1. Basic information
In August 2023, the REKT and RugPull incidents caused a cumulative loss of approximately US$41.82 million, a significant decrease from the loss of US$80 million in the previous month, and the number of incidents was basically the same. After Curve was stolen for tens of millions of dollars last month, another well-established leading project, Balancer, also encountered problems, with serious vulnerabilities in multiple of its V2 pools. However, because the project team received the vulnerability feedback and dealt with it urgently, only 4% of the TVL funds were at risk when it was disclosed, which greatly reduced the loss and provided reference experience for the emergency procedures of other projects. The biggest loss this month was ExactlyProtocol. Lack of verification of its input parameters was also a common problem. The post-mortem analysis report also emphasized the importance of conducting a comprehensive audit. The number of RugPull incidents this month has increased several times compared with last month, and the amount of losses has also exceeded REKT. In the RugPull incident this month, in addition to BSC, there were also many cases in the new public chain BASE and Linea ecology, causing huge losses to users. Finally, social media phishing incidents still occur one after another. The project owner's Discord and Twitter permissions are controlled, and incidents of publishing phishing links still occur from time to time.
1.1 REKT inventory
No.1
On August 1st, the decentralized trading platform @LeetSwap on the Base chain was attacked, and the attacker made a profit of approximately $624K. The main reason for this attack is that in the Pair contract, the _transferFeesSupportingTaxTokens() function can be called externally. This function can transfer any number of specified tokens in the contract to the address for charging fees. So the attacker first performs a normal small swap operation to obtain the tokens needed for the next swap, and then calls the _transferFeesSupportingTaxTokens() function to transfer almost all of the tokens of one of the parties in the pair. The address for charging fees is given, which makes the liquidity of Pair unbalanced. Finally, the sync() function is called to balance the pool and reverse swap to withdraw more ETH than expected.
Attack transaction:
https://basescan.org/tx/0xbb837d417b76dd237b4418e1695a50941a69259a1c4dee561ea57d982b9f10ec
Attacker address:
https://basescan.org/address/0x5B030F90DB67190373DBF3422436DF4C62F60A60
Related Links:
https://twitter.com/SlowMist_Team/status/1686229798954418177
No.2
On August 1st, the contract 0x786b374b on the ETH chain was attacked. The root cause was that it had a public function execute() to increase liquidity for the DAI/USDC/USDT pool. Due to the lack of permission control, attackers can construct malicious parameters to obtain the added tokens. The attacker profited approximately $36.8K.
Attack transaction:
https://www.oklink.com/cn/eth/tx/0xd493c73397952049644c531309df3dd4134bf3db1e64eb6f0b68b016ee0bffde
Attacker address:
https://www.oklink.com/cn/eth/address/0xccc526e2433db1eebb9cbf6acd7f03a19408278c
Related Links:
https://twitter.com/AnciliaInc/status/1689737978963546112
No.3
On August 2, the @uwerx_network project on the ETH chain was attacked, resulting in a loss of approximately 175 ETH worth approximately $322K. The root cause is that in the_transfer() function, the balance is deducted twice.
Attack transaction:
https://www.oklink.com/cn/eth/tx/0x3b19e152943f31fe0830b67315ddc89be9a066dc89174256e17bc8c2d35b5af8
Attacker address:
https://www.oklink.com/cn/eth/address/0x6057a831d43c395198a10cf2d7d6d6a063b1fce4
Related links: https://twitter.com/Phalcon_xyz/status/1686668523374813184
No.4
On August 2, the @Neutrafinance project on the Arbitrum chain was attacked, resulting in a loss of ~23.5 ETH, worth approximately $43K. The root cause is that the spot price used by the conversion function conflicts with another pool with the same name. One of them (CMLT-LP-65eb) can be converted to the other (CMLT-LP-2ea3) via the convert() method.
Attack transaction:
https://www.oklink.com/cn/arbitrum/tx/0x6301d4c9f7ac1c96a65e83be6ea2fff5000f0b1939ad24955e40890bd9fe6122
Attacker address:
https://www.oklink.com/cn/arbitrum/address/0x39b842bb7287afc516db176b76c5cbbd8caa1e84
Related links: https://twitter.com/Phalcon_xyz/status/1686654241111429120
No.5
On August 2, the unopened source contract (0xd614927Ac) on the Arbitrum chain was attacked, resulting in a loss of 461 ETH, worth approximately $846K. The root cause is that the attacker's contract is approved in the flash loan method in the victim contract, allowing the attacker to transfer assets by calling transferFrom().
Attack transaction:
https://www.oklink.com/cn/arbitrum/tx/0x864c8cfb8c54d3439613e6bd0d81a5ea2c5d0ad25c9af11afd190e5ea4dcfc1f
Attacker address:
https://www.oklink.com/cn/arbitrum/address/0x826b180cd3d6fd0a646875f920bb2cf52b7f0b0b
Related Links:
https://twitter.com/BeosinAlert/status/1687084394035720192?s=20
No.6
On August 7, Steadefi was attacked, and funds flowed out of Arbitrum and Avalanche, resulting in a loss of approximately $1.14M. The root cause is improper malware injection and operational security.
Attacker address:
https://www.oklink.com/cn/arbitrum/address/0x9cf71f2ff126b9743319b60d2d873f0e508810dc
Related Links:
https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan
No.7
On August 7, the Cypher program on Solana was hacked, resulting in a loss of approximately $1M. Cypher has two accounts for storing user data, allowing users to use margin for lending and trading. The root cause of the vulnerability is that when modifying the mortgage mode of the sub-account (CypherSubAccount), the new mortgage mode is not updated in the main account (CypherAccount), resulting in numerical inconsistencies between the main account and the sub-account, causing the connection to the mortgage sub-account to be inconsistent. The account's main account was left in a compromised state, allowing the attacker to borrow money and bypass collateral ratio checks.
Attack transaction:
https://www.oklink.com/cn/sol/tx/tiwo6s8LxN3HvNMUWX2t5CrXeWpDXmhKURwMf7m4XeKCDSGaQmvy6iTJ6fR4R3byiQZEGBrrSDXeYQUqEMnUAuz (USDC Transfer)
https://www.oklink.com/cn/sol/tx/4ZqYRfvPePGLpZCb6t1iq7gNMUwsrkcQoSAiDHq9gEYUve9t3b598Qf63uErtaoB1onScKf7VcmM3u8qVbAd3XK6 (USDC transfer2)
Attacker address:
https://www.oklink.com/cn/sol/account/HHm4wK91XvL3hhEC4hQHo544rtvkaKohQPc59TvZeC71
Related Links:
https://twitter.com/BeosinAlert/status/1688723959964114945
https://cypherlabs.notion.site/cypher-exploit-7th-august-2023-post-mortem-ef01b5de613c4e52b36043c7649a5b40
No.8
On August 7, the Earning Farm project on the ETH chain was attacked. The root cause was a code logic error and incorrect handling of shares and LP tokens. As a result, attackers can burn a small amount of LP to obtain a large amount of ETH. The loss was approximately $528K.
Attack transaction:
https://www.oklink.com/cn/eth/tx/0x6e6e556a5685980317cb2afdb628ed4a845b3cbd1c98bdaffd0561cb2c4790fa (one)
Attacker address:
https://www.oklink.com/cn/eth/address/0xee4b3dd20902fa3539706f25005fa51d3b7bdf1b
Related Links:
https://twitter.com/BeosinAlert/status/1689205260102094853
https://twitter.com/Ironblocks_/status/1689235344305135616
No.9
On August 10, the Infinity project on the ETH chain was attacked. The root cause was that the regenerateMany() function actually allowed users to recast any number of tokens for themselves without owning any tokens. The loss was approximately $71K.
Attack transaction:
https://www.oklink.com/cn/eth/tx/0xe06960e423066113a54de8cf3c8fcfcd2bfe9fbef7d3b32d24ea8a55b7dff567
https://www.oklink.com/cn/eth/tx/0x3104984bc5f71dd86a6cd4f25a860354d0eaa62603b9c51c9e6f29c6b4a707a5
Attacker address:
https://www.oklink.com/cn/eth/address/0x78767df0e5ebe44dd4ed7de89dfea99368eea844
Related Links:
https://twitter.com/0xCygaar/status/1689640971582210050?s=20
No.10
On August 10, Aquarius Lending Protocol in the Coredao ecosystem was attacked. The root cause was negligence in the creation and management of its USDT market. The old USDT market initial exchange rate created by the project party was set incorrectly, and the mortgage factor was set to 80%. Corrected exchange rate issues by redeploying the new USDT market. However, the collateral coefficient of the old USDT market was not set to 0, allowing the attacker to profit. The loss was approximately $253K.
Attack transaction:
https://scan.coredao.org/tx/0x14aff21ea3255a1bf0b44bab7cb7250683a6ba4be6eaf237a08e877b71c37aa4
Attacker address:
https://scan.coredao.org/address/0xc46dfc9b073af2e89896ba82599b5260639a3958
Related Links:
https://twitter.com/AquariusLoan/status/1689335926470635520?s=20
https://medium.com/@Aquarius_loan/aquarius-lending-pool-liquidity-report-august-9th-2023-9ba28d7b4c65
No.11
On August 13, the Zunami Protocol on the ETH chain was attacked. The root cause is price manipulation. Attackers use flash loans to manipulate the amount of reserves in the SDT SushiSwap pool, thereby affecting the asset price in the UZD contract to attack. The attacker profited approximately $2.18M.
Attack transaction:
https://www.oklink.com/cn/eth/tx/0x2aec4fdb2a09ad4269a410f2c770737626fb62c54e0fa8ac25e8582d4b690cca
https://www.oklink.com/cn/eth/tx/0x0788ba222970c7c68a738b0e08fb197e669e61f9b226ceec4cab9b85abe8cceb
Attacker address:
https://www.oklink.com/cn/eth/address/0x5f4c21c9bb73c8b4a296cc256c0cde324db146df
Related Links:
https://twitter.com/AnciliaInc/status/1690857336158695425?s=20
https://twitter.com/peckshield/status/1690877589005778945
No.12
On August 14, the RocketSwap project on the BASE chain was attacked. The root cause was the leakage of the private key. When deploying Launchpad, you need to use an offline signature project to place the private key on the server, and the server was brute force cracked. The attacker profited approximately $1.54M.
Attack transaction:
https://basescan.org/tx/0x9b384f72d0817c99d2829c1226729de0c2ae29aa8ae7d32f1feaa6fc358de026
https://basescan.org/tx/0xfbd44b6ebc97095eef5793af40d7c5eb6241065f42f3128f6732c2f6c06a298c
https://basescan.org/tx/0x427b57aeecce13b1ae32e4c8aa552446452e65dc64295c226d40155532caf34c
https://basescan.org/tx/0x330edb831110ba2f05616e389becd29d183dd5d31648df258931dbfb2db21af0
https://basescan.org/tx/0xd9f062b32bb7094d91910b551ee7ddbc658e3b3f11b5c31dbc4dc6d53534dab3
https://basescan.org/tx/0x6594045cf4c94e674028fed79f62bfefee2dc5d71f22e8be1856ec9ac0f7be8c
Attacker address:
https://www.oklink.com/cn/eth/address/0x96c0876f573e27636612cf306c9db072d2b13de8
Related Links:
https://twitter.com/BeosinAlert/status/1691285787101569024?s=20
No.13
On August 14th, the Atlanverse project on BSC was attacked, causing a loss of approximately $5.4K.
Attack transaction:
https://www.oklink.com/cn/bsc/tx/0x32cc7084715d2d30b049d8321a74d642e92e386df6d889c0ab7809b1d91ab333
https://www.oklink.com/cn/bsc/tx/0xf58bed3bb09a3099db847c01565d0819982e943cbdc55b0d280071b63cbce2a7
Attacker address:
https://www.oklink.com/cn/bsc/address/0x9d92db2faf5ce6e058e25c65593b63da2e7f9bfd
Related Links:
https://twitter.com/MetaTrustAlert/status/1691028346723811329
No.14
On August 18th, Harbor Protocol was attacked. The attacker manipulated the prices of three mortgage assets, Luna, stOsmo and wMATIC, through AMM cSwap on Comdex, and then used these assets to trade on the Comdex chain. The stablecoin CMST is minted in the Harbor protocol. Since the attacker has driven up the price of these assets on cSwap, CMST can be borrowed from these three asset repositories at a higher mortgage price. The total damage from the attack is currently estimated to be approximately $250K.
Attacker address:
https://www.mintscan.io/comdex/accounts/comdex1sma0ntw7fq3fpux8suxkm9h8y642fuqt0ujwt5
https://www.mintscan.io/comdex/accounts/comdex1y70akwhauhxaxf5fl70qk3t76c84ulmsff8j9g
Related Links:
https://twitter.com/Harbor_Protocol/status/1692836252498723154?s=20
https://blog.comdex.one/harbor-protocol-exploit-breakdown-incident-report-b07cd117b1d6
No.15
On August 18, the ExactlyProtocol project on the Optimism chain was attacked. The root cause was insufficient inspection, which caused the market address in DebtManager to be replaced with a malicious address, thereby stealing user funds. The loss was approximately $7.6M.
Attack transaction:
https://www.oklink.com/cn/optimism/tx/0x3d6367de5c191204b44b8a5cf975f257472087a9aadc59b5d744ffdef33a520e
https://www.oklink.com/cn/optimism/tx/0x1526acfb7062090bd5fed1b3821d1691c87f6c4fb294f56b5b921f0edf0cfad6
https://www.oklink.com/cn/optimism/tx/0xe8999fb57684856d637504f1f0082b69a3f7b34dd4e7597bea376c9466813585
Attacker address:
https://www.oklink.com/cn/optimism/address/0x3747dbbcb5c07786a4c59883e473a2e38f571af9
Related Links:
https://twitter.com/BlockSecTeam/status/1692533280971936059
https://twitter.com/BeosinAlert/status/1692568125374685200
https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed
No.16
On August 19th, the Thales Market project was attacked on BSC. Basically, the computer/Metamask of the core contributor to the project may have been hacked, resulting in the loss of some hot wallet funds. The loss was approximately $38K.
Attack transaction:
https://www.oklink.com/cn/bsc/tx/0x2fd26d3a973aac49e8331d0c5783a1da1ef67920fb0983f2f8f4a818e11416e1
https://www.oklink.com/cn/bsc/tx/0xca046d6126b11eea07a0f1df5c2a12c1e54a49aa41ebf878defbd5131758d3d3
https://www.oklink.com/cn/bsc/tx/0x708f8c79519fad46277e682a07c1ff9d87d8dc300b2d0d8c70847678a1513b9d
Attacker address:
https://www.oklink.com/cn/bsc/address/0xca1c859a40f39b0bac46551fa5e9fb969898ae70
Related Links:
https://twitter.com/thalesmarket/status/1692935883521953997?s=20
No.17
Balancer reported a serious vulnerability on August 22nd, took emergency procedures on several V2 pools, removed most of the liquidity, and reminded users to immediately withdraw the affected LP. Subsequently, it was still attacked by some flash loans, resulting in a loss of approximately $2.1M.
Attacker address:
ETH:
https://www.oklink.com/cn/eth/address/0xb23711b9d92c0f1c7b211c4e2dc69791c2df38c1
https://www.oklink.com/cn/eth/address/0xed187f37e5ad87d5b3b2624c01de56c5862b7a9b
https://www.oklink.com/cn/eth/address/0x429313e53a220c4a5693cad1da26ae5045b5762f
https://www.oklink.com/cn/ftm/address/0x64e08fa89c2bae9f123cc8a293775f0e6cc86760
https://www.oklink.com/cn/optimism/address/0xbc794f1ff9ad7711a9d2e69be5b499e290b8fd3c
Related Links:
https://forum.balancer.fi/t/vulnerability-found-in-some-pools/5102
https://twitter.com/BeosinAlert/status/1696362629818908758?s=20
No.18
On August 26, the STV project on BSC was attacked and the contract was not open source. Lost about $500K
Attack transaction:
https://www.oklink.com/cn/bsc/tx/0xf2a0c957fef493af44f55b201fbc6d82db2e4a045c5c856bfe3d8cb80fa30c12
Attacker address:
https://www.oklink.com/cn/bsc/address/0x4b44b52ef15f7aab9a0a6cfdfa8d2c5eeeb6d8c3
Related Links:
https://twitter.com/Phalcon_xyz/status/1695285435671392504?s=20
No.19
On August 26, the Mendi Finance pledge contract of the lending agreement on Linea was attacked, resulting in the loss of 930,000 Mendi tokens worth approximately $25K. The root cause is that the delayed withdrawal time is incorrectly set in the StakedDistributor contract and the _editRecipientInternal() method does not correctly update the corresponding reward.
Attack transaction:
https://lineascan.build/tx/0xd5b41c3d9cb766448697cce1af26e03dee557a46d8f149f107c2e2d00b49a656
Attacker address:
https://lineascan.build/address/0x69cd776d8b37ee991362cad27fac2fbab2d0dce4
Related Links:
https://mp.weixin.qq.com/s/qbu75qZljB8ykxo44QT7BQ
1.2 RugPull inventory
No.1
On August 1st, a RugPull occurred on the BALD project on the BASE chain. Contract deployers added a total of 6077 ETH liquidity and removed 11077 ETH liquidity. The profit was about 5000 ETH, worth $9.28M.
Related links: https://twitter.com/BeosinAlert/status/1686050081806696448
No.2
On August 2nd, the deployer address of the DRAC_Network (DRAC) project on the BSC chain performed RugPull by selling tokens, resulting in a loss of approximately $74K.
Related links: https://twitter.com/AnciliaInc/status/1686887371453988864?s=20
No.3
On August 2, the token TT project deployed on the BSC chain was an exit scam. RugPull was implemented, and 278 BNB were exploited, resulting in a loss of approximately $68.3K.
Related links: https://twitter.com/CertiKAlert/status/1686507176221630464?s=20
No.5
On August 2, the deployer address of the DeriTrade project on the BSC chain conducted a RugPull by directly minting DUSD tokens, resulting in a loss of approximately $13.2K.
Related links: https://twitter.com/AnciliaInc/status/1686887371453988864?s=20
No.6
On August 2nd, the Apache NFT SalesRoom project party on the BSC chain minted 1M ASN and sold it for BUSD for RugPull, resulting in a loss of approximately $670K.
Related links: https://twitter.com/BeosinAlert/status/1686944832688906240
No.7
On August 5, the MotherOfAllMemes (MOAM) project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $40K.
Related Links:
https://twitter.com/CertiKAlert/status/1687578059036098561?s=20
No.8
On August 5, the fake SeaPad token project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $77.8K.
Related Links:
https://twitter.com/CertiKAlert/status/1687760426547736576?s=20
No.9
On August 5, the Clown Coin project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $35K.
Related Links:
https://twitter.com/CertiKAlert/status/1687773506744791040?s=20
No.10
On August 6, the Bitlord (BITLORD) project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $567K.
Related Links:
https://twitter.com/CertiKAlert/status/1687905901053693952?s=20
No.11
On August 6, the Coin token project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $31K.
Related Links:
https://twitter.com/CertiKAlert/status/1688109795025227776?s=20
No.12
On August 6, the Satori token project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $43K.
Related Links:
https://twitter.com/CertiKAlert/status/1688132913563398144?s=20
No.13
On August 7, the fake X[.]AI project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $12K.
Related Links:
https://twitter.com/CertiKAlert/status/1688480338677207040?s=20
No.14
On August 7, the fake LK-99 token project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $261K.
Related Links:
https://twitter.com/CertiKAlert/status/1688542400384241664?s=20
No.15
On August 8th, the Peko Protocol project on the Linea ecosystem deleted its social account and group for RugPull. Previously, Peko Protocol raised $700K from 12 angel investors.
Related links: https://twitter.com/PeckShieldAlert/status/1689090766067671040
No.16
On August 8, the TOSHI project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $56.6K.
Related Links:
https://twitter.com/CertiKAlert/status/1688872511096676352?s=20
No.17
On August 8, the ShitCoinC3ntral project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $57K.
Related Links:
https://twitter.com/CertiKAlert/status/1688930878754275328?s=20
No.18
On August 9th, the PekoProtocol (PEKO) project on the Linea chain was an exit scam and a RugPull was performed, resulting in a loss of approximately $57K.
Related Links:
https://twitter.com/CertiKAlert/status/1695200872647573527?s=20
No.19
On August 9, a RugPull occurred in the Blockchainmages project on the Cardano ecosystem, resulting in the loss of 60K ADA tokens worth approximately $14K.
Related links: https://coinmarketcap.com/community/articles/64d38c9d218ac20aaf51aa2d/
No.20
On August 10, the Deez Nuts (DEEZ) project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $57.5K.
Related Links:
https://twitter.com/CertiKAlert/status/1689226022409904128?s=20
No.21
On August 10, the fake X Token project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $19K.
Related Links:
https://twitter.com/CertiKAlert/status/1689984602125844480?s=20
No.22
On August 12, the @PayPalUSDFanETH project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $43.8K.
Related Links:
https://twitter.com/CertiKAlert/status/1689984602125844480?s=20
No.23
On August 12, the GGBOND (GGBOND) project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $151K.
Related Links:
https://twitter.com/CertiKAlert/status/1690677758823714817?s=20
No.24
On August 13, the fake zkSync token project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $106.4K.
Related Links:
https://twitter.com/CertiKAlert/status/1690677758823714817?s=20
No.25
On August 13, the KUKUCoin project on the ETH chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $173K.
Related Links:
https://twitter.com/CertiKAlert/status/1690677758823714817?s=20
No.26
On August 14, the fake Tarality Token project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $67K.
Related Links:
https://twitter.com/CertiKAlert/status/1691107861286309888?s=20
No.27
On August 15, the fake CIRCLE token project on the BSC chain experienced a RugPull by removing liquidity, resulting in a loss of approximately $216.3K.
Related Links:
https://twitter.com/CertiKAlert/status/1691190203858276353?s=20
No.28
On August 16, a RugPull occurred in the SwirlLend project on the Base and Linea ecosystems, resulting in a loss of approximately $500K.
Related Links:
https://twitter.com/PeckShieldAlert/status/1691719373571186925
https://twitter.com/BeosinAlert/status/1691751481484194049
No.29
On August 17, the contract $CCASH on BSC performed RugPull by selling tokens, resulting in a loss of approximately $166K.
Related Links:
https://twitter.com/AegisWeb3/status/1692073412011712872
No.30
On August 19, the fake Friend Tech token project on the BSC chain removed token liquidity and conducted a RugPull, resulting in a loss of approximately $30K.
Related Links:
https://twitter.com/CertiKAlert/status/1692876010549600407?s=20
No.31
On August 19, the fake Frontfanz token project on the BSC chain removed token liquidity and conducted a RugPull, resulting in a loss of approximately $226.5K.
Related Links:
https://twitter.com/CertiKAlert/status/1692932345249038650?s=20
No.32
On August 21, the fake LayerZero token project on the BSC chain removed token liquidity and conducted a RugPull, resulting in a loss of approximately $1M.
Related Links:
https://twitter.com/CertiKAlert/status/1693362027371123099?s=20
No.33
On August 21st, the WPC token project on the BSC chain removed token liquidity and conducted a RugPull, resulting in a loss of approximately $162K.
Related Links:
https://twitter.com/CertiKAlert/status/1693651832793428154?s=20
No.34
On August 23, the HarryPotterObamaJustinHuobiSun project on the ETH chain conducted a RugPull by removing liquidity, resulting in a loss of approximately $50K.
Related Links:
https://twitter.com/CertiKAlert/status/1694357925072920800?s=20
No.35
On August 23, the Towelie (TOWELIE) project on the ETH chain conducted a RugPull by removing liquidity, resulting in a loss of approximately $89K.
Related Links:
https://twitter.com/CertiKAlert/status/1694294536762093950?s=20
No.36
On August 23, the aspiring cooperation community (ACC) token project on the BSC chain conducted RugPull by removing liquidity, resulting in a loss of approximately $224K.
Related Links:
https://twitter.com/CertiKAlert/status/1694290119337849303?s=20
No.37
On August 23, the Reflex Staking Bot (REFLEX) project on the BSC chain conducted a RugPull by removing liquidity, resulting in a loss of approximately $90K.
Related Links:
https://twitter.com/CertiKAlert/status/1694282366812848494?s=20
No.38
On August 24, the Hachiko project on the ETH chain removed token liquidity and conducted a RugPull, resulting in a loss of approximately $123.7k.
Related Links:
https://twitter.com/CertiKAlert/status/1694414085444473047?s=20
No.39
On August 25, the deployer of the Magnate Finance project on the BASE chain manipulated the price of the oracle machine and removed related assets for RugPull, resulting in a loss of approximately $6.4M.
Related Links:
https://twitter.com/DeDotFiSecurity/status/1694955838140526617?s=20
No.40
On August 26, the fake CIRCLE token project on the BSC chain removed token liquidity and conducted a RugPull, resulting in a loss of approximately $265K.
Related Links:
https://twitter.com/CertiKAlert/status/1695185413407654012?s=20
No.41
On August 26, the @MagicBlocksEth project on the ETH chain was an exit scam and a RugPull was performed, resulting in a loss of approximately $57K.
Related Links:
https://twitter.com/CertiKAlert/status/1695200872647573527?s=20
No.42
On August 31st, the babyshiatoken project on the ETH chain was an exit scam and a RugPull was performed, resulting in a loss of approximately $226K.
Related Links:
https://twitter.com/CertiKAlert/status/1697023832886837303?s=20
No.43
On August 31st, the privileged address of the genswap_dex project on the ETH chain used an overflow vulnerability to increase the token balance and conduct a RugPull, resulting in a loss of approximately $65K.
Related Links:
https://twitter.com/CertiKAlert/status/1696989083057135659?s=20
No.44
On August 31st, the fake Symbiosis Finance token project on the ETH chain removed liquidity and conducted RugPull, resulting in a loss of approximately $24K.
Related Links:
https://twitter.com/CertiKAlert/status/1696658676902228146?s=20
No.45
On August 31st, the KIZUNA project on the ETH chain removed liquidity and conducted a RugPull, resulting in a loss of approximately $135K.
Related Links:
https://twitter.com/DeDotFiSecurity/status/1696823573678051683?s=20
1.3 Social media fraud and phishing inventory
No.1
On August 2, @bondexapp official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1686574325791338497?s=20
No.2
On August 4, the official Discord of @MERGEZ_NFT was attacked, and the attacker posted a phishing link.
Related Links:
https://twitter.com/CertiKAlert/status/1687238632648683521?s=20
No.3
On August 5, the official @AvalaunchApp Twitter was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1687558884305653760?s=20
No.4
On August 5, the official Discord of @alt_layer was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1687599938593492992?s=20
No.5
On August 7, @Clique2046 official Discord was attacked.
Related Links:
https://twitter.com/CertiKAlert/status/1687666584129613824?s=20
No.6
On August 7, @SparkadiaGG official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1687733624299237376?s=20
No.7
On August 7, the official Discord of @LinkageFinance was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1688372105832714240?s=20
No.8
On August 7, @BrawlersNFT_ official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1688486946396422145?s=20
No.9
On August 7, the official Discord of @palindromes_io was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1688487806631399425?s=20
No.10
On August 8, the official Discord of @Pandaverse_Base was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1688526797955080192?s=20
No.11
On August 8, @fraxfinance official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1688681755102846978?s=20
No.12
On August 10, @bitsCrunch official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1689394866185269248?s=20
No.13
On August 10, the official Discord of @crypto_banter and @CbCryptoschool was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1689459158251102209?s=20
No.14
On August 10, the official Discord of @ZeitgeistPM was attacked, and the attacker posted a phishing link.
Related Links:
https://twitter.com/CertiKAlert/status/1689514929248722945?s=20
No.15
On August 10, the official Discord of @WealthPass_NFT was attacked, and the attacker posted a phishing link.
Related Links:
https://twitter.com/CertiKAlert/status/1689649151154536448?s=20
No.16
On August 12, the official Twitter account of @QuaiNetwork was attacked, and the attacker posted a phishing link.
Related Links:
https://twitter.com/CertiKAlert/status/1690082412967981056?s=20
No.17
On August 12, the official Twitter account of @alanorwick was attacked, and the attacker posted a phishing link.
Related Links:
https://twitter.com/CertiKAlert/status/1690082412967981056?s=20
No.18
On August 12, the official Discord of @Fetch_ai was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1690203930527969280?s=20
No.19
On August 12, the official Twitter accounts of @LearnWeb3DAO and @Haezurath were attacked, and the attackers posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1689016410830143488?s=20
No.20
On August 12, BASE’s official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1690308283343532032?s=20
No.21
On August 17, @elmonx_official official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1692067598316327066?s=20
No.22
On August 15, @MetisDAO’s official Twitter was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1691201644963258368?s=20
No.23
On August 16, the official Discord of @ceramicnetwork was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1691530268614545410?s=20
No.24
On August 17, the official Discord of @Rodeo_Finance was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1692127044748906911?s=20
No.25
On August 17, @Sagaxyz__ official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1692171180818759684?s=20
No.26
On August 19, @PiraFinance official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1692645168296427769?s=20
No.27
On August 22, the official Discord of @marginlycom was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1693795795655426498?s=20
No.28
On August 29, @JasmyMGT official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1696538671401365713?s=20
No.29
On August 29, @atoms_res official Discord was attacked, and the attacker posted a phishing link.
Related Links:
https://twitter.com/CertiKAlert/status/1696053193094909968?s=20
No.30
On August 29, the official Discord of @RhinosRebellion was attacked, and the attacker posted a phishing link.
Related Links:
https://twitter.com/CertiKAlert/status/1694610235086811483?s=20
No.31
On August 31, @finance_ref official Discord was attacked, and the attacker posted phishing links.
Related Links:
https://twitter.com/CertiKAlert/status/1696967917097668821?s=20
1.4 Others
No.1
CoinsPaid reveals details of social engineering attack by North Korea's Lazarus Group. An engineer thought he was being interviewed for a lucrative job at Cryptocom and downloaded malware as part of a technical test. Downloading the malicious code allowed North Korean hackers to access CoinsPaid's systems, exploiting software vulnerabilities to successfully forge authorization requests to withdraw funds from CoinsPaid's hot wallets, and steal approximately $37 million.
Related Links:
https://www.dlnews.com/articles/defi/how-north-korea-lazarus-group-stole-crypto-from-coinspaid/
No.2
Distrust has discovered a critical vulnerability affecting cryptocurrency wallets using version 3.x of Libbitcoin Explorer. Attackers can obtain wallet private keys by cracking the Mersenne Twister pseudo-random number generator (PRNG), which has caused real damage in the real world. Affected cryptocurrencies include Bitcoin, Ethereum, Ripple, Dogecoin, Solana, Litecoin, Bitcoin Cash and Zcash, among others. Due to the vulnerability, attackers can access and control the user's wallet and steal funds. $900,000 in assets have been stolen.
Related Links:
https://milksad.info/disclosure.html
https://www.techflowpost.com/newsletter/detail_29155.html
2. Safety Summary
In August 2023, although the number of security incidents REKT did not decline, the economic damage caused by them was reduced to half of the previous month. This improvement is mainly due to the mature emergency response mechanism of the Balancer project, which avoids large-scale attacks on Curve-related projects caused by the Vyper compiler vulnerability last month. However, other types of security issues, such as reentrancy attacks, price manipulation, business logic errors, and insufficient input validation, still occur frequently.
It is worth noting that the losses caused by the RugPull incident on the newly launched public chain even exceeded the REKT incident. This sounded the alarm for users, reminding everyone that security risks should not be ignored due to short-term enthusiasm. At the same time, Distrust released vulnerability information about Libbitcoin, dating back to 2022, which is similar to the Vyper compiler vulnerability, once again emphasizing that security threats may always be lurking around us.
These incidents remind us not to relax our vigilance, because security risks will never completely disappear, and we can only rely on other means to minimize the attack surface. Project parties should pay all-round attention to protocol security, not only conduct code audits and set up Bug Bounty mechanisms, but also need to establish a sound emergency response process in advance. When conducting a security audit, all relevant agreements and contracts should be covered as much as possible. Users also need to be more vigilant about popular projects on the new public chain and cannot blindly trust the project solely based on the number of users or total value locked (TVL).
Finally, fraud and phishing attacks are still active on social media, so both project developers and users need to increase their awareness of community security protection.