a person having access to the source code of the bitkeep wallet application due to the knowledge of the mechanism. The SECURI LAB suspects that it may have been an internal attack.

3Commas — Third-party API provider compromised, API secret key leaked

First, after CZ Binance tweeted that there was a possible API leak from 3Commas, which they said was under investigation and there were no security breaches, they said on December 18, 2022.

There has been a confirmed security breach involving the API Keys of various CEX providers. It has been confirmed that there was an API Key leak. This is a serious issue and it is concerning that 3Commas operators initially stated that no attack had been detected. It is important to regularly conduct security analysis and take necessary measures, such as allowing users to revoke their keys upon the alert, to prevent further loss of API users for 3Commas.

Raydium Protocol — Exploited, affected approximately $4.4M

The Raydium Protocol, which runs on the solana chain, was targeted at liquidity pools, resulting in approximately $4.4M in losses from such attacks.

Defrost Finance — was suspected that the rug pull was worth up to $12M in damages

Defrost Finance ran into a problem where they claimed to have been attacked using flash loan techniques to withdraw funds, affecting only V2 and later Defrost Finance receiving funds from the attackers.

Lodestar Finance — Arbitrum’s Money Market has exploited $2.4M loss

On December 11th, 2022, the Lodestar Finance protocol was compromised, costing approximately $2.4M, suspected to be caused by a bug in the algorithm that determines collateral rations.

About SECURI LAB

As a team of highly skilled cybersecurity experts, SECURI LAB was established in 2018. Our team of security researchers has amassed over three years of expertise, and we have a strong foundation as consultants for organizations seeking to enhance their cybersecurity measures. Utilizing only the most reliable and industry-leading inspection tools, we strive to deliver the most comprehensive and effective solutions for our clients.

Follow SECURI LAB On:
Website: https://securi-lab.com/
Twitter: https://twitter.com/SECURI_LAB
Telegram: https://t.me/securi_lab
Medium: https://medium.com/@securi

For those who are interested in running an Audit Smart Contract, we currently have a special discount of up to 30%, please contact us for the best offer.

--

--