Soteria July Update

Recent security incidents

Security this month focused on the two areas of DeFi and the bureau. In addition, there were terrorist attacks in the software security incident, and the losses in this area were huge.

Two typical security incidents occurred on the exchange

1. A former employee of Cryptopia, a New Zealand cryptocurrency exchange, stole more than $170,000 in cryptocurrency.

2. The actual owner of Bithumb, South Korea’s largest cryptocurrency exchange, was handed over to trial on charges of fraud of 100 billion won.

Eleven security incidents occurred on DeFi

1. DeFiPie, the lending protocol on Ethereum and Binance’s smart chain, was attacked by hackers. The official recommends liquidity providers withdraw liquidity as soon as possible.

2. Due to the vulnerability of the ChainSwap smart contract, it was attacked by hackers and 2.9 million RAIs were stolen.

3. On July 11, Anyswap, a decentralized cross-chain transaction protocol, was attacked and lost approximately US$8 million.

4. There are a large number of loopholes in the BSC ecological Rabbit Finance code, which is suspected of running away.

5. Aperocket.finance suffered a lightning loan attack, and the token Space plummeted by 75%.

6. The Polygon Space Token (pSPACE) of the Polygon platform suffered a lightning loan attack.

7. Digital collectibles market platform Bondly Finance (BONDLY) was attacked by an unknown party, and users are advised to stop trading BONDLY tokens.

8. THORChain (RUNE), a decentralized cross-chain transaction protocol, was attacked and lost approximately US$25 million.

9. The Polygon version of the DeFi revenue aggregator PancakeBunny was attacked by outsiders.

10. DeFi project array finance is suspected of being attacked by lightning loans.

11. The profit farming agreement PolyYeld Finance was attacked, causing the price of YELD tokens to go directly to zero.

Eleven security incidents occurred in fraud/encryption scams

1. South Korean authorities investigated 33 people for illegal crypto transactions worth 1.48 billion U.S. dollars.

2. The president of Brazilian financial management company Bitcoin Banco Group was arrested by the police on suspicion of $300 million in crypto-asset fraud.

3. The U.S. SEC filed fraud charges against Teledyne CEO Aron Govil. The company’s application claims to provide encrypted transactions without encryption.

4. Hackers took control of Techy’s technology channel and used the name of Cardano founder Charles Hoskinson to promote a “free token distribution scam.”

5. Synthetic asset agreement XCarnival was launched on CoinMarketCap (CMC) in July. Someone pretended to be the XCarnival project party to post false contract address information to induce everyone to buy tokens.

6. Circle, the issuer of the US dollar stablecoin USDC, lost US$2 million due to email fraud.

7. FaZe Clan, an e-sports organization, is suspected of cryptocurrency fraud. The team has fired one member and suspended the qualifications of three members.

8. Criminals impersonate CryptoArt.Ai staff, build Telegram groups illegally, spread false information, and induce users to commit fraud.

9. The security company Lookout discovered an encrypted mining scam using hundreds of Android apps.

10. Criminals used Chia’s logo and company information on the Stellar network to create a token called Chia and tried to impersonate Chia’s official product.

11. The four behind the “Oz Project” were arrested on suspicion of committing USD 55 million in crypto investment fraud. According to local media reports, the number of victims ranged from 10,000 to 20,000.

Two security incidents occurred in the area of ransomware/mining Trojans

1. Saudi Aramco’s 1TB of company data was illegally accessed. Hackers demanded US$50 million as compensation for deleting the data and demanded payment in cryptocurrency.

2. The hacker organization REvil attacked at least 200 U.S. companies and demanded that these companies use Monero to pay a ransom of approximately $45,000.

Ten typical security incidents occurred in other areas

1. The DEX trading tool DEXTools (DEXT) was recently hacked, and some DEXT holders were affected.

2. Police in George Town, Malaysia seized 149 illegal cryptocurrency mining machines.

3. The Bitcoin Cash fork BSV network has suffered malicious attacks. Attackers have recently reorganized the BSV network several times to carry out double-spending attacks.

4. Four men were arrested by Hong Kong authorities on suspicion of using virtual currency to launder HK$1.2 billion.

5. Covid-19 vaccines and fraudulent vaccine certificates appeared on the dark web, and BTC payments were accepted.

6. The Bitcoin wallet used by the New Zealand police for money laundering investigations was hacked.

7. Bitcoin.org suffered a large-scale DDoS attack and was blackmailed for Bitcoin.

8. The NFT project Axie Infinity was attacked by DDoS.

9. OptionRoom stolen 12.3 million ROOM tokens and decided to remove liquidity from Uniswap and Pancakeswap.

10. The Bitcoin trading platform MTI entered the final liquidation stage, and another $268 million worth of Bitcoin was tracked.

Soteria delivery

Soteria launched Marshmallow DeFi and Thunderswap insurance this month.

Here is a general overview of some of the new features of the update:

1. Page URI paths optimization.

2. Optimized some animations when loading UI components.

3. Fixed some bugs and enhanced a few features, including accounts window, pictures placeholder, front size, etc.