Weekly Blockchain Security Report by Fairyproof — July 4 to July 10
During the week from July 4 to July 10, 2022, security incidents that happened in the crypto space are all security hacks.
Here is a list of the security hacks:
1 Spiky Space Fish
On July 6, the team behind Spiky Space Fish announced that its Discord server was attacked.
2 Dope Ape Club
On July 6, the team behind Dope Ape Club announced that its Discord server was attacked and a phishing link was sent in the Discord server.
3 Omni Protocol
On July 10, Omni Protocol, an NFT & DeFi application deployed on Ethereum was attacked.
The attacker’s address was 0x00000000C251fAf2DE8217ab64AcCD0070B97e47 on Ethereum.
The attacking contract was deployed at 0x3c10e78343c475b99d20fa544dd30b43c0cba26f on Ethereum
The hash value of the attack transaction was:
At least 880 ETHs valued at around $1 million were exploited in this incident.
The root cause of this incident was that its liquidation function had a re-entrancy vulnerability which was exploited by the attacker.
4 Yam Finance
On July 10, Yam Finance, a DeFi application deployed on Ethereum was attacked.
The attacker’s address was 0x4429ABbF523bEf0f1E934B04CFf8584955C72548 on Ethereum.
The attacking contract was deployed at 0x15515330e7C003dD4594b737165F2bf2EE671D82 on Ethereum.
The Yam team successfully prevented an attack which attempted to compromise Yam’s admin rights.
The attacker attempted to submit a malicious proposal including an unverified smart contract that would transfer Yam’s admin rights to an external address controlled by the attacker. Right before the proposal was approved it was blocked. According to the data released by DeepDAO, if this proposal was approved crypto assets valued at around $3.1 million in Yam’s vault would be drained. According to a statement from the Yam team, this attack was very similar to the one that took place in December 2021.
We covered four security attacks in the past week. Among these four attacks, one was an attack on smart contracts, one was a governance attack and the other two were phishing attacks.
A reminder to project teams: always test thoroughly, do smart contract audits before deploying smart contracts on-chain and potential issues in governance mechanisms need awareness as well.
A reminder to crypto users: be cautious about suspicious links, emails or websites, and projects that are launched by teams without established reputation.