Weekly Blockchain Security Watch
11 July 2022 to 17 July 2022
From July 11 2022 to July 17 2022, the security incidents that had occurred can be categorized by the following:
- Security Hacks
- Software Issues
1. Garga.eth Warns Twitter of Attacker Sending Phishing Links.
On July 11, BAYC Co-Founder Garga.eth warned users on Twitter that an attacker was trying to use social media accounts to send phishing links. Garga.eth also advised people not to click on any links sent from this account.
2. Uniswap Users Suffer Phishing Attacks Worth ~US$4.7 Million
On July 11, two Uniswap users’ addresses suffered phishing attacks by an attacker. Their Uniswap V3 LP tokens were exploited and converted into WBTCs before it was converted again to ETHs and cashed out via Tornado.Cash.
As of the reporting date, a total of 240 WBTCs converted to 3287 ETHs (~US$4.7 million) were exploited.
Further details -
Attacker’s address (Ethereum Blockchain):
3. Citizen Finance’s Team Private Key Leaked and Exploited for ~US$88, 000
On July 11, the team’s private key of Citizen Finance, a Dapp deployed on the BNB chain and Polygon, was leaked and attacked.
Around 244 BNBs (57,000 MATICs) valued at $88,000 were exploited in this incident.
Additional Details -
Attacker’s address (BNB Smart Chain):
4. Attackers Send Phishing Links to Azuki Art’s Discord Server
On July 14, phishing links were sent to Azuki Art’s Discord server. Azuki Art is an NFT project created by a metaverse brand called Azuki.
5. Attacker Manipulates Flash-Loans, Price Exploiting Space Godzilla
On July 14, an attacker had leveraged a flash-loan and manipulated its price on Pancake Swap against Space Godzilla, a DeFi application deployed on the BNB chain. Around 25, 378.78 BUSDs (~US$25, 000 worth) of crypto assets were exploited and exchanged to BNBs before they were cashed out through Tornado.Cash.
The following are the specifics of the attack -
Attacker’s address (BNB Smart Chain):
Deployed Attacking Contract (BNB Smart Chain):
Hash Value of the Attack Transaction (BNB Smart Chain):
6. Freeway Reports Coffe Attack
On July 14, DeFi application Freeway reported that its blockchain bridging service provider Coffe was attacked.
Large quantities of FWTs were taken away from Coffe’s wallet and sold. Freeway commenced an investigation for the incident and had paused withdrawals, deposits and purchases of the FWT token.
7. Attackers Send Phishing Links to Botborgs’ Discord Server
On July 16, phishing links were sent to the Botborgs’ Discord server. Botborgs is a science-fiction metaverse game based on the Solana blockchain.
8. Attackers Send Phishing Links to NFTY Dash’s Social Media Accounts
On July 17, phishing links were sent to NFTY Dash’s Discord server and Twitter account. NFTY Dash is a platform that tracks and whitelists NFT projects.
9. Attacker Injects Malicious Files into Premint.xyz Front-End
On July 17, an attacker had injected malicious JS files into the front-end of Premint.xyz, an NFT application deployed on the Ethereum blockchain.
The files were able to trick its users to sign transactions for “setApprovalForAll (address,bool)” to authorize the attacker to spend their NFTs.
Around 300 NFTs worth 280 ETH (~US$380,000) were exploited during this incident.
1. Celo Team Ceased Blockchain Operations Temporarily After Celo Blockchain Stops Working
On July 13, the Celo blockchain stopped working at block 1, 403, 519, causing the team to bring down the blockchain temporarily for 24 hours. The team at Celo had released two versions to fix the issue. Eventually after the 1.5.8 version was released, Celo was back to work.
This was the first shutdown that had happened since April 2020.
10 notable incidents had occurred in the past week. 9 were security attacks while 1 was a software issue.
These security incidents are common. It is worth noting that the number of phishing attacks on social media accounts have increased greatly.
A Reminder for Project Teams: Always test thoroughly. Do smart contract audits before deploying smart contracts on-chain. Awareness of potential issues in governance mechanisms are also needed.
A Reminder for Crypto Users: Be cautious about suspicious links, emails, websites, and projects launched by teams without established reputations.
It is important for everyone in the crypto community to gain understanding and practice sufficient levels of cybersecurity.
Looking to strengthen the security of your project? Contact us at