Soteria June Update

Recent Attacks

In June 2021, according to incomplete statistics, there were more than 36 typical security incidents in the whole blockchain ecology. Defi is still in the primary position where security incidents occur frequently, and “flash loan attack” is still the primary attack method adopted by hackers. In addition, the security situation of fraudulent runway/crypto scams is serious nowadays and should not be taken lightly.

As the DeFi ecosystem has become more prosperous, various DeFi projects have been exposed to different security risks due to their different product designs and implementations. For example, in the xWin Finance hack, the attackers exploited the vulnerabilities in the project’s “promotion tools and rewards mechanism” to launch the attack; while in the SafeDollar hack, the attackers exploited the vulnerabilities in the project contract’s collateral and calculation. In the SafeDollar hack, the attackers exploited a flaw in the logic of the program’s contract on collateral and calculation of rewards.

The following are the details of this month’s monthly safety report.

On the exchange side, there were two typical security incidents:

01．New regulations by the South Korean authorities will see trading platform staff face fines of up to 100 million won (about $90,000) and suspension of their trading licenses if they trade on their platforms.

02．The South Korean police arrested four people, including a representative of the virtual currency trading platform “V Global” and its operators, on suspicion of violating the law restricting illegal credit practices and fraud.

For DeFi, there were 11 typical security incidents.

01．PancakeHunny was hacked, and a large number of tokens were added and dumped to the market in a short period.

02．SushiSwap helped Alchemix discover a vulnerability that could siphon ALCX from their rewards contracts, so Alchemix asked SushiSwap to disable their “double mining rewards.”

03．Earnings farm EvoDefi was attacked, causing the price of its token GEN to fall 57% from $2.10 per coin to $0.90 per coin.

04．DeFi Fixed Rate Generation Protocol 88mph, Releases Fix for Serious Vulnerability in init( ) Function

05．The Alchemix alETH pool is suspected to be vulnerable, allowing users to present collateralized ETH without paying off their alETH debt. The team has now stopped collateralized lending to the pool and launched an investigation.

06．DeFi protocol Impossible Finance suspected of being attacked by flash loans.

07．Nerve-related machine gun pools in Eleven Finance, that may have been attacked by flash loans. The Nerve Finance team says the funds are safe.

08．On June 25, the DeFi protocol xWin Finance on the BSC chain was attacked by flash loans.

09．On June 28, SafeDollar was suspected to have been hacked and an unconfirmed contract drew $250,000 in USDC and USDT.

10．THORChain suffered a malicious attack which resulted in the loss of $140,000 in funds, but THORChain says that user funds will not be affected and will use the funds’ pool to cover the breached funds.

11．Gain aggregator, Merlin Lab, was hacked due to a logic flaw in MerlinStrategyAlpacaBNB, where the contract mistakenly used the WBNB transferred by the gainer as mining proceeds, causing the contract to incrementally issue more $MERL as rewards.

In terms of fraudulent runs/encryption scams, there were eight typical security incidents:

01.On June 1, two men suspected of running a scam through the Bitcoin peer-to-peer platform LocalBitcoins were detained. Nearly 36 people, as well as approximately $136,000 in virtual currency, were defrauded in the scam.

02．On June 12, Twitter users reported receiving an email from a scam team that opened a Microsoft Word logo scr file attached to it and were subsequently attacked.

03．A Nottinghamshire, England man claims to have had £200,000 (about $282,000) stolen by a fake brokerage firm in a crypto scam.

04．StableMagnet Finance, an automated market maker for stable coin exchanges on the Coin Smart chain (BSC), ran away after rolling up $22 million from users.

05．The founder of Africrypt, a virtual currency investment platform, is missing, and 69,000 bitcoins (about $2.3 billion) have been transferred from the platform.

06．On June 24, Xichang Public Security Bureau in the process of strengthening the fight against telecom network fraud crime, the first time to break up the use of virtual currency for telecom network fraud crime “money laundering” gang.

07．Europol has cracked down on the Belgian Ponzi scheme Vitae. 1.1 million euros in cash and 1.5 million euros in virtual currency were recovered by law enforcement officers during the operation.

08．A scammer posing as PlanB, a virtual currency analyst, has been tweeting about the scam, and many people have had their funds stolen.

For ransomware/mining Trojans, there were four typical security incidents:

01.The U.S. Department of Justice recently charged Latvian citizen Alla Witte with participating in an international cybercrime organization that created and deployed a suite of computer banking ransomware called Trickbot in an attempt to defraud consumers, businesses, and other organizations.

02．The United States recovered millions in virtual currency previously paid to the Colonial Pipeline ransomware hackers.

03．Andre Nogueira, CEO of Brazilian meat were processing JBS SA’s U.S. subsidiary JBS USA Holdings, said the company has paid an $11 million ransom to cybercriminals to resolve a ransomware attack.

04．The Monero malware “Crackonosh” has infected 222,000 computers.

Other aspects, a total of ‘11’ typical security incidents occurred:

01．Apple co-founder Steve Wozniak sued YouTube last July, accusing the platform of letting others use his image to post bitcoin scam videos, and the lawsuit was dismissed by a California court on Wednesday, June 3.

02．Eleven users of South Korean virtual currency exchange Upbit have filed a class-action lawsuit against its operator Dunamu Inc. seeking compensation for the loss of funds due to a suspected technical glitch.

03．The official website of the Prime Minister of Sri Lanka was compromised by an anonymous hacker group and redirected to another website called decentralized virtual currency Bitcoin.

04．SiaStats tweeted that the Sia network has been under DDoS attacks for the last 48 hours, with the biggest targets being network hosts, storage providers, and about 30% experiencing outages.

05．DeFi asset management platform Zapper tweeted that it found a vulnerability in an older version of the “Polygon Bridge” smart contract that allowed an attacker to steal unlimited approved funds.

06．A Twitter user reported higher slippage on Curve for a $1 million/ETH transaction than a $10 million/ETH transaction, suspected to be caused by a routing error. The vulnerability has now been fixed.

07．Mumbai resident Makarand Pardeep Adivirkar was arrested by India’s Narcotics Control Bureau (NCB) for what he called the “crypto king” of the country’s underground drug cycle, and Indian virtual currency exchange Wazirx said the accused was not a customer.

08．Algorithmic stablecoin protocol Malt Protocol has unveiled a plan to compensate investors affected by vulnerabilities that prevented the launch of the protocol and locked out liquidity providers.

09．A tax official named Hwang Byung-gwang was awarded the title “Outstanding Civil Servant” by the National Tax Service for his keen investigative skills that led to the recovery of up to $32 million in tax funds.

10．Security firm Fireblocks responded to the loss of $75 million worth of Ether from StakeHound, saying its incident was caused by StakeHound’s failure to use a third-party disaster recovery service to back up BLS keys as required, which was communicated in writing when the two parties agreed.

11．On June 29, Natwest Bank in the United Kingdom limited the number of money-customers, can send to virtual currency exchanges (including Cryptocurrency) each day due to concerns about investment scams and fraud.

Soteria Delivery

This month Soteria went live with insurance for TEN, JetSwap, AutoShark, and Mozart.

The following issues were fixed:

Unstake expires without a refund of SOTE.

Inability to Stake projects for new users.

Unstake cannot be performed when the number of remaining Stakes in the project is less than 40 SOTE.

Next, we will try to find a solution to the following problems in the insurance industry.

Contractors of insurance projects do not receive long-term stable insurance benefits.

Current insurance claims require an appraiser to make an assessment, and we would like to fully automate the claims process to eliminate human impact, but any current automated claims would narrow the insurance coverage.

We hope to add extra revenue to the insurance holder in some way.