1. Basic information
In April 2023, the security incidents caused a total loss of about 60 million US dollars. Compared with the previous month, the amount of losses has decreased, but the number of security incidents remains unchanged. Among them, Yearn Finance caused a loss of more than 10 million US dollars due to incorrect parameter configuration. At the same time, there are some vulnerabilities that have already appeared, and they also appear on the Arbitrum chain. In addition, the number of RugPull remains unabated. Incidents such as social media fraud are still frequent, and Twitter project party account forgery and official Discord are attacked and released phishing links emerge in endlessly.
1.1 REKT inventory
No.1
On April 2, the Allbridge_io project was attacked by flash loans, and lost about 570,000 US dollars. The main reason was that the price of the 0x179a pool was manipulated through flash loans to make profits. The attacker first deposits 0x179a 500m BUSD through flash loan, and then converts bsc_usd into busd by calling swap. bsc_usd, because the pool was destroyed, 40,000 busds were finally converted into 780,000 bsc_usds.
Attack transactions:
•https://www.oklink.com/cn/bsc/tx/0x7ff1364c3b3b296b411965339ed956da5d17058f3164425ce800d64f1aef8210
Attacker address:
•https://www.oklink.com/cn/bsc/address/0xc578d755cd56255d3ff6e92e1b6371ba945e3984
No.2
On April 5th, the Sentiment protocol was attacked by flash loans and lost about 1 million US dollars. The core reason was a price error caused by reentry. The attacker first executes the joinPool of Balancer Valut to pledge, and then calls exitPool to withdraw coins. In exitPool, the remaining ETH will be transferred to the attack contract. At this time, the fallback function of the attack contract will be called. If the borrow operation is performed, the entire supply will be reduced, which will affect the price.
Attack transactions:
•https://www.oklink.com/cn/arbitrum/tx/0xa9ff2b587e2741575daf893864710a5cbb44bb64ccdc487a100fa20741e0f74d
Attacker address:
•https://www.oklink.com/cn/arbitrum/address/0xdd0cdb4c3b887bc533957bc32463977e432e49c3
No.3
On April 9th, RouteProcessor2 in SushiSwap was attacked and lost about 3.3 million US dollars. The core reason was that RouteProcessor did not verify the route parameters provided by the user, which led the attacker to specify a malicious pool, and then implemented the swap interface in the malicious pool. And use the uniswapV3SwapCallback callback function to steal coins from RouteProcessor2 authorized users.
Attack transactions:
•https://www.oklink.com/cn/eth/tx/0xea3480f1f1d1f0b32283f8f282ce16403fe22ede35c0b71a732193e56c5c45e8
No.4
On April 10, Terraport Finance was attacked and lost about 4 million US dollars.
No.5
On April 10, Meta Skyer (SKYER) was attacked by flash loans and lost $20,000
Attack transactions:
•https://www.oklink.com/cn/bsc/tx/0xee1bc3d0b5b9bbbe3fa47730774a391491f583a602afb0969f532d521975137d
No.6
On April 11, the @paribus_io project was attacked and lost about 100,000 US dollars. The core reason was a reentrancy vulnerability in an old version of CompoundV2.
Attack transaction: https://www.oklink.com/cn/arbitrum/tx/0x0e29dcf4e9b211a811caf00fc8294024867bffe4ab2819cc1625d2e9d62390af
No.7
On April 12, MetaPoint ($POT) was attacked and lost about 820,000 US dollars. The core reason is that every time deposit $POT, a new contract will be created to store user assets, but the approve function in this contract It is public, allowing anyone to transfer their assets.
Attack transaction: https://www.oklink.com/cn/bsc/tx/0xccd12f22629b2c42d2b680362dadbd1b3d89cb4a87a8c9b297766b4974c6ad34
No.8
On April 13, Yearn Finance was attacked and lost a total of about 11.53 million US dollars. The core reason was that the contract configuration of yUSDT was wrong, and it was configured as a USDC address.
Related transactions:
•https://www.oklink.com/cn/eth/tx/0x055cec4fa4614836e54ea2e5cd3d14247ff3d61b85aa2a41f8cc876d131e0328
•https://www.oklink.com/cn/eth/tx/0xd55e43c1602b28d4fd4667ee445d570c8f298f5401cf04e62ec329759ecda95d
No.9
On April 16, Swapos V2 Contracts was attacked and lost a total of 46.8 million US dollars. The core reason was that in the swap function of the Swapos contract, there was an error in the judgment of the k value, which led to the attacker being able to withdraw the money in the pair .
Related transactions:
•https://www.oklink.com/cn/eth/tx/0x78edc292af51a93f89ac201a742bce9fa9c5d9a7007f034aa30535e35082d50a
Attacker address:
•https://www.oklink.com/cn/eth/address/0x2df07c054138bf29348f35a12a22550230bd1405
No.10
On April 15th, @HundredFinance was attacked and lost about 7 million US dollars. The core reason is that when hToken is redeemed, there is an integer rounding problem, which will appear when the market is empty. The attacker first deposits a small amount of WBTC to clear the hWBTC pool, and then donate a large amount of WBTC to the hWBTC pool, which will affect and increase the price of hWBTC, and then borrow all the assets in the market, and then call redeemUnderlying, due to the integer rounding problem, It will only burn half of the hWBTC in the contract to make a profit.
Related transactions:
•https://www.oklink.com/cn/optimism/tx/0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451
No.11
On April 19th, @OceanLifeToken was attacked by flash loan, and made a profit of 32.29WBNB, about 1.1w USD. OLIFE is a reflection token. The attacker reduces the number of rSupply and tSupply by calling the transfer function and the deliver function multiple times, thereby affecting the number of OLIFE in the pool, and finally swapping OLIFE into WBNB for profit.
Related transactions:
•https://www.oklink.com/cn/bsc/tx/0xa21692ffb561767a74a4cbd1b78ad48151d710efab723b1efa5f1e0147caab0a
No.12
On April 20, the cross-chain bridge contract of Tales of Elleria on Arbitrum was attacked, and the attacker mint a total of 5,000,000,000 $ELM (about 270,000 US dollars). Related attackers
:
•https://www.oklink.com/cn/arbitrum/address/0xf2cbf39e7668ebb113f2c609bbd6ea1dfce5d376
No.13
On April 20, XBN was attacked, and the attackers made a total profit of 10,000 US dollars.
Related transactions:
•https://www.oklink.com/cn/bsc/tx/0x3b698ba37f33ac0f822a0de7e097126d71e8216bf59ec9b2e6044df7d4f40296
No.14
On April 21, WEDEX Reward token (APP) encountered a flash loan attack, and the attacker made a profit of about 1171 US dollars.
Related transactions:
•https://www.oklink.com/cn/bsc/tx/0xb9217a608da161803977dfcf3edfd7e7323bb942f71f5cae6da5e1900e91174d
No.15
On April 21, Unlock Discount Token $UDT was attacked, and the attacker made a profit of about 3.4 million US dollars.
Attacker address:
•https://www.oklink.com/cn/eth/address/0x43ee4169d9ff5e5b10ca42923b1e5d07a157bb71
No.16
On April 22, Mutual Aid VCC was attacked. The project has a backdoor function that can transfer VCC tokens to a specified address. The attacker made a profit of 70 WBNB, about 2.27w USD.
Related transactions:
•https://www.oklink.com/cn/bsc/tx/0xef1746520086c224da86c92ee9631366ddf883e4ab1d35e8958c095f5eb80ebe
No.17
On April 23, FilDA announced that it was attacked on the Elastos Smart Chain and REI network, and lost a total of 700,000 US dollars. The attacker converted 80k $ELA into 326 BNB and 200k ELA into 17 ETH through cross-chain.
No.18
On April 24th, the Axioma project was attacked and finally made a profit of about 20 WBNB. The attacker first purchased AXT in the contract AxiomaPresale through the flash loan, and then exchanged the purchased AXT for WBNB through the pancake. Because the price of AXT in AxiomaPresale is calculated by a fixed formula, there is a price difference with the price in the pancake, which makes the attacker be able to profit from it.
Related transactions:
•https://www.oklink.com/cn/bsc/tx/0x05eabbb665a5b99490510d0b3f93565f394914294ab4d609895e525b43ff16f2
No.19
On April 25th, @SASHIMISASHIMI5 was attacked by flash loan, and lost a total of 37.35BNB & 6.58ETH, totaling 24.2w USD.
Contract address: https://www.oklink.com/cn/bsc/address/0xc28e27870558cf22add83540d2126da2e4b464c2
No.20
On April 28th, @0vixProtocol was attacked by flash loan and lost a total of about 2 million US dollars. The core reason is VGHOSTOracle. VGHOSTOracle calculates the price through the convertVGHST function in the vGHST contract. The calculation process depends on the amount of $GHST tokens in the contract. The attacker obtained a large amount of assets through flash loans, and then transferred 1,656,000 to the vGHST contract for price manipulation, and finally liquidated for profit.
Attack transactions:
•https://www.oklink.com/cn/polygon/tx/0x10f2c28f5d6cd8d7b56210b4d5e0cece27e45a30808cd3d3443c05d4275bb008
1.2 RugPull Inventory
No.1
On April 1st, the @Chain_Relay_(CRLN) project was suspected of RugPull, the price fell by 97.7%, and about $1.32w was taken away by two different EOAs.
Contract address: https://www.oklink.com/cn/bsc/address/0x5838b43ede809dd39e547ba09ee5d0d5a644846b
No.2
On April 1, a fake ArbitrumToken was suspected of RugPull, and the contract deployer removed all liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x62dfdb6e54b4e876e5e7003a71097ddd5affaa05
No.3
On April 2nd, Kokomo Finance ($KOKO) Rug the remaining $1.5million by modifying the logic contract, which makes the total Rug amount reach 5.5 Million.
No.4
On April 2, AYW Token (AYW) was suspected of Rugpull, and its price dropped by 91%.
Related contracts: https://www.oklink.com/cn/bsc/address/0x8ec798657f574d6b0d53461870a0709230cf6f7f
No.5
On April 2, Script (SCPT) was suspected of Rugpull, and the contract deployer withdrew liquidity, causing a loss of 133,000 US dollars.
Related contracts: https://www.oklink.com/cn/bsc/address/0xd4ac227eb1a4c0384aae06f7808f08bb8f516ebf
No.6
On April 2, the price of OBB (OBB) fell by 91%, and the contract deployer withdrew liquidity, making a profit of 9.6 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0xc7654db2271194632e70310f8adc925d12bf5246
No.6
On April 4th, MOL (MOL) was suspected of Rugpull, and the contract deployer withdrew $19.2 million in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x87f2df6f85b5833f058abd7d7eb41249084c2380
No.7
On April 4th, a fake GameFi token (GAFI) was suspected to be Rugpull, and the contract deployer withdrew liquidity, making a profit of 7.3 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0xad3396360beebc5c3d3cb4c036c370f2891d8673
No.8
On April 5th, TRT token (TRT) was suspected of Rugpull, the price fell by 99%, and the contract deployer made a profit of 9.3 million US dollars by withdrawing liquidity
Contract address: https://www.oklink.com/cn/bsc/address/0x52f56100bba2cbe268e325123888116302c4f668
No.9
On April 6th, CBC token (CBC) was suspected of being Rugpull, and the contract deployer withdrew $11.3 million in liquidity and made a profit of $8.1 million
Contract address: https://www.oklink.com/cn/bsc/address/0x9e10cf57c90c937c6ab51f4b98ec1d5bfcaf4804
No.10
On April 7th, @bigfinancetech (BIGFI) was suspected of Rugpull, and the contract deployer withdrew $18.50,000 in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x4a45a331930ee997f7382e9f001359e1f2981a71
No.11
On April 7th, PCORE token (PCORE) was suspected of Rugpull, and the contract deployer withdrew the liquidity and made a profit of 3.75 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0x76d44d2d4056b48c30a2eeacbd1583d3c7087a6d
No.12
On April 7th, Morgan Coin (MORGAN) was suspected of Rugpull, and the contract deployer withdrew $1.380,000 of liquidity and made a profit of $0.580,000.
Contract address: https://www.oklink.com/cn/bsc/address/0xe0e058a2bca2a9974e3be579c19ac040e84d2e3c
No.13
On April 8, the Pervasive Information Community Organization (PICO) was suspected of Rugpull, and the contract deployer withdrew $11.19 million in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0xe455228ead628c6cade249929de58d7cf41130cf
No.14
On April 8th, OpenAI LASA (LASA) was suspected of Rugpull, and the contract deployer removed liquidity and made a profit of 11.19 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0x2d4256b0ee0f359ed3ab39148dceb563de1a1e08
No.15
On April 8th, OpenAI ATF (ATF) was suspected of Rugpull, and the contract deployer withdrew liquidity and made a profit of 33.96 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0xf830423378d0bad39f8d032cf5df7187abe72c1c
No.16
On April 9th, Zodiac Credit - ZOC (ZOC) was suspected of Rugpull, and the contract deployer withdrew liquidity and made a profit of 7.7 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0x76401604de3dc379aec0cf54005c0d0937a11717
No.17
On April 10, MED (MED) was suspected of Rugpull, and the price fell by 80%.
Contract address: https://www.oklink.com/cn/bsc/address/0xee0ed249325a8284d66af5f98dcbb7c620ebbe45
No.18
On April 11, Theory Craft Fames (TYF) was suspected of Rugpull, and the contract deployer withdrew liquidity and made a profit of 6.9 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0x5459b93a1bdf9cb027e70cdf7bfc450e41fdf326
No.19
On April 11, XCAD (PLAY) was suspected of Rugpull, and the contract deployer withdrew liquidity and made a profit of 100,000 US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0x2f8726192d599806e1eabbed1687e48e38e56489
No.20
On April 11th, Real Web Project (RWP) was suspected of Rugpull, and the contract deployer withdrew liquidity and made a profit of 18.5 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0x79eb19ba58963b11394fd14041c15027eabc1537
No.21
On April 12, Iwr token (IWR) was suspected of Rugpull, and the contract deployer withdrew $3.40,000 of liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0xb9934562d37e5a6c883de7ce54d6febb36dcbfda
No.22
On April 12th, ChainGPT (CGPT) was suspected of Rugpull, and the contract deployer withdrew $7.60,000 in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x6e70ee54564298e7f1dc0523f8190aef8529ebbf
No.23
On April 14, Mulit Level Processing (MLP) was suspected of Rugpull, and the contract deployer withdrew $4.98w of liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x354b82bd70a578fa553765da23040a55380ee67e
No.24
On April 15th, a fake Hepton token (HTE) was suspected to be Rugpull, and the contract deployer withdrew the liquidity and made a profit of 5.5 million US dollars.
Contract address: https://www.oklink.com/cn/bsc/address/0x9d77c78d1f06d5f7b599f0654dbb61ea706d9de3
No.25
On April 16, Crown Token (CROWN) was suspected of Rugpull, and the contract deployer withdrew $50,000 of liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x820e625965d0eac316e98ee3efa74fa6531f1315
No.26
On April 16, Doge Twitter Token (DOGETWIT) was suspected of Rugpull, and the contract deployer withdrew $4.1 million in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x1f528ea4d5d0bf9e78a15db65ae07953edc6edf6
No.27
On April 16, the Move token (MOVE) was suspected of Rugpull, and the contract deployer withdrew $8.70,000 in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0xed0624512d6d4c8e6b1335d5039b53e82400e037
No.28
On April 18, ANT (ANT) was suspected of Rugpull, the price dropped by 95%, and about 3.6 million US dollars were transferred away.
Contract address: https://www.oklink.com/cn/bsc/address/0xd029fdbf7b826c97982f3dabe4f930d9148363fe
No.29
On April 18, ArbShibAI was suspected of Rugpull, and the contract deployer withdrew about USD 6.8 million in liquidity.
. Contract address: https://www.oklink.com/cn/arbitrum/address/0xc97522deaae1d3d94cc491cc4f81e0b33f33a13a
No.30
On April 20, a Pepe Coin imitation project was suspected of being Rugpull, and the contract deployer withdrew $6.50,000 in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x79879c0a8b949458dfa60ca7a8df24f59e42bb1b
No.31
On April 20, 6827 Token (6827) was suspected of Rugpull, and the liquidity of 62.3w USD was removed.
Contract address: https://www.oklink.com/cn/bsc/address/0x941f3bef8b076b9ff978b549712b4eea6832ffee
No.32
On April 21, fcdep (EPMAX) was suspected of Rugpull, and the contract deployer withdrew $67.4 of liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0x66fff5bb007c4885a00fc14bdb1eee389b804ef7
No.33
On April 21, ZKLOTTO (ZKLOTTO) was suspected of Rugpull, and the contract deployer withdrew about $60.9 million in liquidity.
Contract address: https://www.oklink.com/cn/bsc/address/0xcf0c7772b8c1b1f30aa61e4c51a2b3fec65990f7
No.34
On April 23, the http://Void.Cash project was suspected of Rugpull, and the contract deployer sold about 20eth, causing the price to drop.
Contract address: https://www.oklink.com/cn/eth/address/0x37cd4e8875e3edaffdfe9be63958f07effbd0bfd
No.35
On April 25th, the Ordinals Finance $OFI project was suspected of Rugpull, and the contract deployer removed all the liquidity, about 1010,000 US dollars, and deposited 551 eth into TornadoCash.
1.3 Social Media Fraud and Phishing Inventory
No.1
On April 1st, the @UnicrnSwap Twitter account posted a phishing link hxxps://uniornswap.org/# Do not interact with the site or approve any transactions.
No.2
On April 1st, the Discord server of the @Yogapetz project was attacked. Do not click on any published links before confirming that you have taken out the server permissions.
No.3
On April 1st, a fake LayerZero Labs Twitter account posted a phishing link, do not interact with hxxps://layerzeros.network/#.
No.4
On April 1st, the fake @sunsetventurer Twitter account posted a phishing link, do not interact with hxxps://cryptocanvasx.xyz/.
No.5
On April 1st, the fake ChainGPT Twitter account posted a phishing link, do not interact with hxxps://www.chaingpt.in/.
No.6
On April 1st, the fake zkSync Twitter account posted a phishing link, do not interact with hxxps://zksyncdistribution.com/.
No.7
On April 1st, the fake Treasure DAO Twitter account posted a phishing link, do not interact with hxxps://treasure.claims-web3.com/.
No.8
On April 1st, the fake Scroll Twitter account posted a phishing link, do not interact with hxxps://scroll.cx/.
No.9
On April 2, beware of hxxps://dojocoin.online/presale/index.html and do not interact with it.
No.10
On April 2, the fake Ripple Twitter account @xrpevent_live posted a phishing link, do not interact with hxxps://xrpdouble-official.com/xrp/#.
No.11
On April 2, the fake Vela Exchange Twitter account @vela_exchang posted a phishing link, do not interact with hxxps://app.vela.exchange/.
No.12
On April 2, the fake METAFABRIC Twitter account @metafabric_io posted a phishing link, do not interact with hxxps://metafabric-claim.pages.dev/.
No.13
On April 2, the fake GMX Twitter account posted a phishing link, do not interact with hxxps://gmxio.drop-web3.com/.
No.14
On April 2, the fake Scrolls Twitter account posted a phishing link, do not interact with hxxps://scroll.zone/.
No.15
On April 2, the fake zkSync Twitter account posted a phishing link, do not interact with hxxps://zksyncx.pw/.
No.16
On April 2nd, the Discord server of the @raise_fi project was attacked. Do not click on any posted links before confirming that you have taken out the server permissions.
No.17
On April 2, beware of a phishing link for a fake Sui airdrop and do not interact with hxxps://suiprotocols.com/.
No.18
On April 2, the fake Arbitrum Twitter account posted a phishing link, do not interact with hxxps://arbitrumgift.pw/.
No.19
On April 3rd, the Discord server of the @cedro_finance project was attacked and released a fake airdrop link. Do not click on any published link before confirming the server authority.
No.20
On April 3, the fake Andrew Tate Twitter account posted a phishing link, do not interact with hxxps://www.tate-token.com/.
No.21
On April 4th, the Discord server of the @GyroStable project was attacked and posted a fake mint link. Do not click on any published links before confirming that you have taken out the server authority.
No.22
On April 4th, the fake ZetaChain Twitter account posted a phishing link, do not interact with hxxps://zetachain.cc/.
No.23
April 4th, beware of a fake Arbitrum phishing link, do not interact with hxxps://arbitrumprotocol.org/.
No.24
On April 5th, the fake Chainlink Twitter account posted a phishing link, do not interact with hxxps://chainlink.bz/.
No.25
On April 5th, the fake Beep Boop Twitter account posted a phishing link, do not interact with hxxps://beepboopbotz.org/.
No.26
April 5th, beware of a fake Nakamigos phishing link and do not interact with hxxps://nakamigo.io/.
No.27
April 5th, beware of a phishing link for a fake OP airdrop and do not interact with hxxps://optimismprotocols.com.
No.28
On April 5th, the fake HEX Twitter account posted a phishing link, do not interact with hxxps://hex-layer2.com/.
No.28
On April 5th, the fake BabyDogeCoin Twitter account posted a phishing link, do not interact with hxxps://babydogecoins.co/.
No.29
On April 6, the Discord server of the @TriBuzzNFT project was attacked and posted a fake mint link. Do not click on any published links before confirming the server authority.
No.30
On April 6, the Discord server of the @Gravity_Finance project was attacked and released a fake airdrop link. Do not click on any published link before confirming the server authority.
No.31
On April 6, the fake AIPAD Tech Twitter account posted a phishing link, do not interact with hxxps://claim.aipad.technology/.
No.32
On April 6, beware of a fake Dogecoin phishing link, do not interact with hxxps://doge.whitelist.network/.
No.33
April 7, @krakenbet is a scam account, do not interact with hxxps://krakenbet.xyz.
No.34
On April 7th, the fake zkSync Twitter account posted a phishing link, do not interact with hxxps://zksyncx.store/.
No.35
On April 7, the fake Myria Twitter account posted a phishing link, do not interact with hxxps://claimairdrop.app/.
No.36
On April 7, the fake DeGods Twitter account posted a phishing link, do not interact with hxxps://degods.ch/.
No.37
On April 8th, the fake LayerZero Labs Twitter account posted a phishing link, do not interact with hxxps://layerzero-labs.info/.
No.38
On April 8th, the fake Sui Network Twitter account posted a phishing link, do not interact with hxxps://suinetworks.org/.
No.39
On April 8, beware of a fake Arbswap phishing airdrop link and do not interact with hxxps://arbswap.premint.id/?=claim.
No.40
On April 8th, the fake Ape Coin Twitter account posted a phishing link, do not interact with hxxps://airdrops-apecoin.com/.
No.41
On April 9th, the fake CAWMmunity Twitter account posted a phishing link, do not interact with hxxps://cawnetwork.info/.
No.42
On April 9th, the fake Shardeum Twitter account posted a phishing link, do not interact with hxxps://sharduem.org/.
No.43
On April 10th, the fake Lens Protocol Twitter account posted a phishing link, do not interact with hxxps://lensprotocoldrop.com/claim.html.
No.44
On April 10, the fake zkSync Twitter account posted a phishing link, do not interact with hxxps://zk-synsc.com/.
No.45
On April 10, the fake Sui Twitter account posted a phishing link, do not interact with hxxps://sui-networks.org/.
No.46
On April 11, the Discord server of the @meanfinance project was attacked. Do not click on any published links before confirming the server permissions.
No.47
On April 11, beware of a phishing link exploiting Nakamigos and do not interact with hxxps://nakamidead.com/.
No.48
On April 11th, beware of a phishing link for free mint for a fake Nakarocks collection, do not interact with hxxps://nakarocks.com/.
No.49
On April 11, the fake RTFKT Twitter account posted a phishing link, do not interact with hxxps://rtfkt-x-nikeairforce1.com/
No.50
On April 12th, the fake ChainGPT Twitter account posted a phishing link, do not interact with hxxps://join-chainpt.com/
No.51
On April 12, the fake Venus Twitter account posted a phishing link, do not interact with hxxps://venus-protocols.com/.
No.52
On April 12, the fake zkSync Twitter account posted a phishing link, do not interact with hxxps://whitelist-zk5sync.org/.
No.53
On April 13, the Discord server of the @Suteki_NFT project was attacked. Do not click on any published links before confirming the server authority.
No.54
On April 13th, the Discord server of the @chimpsverse project was attacked and posted a phishing link. Do not click on any published link before confirming that you have taken out the server authority.
No.55
On April 14, the Discord server of the @SavedSoulsNFT project was attacked and released a phishing link. Do not click on any published links before confirming that you have taken out the server permissions.
No.56
On April 15th, the Discord server of the @walkerworld_ project was attacked and released a phishing link. Do not click on any published link before confirming that you have taken out the server authority.
No.57
On April 15, the fake Sei Twitter account posted a phishing link, do not interact with hxxps://seinetworks.cc/.
No.58
On April 15th, the fake Optimism Twitter account posted a phishing link, do not interact with hxxps://join-optimism.info/.
No.59
On April 15, the fake SingularityNET Twitter account posted a phishing link, do not interact with hxxps://singularity.link3.su/.
No.60
On April 15, the fake HEX Twitter account posted a phishing link, do not interact with hxxps://claim.airdrophex.com/.
No.61
On April 17, the fake Twitter account @thenakazukis posted a wallet drainer, do not interact with hxxps://nakazukis.xyz/.
No.62
On April 17, the fake SUI Twitter account posted a phishing link, do not
interact with hxxps://sui.web3-dashboard.com/.
No.63
On April 17, a phishing link related to the wallet was found, do not interact with hxxps://outlawsnft.wtf/mint/.
No.64
On April 17, do not interact with hxxps://www.beanz.icu/, a victim lost 494.7ETH, and interacted with it before.
No.65
On April 17, the fake SUI Twitter account posted a phishing link, do not interact with hxxps://sui-labs.org/.
No.66
On April 18, the Discord server of the @agility_lsd project was attacked and posted a phishing link. Do not click on any published link before confirming that you have taken out the server authority.
No.67
On April 18, the Discord server of the @Starknet_id project was attacked and posted a phishing link. Do not click on any published link before confirming that you have taken out the server authority.
No.68
On April 18, the @NakaPenguins twitter account posted a wallet scam, do not interact with hxxps://nakapenguins.com/.
No.69
On April 18, do not interact with hxxps://animalconcerts.live/, this is a phishing link.
No.70
On April 18, the Discord server of the Animal Concerts project was attacked and released a phishing link. Do not click on any published link before confirming the server authority.
No.71
On April 18, the fake Frax Twitter account posted a phishing link, do not
interact with hxxps://frax.netlify.app/.
No.72
On April 19, the project @Zebec_HQ claimed that a bot posted a fake airdrop link, please do not click on any links posted by this bot.
No.73
On April 19, the Discord server of the @ETCCooperative project was attacked and posted a phishing airdrop link. Do not click on any published links before confirming that you have taken out the server authority.
No.74
April 19th, watch out for a fake Scroll link appearing on a hacked Twitter account, do not interact with hxxps://scroll-zkp.io/.
No.75
On April 19, the fake Syncswap Twitter account posted a phishing link, do not interact with hxxps://zksyncswap.io/.
No.76
On April 19th, the fake Phala Twitter account posted a phishing link, do not interact with hxxps://phala.app/en/.
No.77
On April 19th, the Discord server of the @zkLinkorg project was attacked and posted a phishing airdrop link. Do not click on any published link before confirming the server authority.
No.78
On April 19th, the fake Layer Zero Twitter account posted a phishing link, do not interact with hxxps://layerzero-labs.app/.
No.79
On April 20th, the fake ArbDoge AI Twitter account posted a phishing link, do not interact with hxxps://aidoge.me/.
No.80
On April 20th, beware of a fake Consensys phishing link appearing on Twitter, do not interact with hxxps://consensys.financial/.
No.81
On April 20th, the fake Wojak Coin Twitter account posted a phishing link, do not interact with hxxps://claimwojak.com/.
No.82
April 20th, do not interact with hxxps://precmint.xyz/launchmyNFT, it is a phishing link
No.83
On April 20, the Discord server of the LaunchMyNFT project was attacked and released a phishing link. Do not click on any published link before confirming that you have taken out the server authority.
No.84
On April 20, the fake Pepe Coin Twitter account posted a phishing link, do not interact with hxxps://claimpepe.wtf/.
No.85
On April 21st, beware of a fake Pepe phishing link appearing on Twitter, do not interact with hxxps://pepescoin.com/.
No.86
On April 21st, @prrfbeauty claimed a phishing link was posted on their Discord server, do not interact with hxxps://pob.claims/.
No.87
On April 21, the fake Azuki Twitter account posted a phishing link, do not interact with hxxps://azuki-vegas.com/.
No.88
On April 22, the Discord server of the @WeAreMetallicus project was stolen. Do not click on any published links before confirming the server permissions.
No.89
On April 22, be aware that a fake Uniswap x DOH airdrop phishing link appeared on Twitter, do not interact with hxxps://uniswapdoh.com/.
No.90
On April 22, be aware that a fake Suidex airdrop phishing link appeared on Twitter, do not interact with hxxps://airdrop.suidex.live/.
No.91
April 22, @DOHgovph Twitter account hacked, do not interact with hxxps://claim.optimsm.net/.
No.92
On April 23rd, beware of a fake Pepe Coin Twitter account posting a phishing link, do not interact with hxxps://pepescoin.com/.
No.93
On April 23, the Discord server of the @Coredao_Org project was stolen. Do not click on any published links before confirming that you have taken out the server permissions.
No.94
On April 23, the Discord server of the @dynexcoin project was stolen, and a phishing link was released. Do not interact with hxxps://dynexcoin.xyz/airdrop/, and do not click on any posted links before confirming the server authority.
No.95
On April 24th, the Discord server of the @harvest_finance project was stolen, and a phishing link was released. Do not click on any published link before confirming the server authority.
No.96
On April 24th, the @kucoincom Twitter account was stolen. Do not click on any published links before confirming that you have regained your permissions.
No.97
On April 24th, the Discord server of the @FlowX_finance project was stolen. Do not click on any published links before confirming that you have taken out the server permissions.
No.98
On April 24, beware of a phishing link imitating Scroll, do not interact with hxxps://scrolllabs.org/.
No.99
On April 24, the Discord server of the HasukiNFTs project was stolen. Do not click on any published links before confirming that you have taken out the server permissions.
No.100
April 25, beware of a phishing link and do not interact with hxxps://claimrektarb.com/.
No.101
On April 25, beware of a phishing link and do not interact with hxxps://pepe.holdings/.
No.102
On April 26, beware of a phishing link and do not interact with hxxps://opencampus.pw/.
No.103
April 26, beware of a phishing link, do not interact with hxxps://notable-pepes.io/.
No.104
On April 27th, beware of a phishing link on Twitter and do not interact with hxxps://claimpeepo.army/.
No.105
April 28, beware of a phishing link, do not interact with hxxps://zestypass.xyz/, this is a fake Zesty Zebra's Zesty Pass site.
No.106
On April 28, do not interact with hxxps://breederdao.ink/, this is a phishing link.
No.107
On April 28th, the Discord server of the @BreederDAO project was stolen, and a fake airdrop link was posted on it. Do not click on any published links before confirming that you have taken out the server permissions.
No.108
On April 29th, the @solimax_Telegram account was stolen. Please do not click on any published links before confirming that you have obtained the account permission.
No.109
On April 29, the Discord server of the @JPEGd_69 project was stolen. Please do not click on any published links before confirming that you have taken out the server permissions.
No.110
On April 29th, the Discord server of the @TapioFinance project was stolen. Do not click on any published links before confirming that you have taken out the server permissions.
No.111
On April 29, the Discord server of the @Monkes_NFT project was stolen. Do not click on any published links before confirming the server permissions.
No.112
Beware of a fake PepeCoin Twitter account posting a phishing link on April 29th, do not interact with hxxps://pepe-claims.net/.
No.113
On April 30th, the Discord server of the @XEX_Crypto project was stolen. Do not click on any published links before confirming the server permissions.
1.4 Others
No.1
On April 3, MEV bots were attacked, resulting in a loss of 25.38 million US dollars. The reason was that transactions in MEV were replaced by malicious verification nodes.
No.2
On April 10, the South Korean exchange GDAC encountered a private key leakage incident, with a total loss of about 13 million US dollars.
No.3
On April 14th, @BitrueOfficial announced that one of their hot wallets was attacked and lost about $23million.
2. Safety summary
In April 2023, there were still many security incidents in the DeFi field, mainly due to loopholes in smart contracts and misconfigurations leading to hacker attacks, causing major financial losses. At the same time, the launch of new chains such as Arbitrum also makes the projects on the chain the target of attackers. To prevent similar incidents from happening again, developers need to take action, including implementing best practices when writing secure code, regular auditing of smart contracts, and bug bounty programs. In addition, investors and users must act cautiously and fully research and analyze risks before investing in DeFi protocols. This month, social media scams and phishing projects frequently occurred. The official discord of several projects was attacked and posted phishing links. Attackers kept pace with the times and forged many projects with popular concepts. When users participate in related projects, they need to be vigilant at all times, please do not click on them Suspicious links to prevent asset loss.