1. Preface The Move programming language is rising in popularity lately due to the strong advantages it has over Ethereum’s Solidity language. Move is used in many well-known projects, such as Aptos and Sui. Recently, Numen Web3 security vulnerability detection product discovered a critical-level security vulnerability in the Virtual Machine (VM) of…

On January 15, 2023 at 05:43:37 PM UTC, according to Numen’s on-chain monitoring, the Jarvis_Network project was attacked and 663101 MATICs were lost as a result. The specific transaction can be viewed at https://polygonscan.com/tx/0x0053490215baf541362fc78be0de98e3147f40223238d5b12512b3e26c0a2c2f.

Jan-12–2023 07:22:39 AM +UTC， according to NUMEN on-chain monitoring, CirculateBUSD project has been drained by the contract creator, causing a loss of 2.27 million dollars. The fund transfer of this project is mainly because the administrator calls CirculateBUSD.startTrading, and the main judgment parameter in startTrading is the value returned by…

According to our monitoring of the blockchain, NUMEN Labs has discovered that at 12:21:14 AM UTC on January 3rd, 2023, the GDS project on BSC was the victim of a flash loan attack. …

Preface Sentinel value (aka flag value/trip value/rogue value/signal value/dummy data) is a special value used in the algorithm, it is usually used as a special value for terminating conditions in loops or recursive algorithms. There are many Sentinel values in the source code of chromium. Both from-leaking-the-hole-to-chrome-renderer-rce and TheHole New World…

Preface ZK is the leading open-source Java Web framework for building enterprise Web applications. With over 2,000,000 downloads, ZK empowers a wide variety of companies and institutions, ranging from small to Fortune Global 500 in multiple industries. R1Soft Server Backup Manager (SBM) offers service providers a flexible, server-friendly solution that takes…

On December 2, Numen Cyber Labs discovered that the aBNBc project was hacked based on on-chain data monitoring. There have been a large number of additional transactions, and a large number of aBNBc tokens have been issued. At present, part of the aBNBc issued by the hacker is exchanged for…

According to Numen’s on-chain monitoring, on 2022–11–10 at 19:21:59 (UTC), DFXFinance was attacked. The specific transaction tx is as follows: https://etherscan.io/tx/0x390def749b71f516d8bf4329a4cb07bb3568a3627c25e607556621182a17f1f9

On October 27th, Numen Cyber Labs discovered that the UvToken project was attacked through on-chain data monitoring. The hackers stole 1,078 BNB and 1,161,991 BUSD from the attack, with the total losses adding up to approximately $1.5 Million USD. We have analyzed and tracked the incident and the flow of…