According to Chengdu Lianan [Lianbian-Blockchain Security Situational Awareness Platform (Beosin-Eagle Eye)] security public opinion monitoring data show that in February 2021, according to incomplete statistics, the typical security incidents that occurred in the entire blockchain ecosystem exceeded 26 cases, the overall safety risk rating is [medium]. Judging from the high-incidence areas of typical security incidents, DeFi has shown a significant upward trend compared with January, which needs to be paid attention to.

In February, the prices of major mainstream encrypted assets fluctuated significantly and continued to fluctuate, which to a certain extent brought a negative impact on the stability of the entire blockchain ecosystem. Although the number of incidents in terms of fraudulent escape/encryption scams and ransomware/mining Trojans has decreased, the amount of economic losses caused by them is huge, and security risks are still lingering. Therefore, perfect and efficient security supervision for the entire ecology is crucial to the steady and orderly development of the blockchain industry.

secondary title

Exchanges: A total of "3" typical security incidents occurred

01

On February 8, Bitcoin trading market KeepChange stated that the exchange received a request to withdraw money from a customer account to an address belonging to the attacker, and a control subsystem of the platform suspended the request, resulting in no bitcoin loss. However, the attackers stole some customer data, including email addresses, names, number of transactions, total transaction amount, and passwords.

02

On the morning of February 19th, F2Pool was attacked by DDos, and some addresses experienced a short-term failure, which has been restored. F2Pool is currently the largest Bitcoin mining pool with 26E computing power.

03

secondary title

01

Yearn core developer banteg tweeted that the attackers of the DAI v1 vault stole $2.8 million and the vault lost $11 million.

02

On February 5, according to CoinDesk, the DeFi insurance project ArmorFi has paid a bug bounty of $1.5 million to white hat hacker Alexander Schlindwein. The hacker discovered a "critical flaw" in the protocol that could drain all of the company's underwriting funds.

03

The smart DeFi income aggregator BT.Finance suffered a flash loan attack, and the affected strategies included ETH, USDC and USDT.

04

About $3,750 in assets were stolen from Iron Bank, a zero-collateral cross-protocol loan launched by CreamFinance. The attacker borrowed WETH and other assets from IronBank through a huge amount of cySUSD.

05

On February 13, the cross-chain DeFi platform Alpha Finance Lab (ALPHA) tweeted, "We have been notified about the attack on Alpha Homora V2 and are now working with Andre Cronje and Cream.Finance to deal with it."

06

On February 27, the DAI pool of the DeFi income aggregator Yeld.finance was attacked by a “flash loan”, resulting in a loss of 160,000 DAI, involving more than 10 users.

07

The official tweet of the DeFi aggregation platform Furucombo said: "At 00:47 on February 28th, Beijing time, the Furucombo proxy was hacked by attackers." In total, more than $14 million was stolen.

08

Cream Finance stated that the Furucombo vulnerability attack affected the expired reserve account, and the team has revoked all approvals for external contracts in the wallet, but still lost $1.1 million.

09

The DeFi insurance agreement Armor.Fi stated that a scammer defrauded team members of 1.2 million ARMOR tokens, which have been sold at a price of approximately 600 ETH (approximately US$850,000).

01

On Feb. 4, cybersecurity firm Kaspersky Labs said that a cryptocurrency scam has emerged on chat social platform Discord, promising free bitcoin or ethereum to users on a trading platform.

02

German prosecutors seized more than 50 million euros ($60 million) worth of bitcoin from a scammer on Feb. 5, but faced an embarrassing problem of not being able to crack the key to unlock the asset .

03

secondary title

01

On February 4, Paolo Alto Networks network security researchers released a report saying that there has been new malware targeting Kubernetes clusters, using the processing power of computers to mine Monero without the user's consent or knowledge.

02

Authorities in the Malaysian state of Johor have arrested seven men. The gang has cost local power companies 8.6 million Malaysian ringgit ($2.13 million) in revenue since 2020 by stealing electricity to mine bitcoin.

03

secondary title

01

According to Cointelegraph, the administrator of the dark web link provider dark.fail stated that after two Bitcoin donors donated to dark.fail, their accounts were frozen by the exchange because the exchange implemented Chainalysis’s new KYT (Know Your Account). transaction) blockchain monitoring service.

02

A British teenager named Dylan Bailey used bitcoin to buy ecstasy pills on the dark web from a Dutch supplier who sent him the pills hidden in a DVD case.

03

secondary title

01 

On February 3, more than 75 verifiers of the Ethereum 2.0 beacon chain main network were fined by Slash (the fine was collected from the 32 ETH pledged in the node). According to Beaconscan data, the confiscated nodes this time involved the PoS service provider Staked.us, and the total number of confiscated nodes in the entire Ethereum 2.0 network so far is 114.

02

The cryptocurrency price tracking app Blockfolio was suspected of being hacked, and the user's mobile app received push information related to the transfer of funds from the project party pretending to be sent.

03

Europol officials announced that ten suspects had been arrested. The suspects stole $100 million worth of cryptocurrency from celebrities by hijacking phone numbers.

04

Nomadic Labs, one of the Tezos development teams, said that a vulnerability was found in the Dexter contract, a decentralized exchange based on the Tezos blockchain, built by the smart contract tool development company camlCase, which allows unauthorized withdrawal of funds. .

05

In view of the current security situation of blockchain ecology, "Chengdu Lianan" summarizes here:

Overall, the typical security incidents in February were similar to those in January, so the security team of Chengdu Beosin still rated it as [Medium] for the overall security risk. From the perspective of event trends, the typical security incidents that occurred in February showed a single-point outbreak in DeFi and a uniform distribution in other aspects.

Therefore, the security situation of DeFi this month is still the focus of the entire blockchain ecosystem. In response to various security incidents in DeFi, Chengdu Lianan hereby appeals that major project parties should carefully check the project's own situation before going online, regularly do daily security audits and security reinforcement work, and timely repair potential loopholes to avoid huge losses.

At the same time, it should be noted that "flash loan attack" seems to have become a high-frequency vocabulary in typical security incidents in DeFi this month. It is not difficult to see that in most security incidents in the DeFi ecosystem, the "title" of flash loan attacks seems to have become a standard configuration. Therefore, in the face of the severe test of flash loan attacks, Chengdu Lianan recommends that major project parties use the power of third-party security companies to strengthen the security detection and verification of multiple technologies to prevent flash loan attacks before they happen.