What happened to blockchain-related security in October?
Hello to all readers who have come to read this article. This article was produced for SECURI LAB to keep you updated on the latest and relevant security news on Blockchain. Hope this article will be useful to all readers. If there is any error in the article. We apologize for this opportunity. You can report errors in the article at contact@securi-lab.com
BNB Chain Security Incident on October 7, 2022
At the time of October 7, 2022 (approximately) there was an incident where the BNB Chain had to temporarily shut down its network. As a result of an exploit from a native cross-chain bridge between BNB Beacon Chain (BEP2) and BNB Smart Chain (BEP20 or BSC), known as “BSC Token Hub”, more than 2M of BNB tokens have been withdrawn by BNB Chain has requested to stop the BNB Chain to the validator node with great cooperation. This resulted in the BNB Chain halting, and after that, the BNB Chain created a set of instructions for upgrading the security and restarting the BNB Chain.
The damage was estimated to be close to $600M, but most of the money was frozen. therefore not much affected
https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/
Security incident for Mango (DEX provider on Solana) October 11, 2022.
On October 11, 2022, Mango, the Solana Chain DEX protocol was halted due to an exploit costing approximately $100M, and Mango’s DAO monitored the situation and planned a full recovery of the protocol. Mango’s DAO also gets approximately $69M of exploited assets back into the protocol. by negotiating with the attacker This incident is believed to be caused by a faulty Oracle. Attackers attempted to exploit the flaw, disrupting the perpetual future contract environment, resulting in a large number of victims having their positions closed, and assets being drained from the protocol.
QANP Platform Security Incident
On the same day that happened with Mango (October 11, 2022), QANPlatform a bridge deployer wallet was exploited, which drained the assets to the following locations:
“At 08:16:39 AM +UTC the exploiter was able to drain 1,444,169,100.98 QANX from the QANX Bridge on Binance Smart Chain (BSC) and sold it for 3090.5 BNB on PancakeSwap which was later tunnelled into Tornado Cash.
At 08:17:59 AM +UTC the exploiter was able to drain 1,431,880,339.45 QANX from the QANX Bridge on Ethereum and sold it for 255.4 ETH on Uniswap which was later tunnelled into Tornado Cash.” — — QANPlatform
The event was an attempt to track all assets. But it could not be traced back, resulting in QANPlatform having to redeploy the protocol to fix the protocol error. Users and investors associated with QANPlatform discussed the incident on Twitter.
Security event on Twitter verified account of Gate.io changed the link bio to the scam/phishing website [Report by PeckShieldAlert]
October 22, 2022. PeckShieldAlert There has been reports of a major CEX provider Gate.io Twitter Verified Account being altered in its bio link and pointing to a fraudulent website. There have also been deceptive giveaway tweets pointing to a fake website. There were no reports of any damage to this incident and Gate.io has since deleted the tweet and fixed the bio link.
Incidents where QuickSwap terminates Lend Market due to Market XYZ protocol being compromised.
October 24, 2022, Quickswap has announced that the Lend Market protocol is temporarily discontinued because Market XYZ was attacked. The cost of this attack was approximately $220K. Curve Oracles
Team Finance security incidents
October 27, 2022, There was an incident where Team Finance exploited audited smart contracts v2 and v3 with the migrate function. This incident resulted in $14.5M and Team Finance later tracked the incident. The amount was later refunded with a 10% deduction to the attacker. And it has taken all the security-related steps to get the protocol back intact.
Google Search shows the results of the website. scam/phishing to display search results Coinmarketcap
October 27, 2022, CZ Binance tweeted: They found an unusual search. when he searched for the word Coinmarketcap on Google’s Search Engine found a link to the website. scam/phishing and pop-up injection Metamask Wallet to try to deceive people entering the website The incident SECURI LAB believes may have been caused by an attempted fraudulent advertisement through a Google Ads product. We do not know the facts in that case. But we urge everyone to be careful and check the website URL every time before starting any transaction related to financial transactions.
For the October 2022 incident, the vast majority of incidents were targeted to bridge-related protocols or platforms and protocols that use Oracles, SECURI LAB predicts that such incidents will recur. often This is because the protocol needs to retrieve the environment or various data through the oracles network for computation and comparison. If a smart contract is written that does not have a thorough check of execution or fuzzing, it may not be able to detect any mathematical flaws. Or various vulnerabilities, however, SECURI LAB would like to thank all readers and followers. If you like our articles and what we are doing, please clap and be sure to follow us on our social media channels. — — Chinnakit J. Article Author and CEO & Founder of SECURI LAB
About SECURI LAB
SECURI LAB is a group of cyber security experts Founded in 2018, we are security researchers with more than 3 years of expertise and we started out as a consultant to organizations on cybersecurity. We use highly reliable and industry-leading inspection tools.
Follow SECURI LAB On:
Website: https://securi-lab.com/
Twitter: https://twitter.com/SECURI_LAB
Telegram: https://t.me/securi_lab
Medium: https://medium.com/@securi
For those who are interested in running an Audit Smart Contract, we currently have a special discount of up to 30%, please contact us for the best offer.
