According to Chengdu Lianan [Lianbian-Blockchain Security Situational Awareness Platform (Beosin-Eagle Eye)] security public opinion monitoring data show that in May 2021, according to incomplete statistics, the typical security incidents that occurred in the entire blockchain ecosystem exceeded 32 cases, the overall safety risk rating is [high]. This month, although the typical security incidents in other areas have eased, [DeFi] has become the "hardest hit area" with frequent typical security incidents, requiring high vigilance; Binance Smart Chain (BSC) bears the brunt of hackers launching flash loan attacks The "main battlefield".
A number of projects on the BSC chain concentrated "thunderstorms" in May, which is called "Black May" in the industry, and this is also the month with the highest frequency of attacks and the largest losses in the history of DeFi. According to preliminary statistics, the resulting economic losses amounted to about 300 million US dollars. The frequent occurrence of typical security incidents has also directly triggered a flash crash in the prices of various virtual assets. This May is an unprecedented "dark" month for investors, project parties, and even the entire DeFi ecosystem.
secondary title
In terms of exchanges, a total of "1" typical security incidents occurred
01
secondary title
In terms of DeFi, a total of "14" typical security incidents occurred
01
On May 2, the DeFi project Spartan suffered a flash loan attack, resulting in a loss of $30 million.
02
On May 7, ValueDeFi was hacked, and some pools and products of IRONFinance were attacked, resulting in the possible exhaustion of STEELLP tokens.
03
DeFi yield aggregator RariCapital was hacked, resulting in the loss of over $14.71 million worth of ETH.
04
The DeFi protocol xToken suffered a flash loan attack, resulting in a loss of $24.5 million.
05
On May 16, bEarn Fi was attacked, resulting in a loss of nearly $11 million.
06
On May 19, BSC's largest lending platform, VENUS, experienced a large amount of liquidation. At present, more than 100 million US dollars of bad debts have been caused to the Venus platform.
07
On May 20, the DeFi income aggregator PancakeBunny was attacked by a flash loan and lost about $45 million in WBNB and BUNNY.
08
The on-chain options protocol FinNexus is suspected of being attacked. As a result, hackers minted 323 million FNX worth $6 million on Ethereum through a certain address, and minted 60 million FNX worth $1.6 million on BSC.
09
Bogged Finance officially stated that hackers have carried out a flash loan attack on the BOG token contract, and transaction fees have been disabled.
10
AutoSharkFinance was attacked by flash loans, and the currency price experienced a flash crash, with a drop of more than 99%.
11
Merlin was suspected of being attacked. It is reported that the project party seems to have temporarily suspended the minting of MERL tokens.
12
BurgerSwap was suspected of being attacked by a flash loan, and about $3.3 million in Burger was stolen.
13
On May 28, JulSwap was attacked by flash loans, and $JULB fell by more than 95% in a short period of time.
14
Beosin Comments:
Beosin Comments:
Projects on the BSC chain experienced frequent "thunderstorms" in May and suffered heavy losses, which is enough to sound the alarm for BSC, DeFi, and even the entire blockchain ecology. By reviewing the commonality of various typical security incidents, it is not difficult to find that "flash loan attack" is the most important attack method adopted by hackers; and the amount of attack is generally large, and the loss amount of at least 6 projects has exceeded 10 million US dollars .
secondary title
In terms of scams running away/encryption scams, there were a total of "7" typical security incidents
01
The GEC environmental currency has been expelled and investigated by the local government many times. After the price of the currency plummeted this time, it was once again exposed to be suspected of pyramid schemes.
02
Scam team scammed $100,000 in virtual assets at SNL (Saturday Night Live) event.
03
There are people posing as members of the Coingecko team to deceive crypto project parties, claiming that they can list tokens on the Coingecko platform for a fee.
04
OnePlus co-founder Carl Pei's Twitter account has been hacked and used to promote a crypto scam.
05
The official YouTube account of the Spanish Civil Guard has been taken over by XRP scammers in what appears to be a spear-phishing attack. The name of the account was changed to "Ripple - XRP Foundation" and all content was removed.
06
The U.S. Office of the Comptroller of the Currency (OCC) issued a warning about recent crypto scam emails, saying that no such messages were sent and no funds were held for personal gain.
07
secondary title
Beosin Comments:
secondary title
In terms of ransomware/mining Trojans, there were "3" typical security incidents
01
Cybersecurity software company Trend Micro has discovered a new malware called Panda. Crypto wallets have become as much a target of online theft as bank accounts, researchers say.
02
Colonial Pipeline paid nearly $5 million in ransom to hackers on Friday, following previous reports that the company was unwilling to pay hackers to help restore U.S. pipeline operations.
03
secondary title
In other respects, a total of "7" typical security incidents occurred
01
The ITO contract of Mask Network was attacked by robots, and the official has blacklisted the address.
02
On May 6, Hpool officially stated that the front-end of the official website suffered a DDOS attack and could not be accessed normally for the time being, but it did not affect the mining service.
03
FeiProtocol development team FeiLabs discovered and disclosed a contract vulnerability and immediately suspended the contract. The vulnerability is currently unexploited and does not affect any users.
04
Kyrgyzstan’s National Security Council (GKNB) cracked down on illegal mining operations in the capital, Bishkek, and Chui Region, and raided and seized 2,000 illegal virtual asset mining equipment.
05
British police raided a warehouse near Birmingham and found it to be a sizeable bitcoin mine. The bitcoin mining machine is powered by electricity that was illegally separated from the mains power supply, and the equipment has been seized by the police.
06
A California man who pleaded guilty to operating an unlicensed money transmission business, money laundering and failing to maintain an effective anti-money laundering program was confiscated by the United States in approximately $1.25 million worth of Bitcoin (18.4) and Ethereum (222.5).
07
secondary title
In view of the current security situation of blockchain ecology, "Chengdu Lianan" summarizes here:
Overall, the typical security incidents in May increased significantly compared with April. The total number of incidents exceeded the "30" mark, and the overall security risk rose sharply from [low] to [high]. Especially in [DeFi], a series of hacker attacks, frequent security incidents, and over $300 million in capital losses have undoubtedly dealt a catastrophic blow to the security order of the entire DeFi ecosystem.
Under the severe situation, the security team of Chengdu Beosin (Beosin) noticed that after Pancakebunny was attacked by flash loan, the counterfeit disks on its BSC chain such as Merlin and AutoSharkFinance also "fallen", which is enough to show that the FORK project did not properly The original project has a deep understanding, and new security risks are also introduced in the process of updating the code.
As an innovative financial model, DeFi needs to find a balance between "innovation" and "security", and how to achieve balance and parallelism requires the majority of DeFi project developers to reflect deeply. Here, we suggest that the majority of project parties remember to do a good job in relevant security protection construction, and conduct real-time monitoring of abnormal operations, find out immediately, and solve them immediately! As a user, you should also enhance your own security awareness, prevent security risks, and avoid economic losses.
IOS
Android