Open in app

Sign in

Write

Sign in

Soteria August Update

SoteriaMutual
5 min readSep 10, 2021

Recent Security Incidents

Three typical security incidents occurred on the exchange

1. The Japanese cryptocurrency exchange Liquid released a report on the attack on a hot wallet. The unauthorized party removed a total of approximately US$91.35 million in encrypted assets from the Liquid wallet. Among them, 16.13 million US dollars of ERC-20 assets have been frozen.

2. 40 million DVPN tokens were stolen in HitBTC Bitcoin. It was stolen because HitBTC exposed its mnemonic phrase.

3. The hot wallet of the Bilaxy exchange was hacked and lost more than 21 million U.S. dollars.

Thirteen security incidents occurred on DeFi

1. BSV suffered a large-scale 51% attack, resulting in three versions of the chain being mined at the same time.

2. Wault Finance, the DeFi protocol on BSC and Polygon, was suspected of being attacked by lightning loans, and funds worth more than 800,000 US dollars flowed out through Anyswap in the form of ETH.

3. The Sorbetto Fragola product under Popsicle Finance, a cross-chain profitability improvement platform, was attacked, resulting in a loss of nearly US$20.7 million.

4. The multi-chain synthetic asset protocol Duet Protocol pioneer network Zerogoki suffered an oracle attack, and the wrong price resulted in unrecognized transactions.

5. The cross-chain protocol Poly Network was attacked, and nearly $600 million in funds on the three chains of Ethereum, BinanceChain, and Polygon were stolen.

6. Punk Protocol, a decentralized annuity protocol, recently issued a statement that it encountered an attack during the fair launch process, causing more than 8.9 million U.S. dollars in losses. The team later recovered more than 4.95 million U.S. dollars, and these funds had been transferred to a secure wallet.

7. Encrypted incubator DAO Maker may be attacked. A large number of USDC recharged by users were transferred out and replaced with about 2,261 Ethereum, worth more than 7 million U.S. dollars.

8. Neko Network, a lending protocol on the Binance Smart Chain, was attacked and all asset pools have been frozen.

9. XSURGE stated that a potential security breach in the SurgeBNB contract was discovered on August 16, local time. After the statement was released, XSURGE subsequently stated that it was under attack. The attacker stole $5 million in SurgeBNB through a backdoor vulnerability.

10. Pinecone Finance was attacked by hackers and lost approximately 3.53 million PCT tokens (approximately US$200,000).

11. The DeFi revenue aggregator Dot.Finance on the BSC chain suffered a lightning loan attack. Analysis found that the attack was a homologous attack by PancakeBunny.

12. xtokenmarket was attacked by lightning loan, and its xSNX contract vulnerability was exploited.

13. Mortgage lending platform Cream Finance suffered a lightning loan attack and lost US$18 million.

Eleven security incidents occurred in fraud/encryption fraud

1. The California man faces five years in prison for participating in a securities fraud scheme involving two crypto companies, involving millions of dollars.

2. An Israeli resident was sentenced to eight years in prison for stealing 75,000 DASH from his friend and approximately 6.8 million U.S. dollars in cryptocurrency.

3. The US Department of Justice stated that the CEO of blockchain technology company Alchemy Coin was sentenced to 6 years in prison for relieving loan fraud and ICO fraud.

4. Russian police officials are investigating one of the country’s largest Ponzi schemes involving cryptocurrencies. One of the founders was arrested, and others have reportedly left Russia. The victim’s loss may be as high as 95 million U.S. dollars.

5. Dark web drug trafficker Ryan Farace is accused of money laundering involving Bitcoin worth 136 million U.S. dollars.

6. British detectives seized a USB flash drive containing 9.5 million U.S. dollars of Ethereum (ETH), which was stolen through a cryptocurrency scam.

7. KuCoin hackers began to concentrate money transfer and money laundering. Over 430,000 USD was transferred from the KuCoin hacker address.

8. The founder of Bitcoin mixer Helix has pleaded guilty to conspiracy to launder money and is suspected of laundering more than 350,000 Bitcoins.

9. Former Manchester United midfielder Anderson is under police investigation for allegedly participating in the use of cryptocurrency to launder 4.7 million pounds.

10. Australian police are investigating drug trafficking activities on the dark web and seized a record $8.49 million in cryptocurrency at the same time.

11. Brazilian police seized $28.8 million in cryptocurrency and arrested 5 people.

Six security incidents occurred in the area of ransomware/mining Trojans

1. Polish police recently discovered illegal Bitcoin mining activities at its headquarters in Warsaw.

2. The Bolivarian National Police (PNB) seized 17 devices used to mine bitcoin in the parish of La Pastora, west of the Venezuelan capital of Caracas, on August 20. A bitcoin miner was arrested on suspicion of smuggling.

3. Spanish police seized a mine illegally mining cryptocurrency on August 20.

4. According to news on August 27, the Turkish authorities are investigating the suspected USD 119 million Dogecoin mining scam.

5. Fortune 500 and consulting firm Accenture suffered a Bitcoin ransomware attack by the hacker organization Lockbit, and data has been leaked on the dark web.

6. On August 30th, Malaysian police and local power company Sarawak Energy took a joint operation and seized 1,069 Bitcoin mining machines.

Four typical security incidents occurred in other areas

1. Hodl Hodl, a peer-to-peer bitcoin lending and trading platform, said that some users’ payment passwords may have been leaked during recent internal and external audits, and measures are currently being taken to ensure the safety of users’ funds.

2. The blockchain security company warned that it identified several token fraud phishing websites, including ShibaDrop[.]io ($SHIB); AAExchange[.]io ($AAE),; BSCTOKEN[.]IO ($BSCTOKEN); BestAir[.]io ($AIR); AirStack[.]net ($AIR); and BNBw[.]me ($BNBW). Please pay attention to prevent risks.

3. The old version of the Ethereum client Geth has a bug, and the BSC, Polygon and other chains are affected. This bug may cause double-spending attacks.

4. A Venezuelan man planned a false kidnapping case in order to steal $1.15 million worth of Bitcoin.

Soteria Delivery

This month, we uploaded Soteria’s gitbook, which introduced in detail:

1. How to become a member of soteria

2. How to use soteria to become a guarantor

3. How to use cusotom stake and quick stake

4. How to buy insurance on soteria

5. How to become an insurance assessor and conduct claims assessment

6. How to initiate a claim

7. SOTE allocation rules in Soteria

8. Insurance pricing

9. The source of the guarantor’s reward and the distribution rules

--

--

SoteriaMutual

Written by SoteriaMutual

123 Followers

DEFI protector on the BSC(#Binance Smart Chain) TG : https://t.me/SoteriaMutual

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams