Zero Hour Technology's monthly security incident highlights have begun! According to statistics from some blockchain security risk monitoring platforms, in June 2024, the amount of losses from various security incidents increased compared to May. In June, there were over 39 typical security incidents, resulting in a total loss of approximately $198 million due to hacker attacks, phishing scams, and Rug Pull, an increase of about 28.6% compared to May. This amount is the second highest monthly loss amount in 2024, with an additional $1.3 million refunded in security incidents. Among them, losses from exit scams were about $4.8 million, flash loans losses were about $23.5 million, and exploit losses were about $171.3 million.

Hacker Attacks

Typical Security Incidents: 10

(1) On June 2nd, the decentralized exchange Velocore encountered a security vulnerability, resulting in a loss of approximately $6.8 million in ETH. According to the Velocore incident analysis report, the main cause of the incident was the erroneous logic in the velocore__execute() function of the ConstantProductPool.

(2) On June 4th, NCD was attacked on BNBChain, resulting in a loss of about $20,000.

(3) On June 7th, SteamSwap (STM) was attacked on BNBChain, resulting in a loss of about $105,000.

(4) On June 7th, the major supplier of automotive aftermarket parts, Advance Auto Parts, Inc., experienced a large-scale data breach. A threat actor named "Sp1d3r" claimed responsibility for the Advance Auto Parts data breach. The threat actor also claimed to have stolen 3TB of data from the company's Snowflake cloud storage. The stolen information was reportedly being sold for $1.5 million.

(5) On June 9th, the Loopring smart wallet was compromised, with the attack exploiting a wallet with only one guardian, particularly the Loopring official guardian. The hacker initiated the recovery process, impersonated the wallet owner to reset ownership, and withdrew assets. The hacker has converted all stolen Loopring assets into Ethereum, with the address currently holding 1373 ETH, valued at over $5 million.

(6) On June 10th, the UwU protocol suffered multiple flash loan attacks by hackers, resulting in a loss of nearly $20 million. The hacker has withdrawn different assets (such as WBTC and DAI) from the pool and converted them into ETH. UwU claims to have repaid bad debts of 2,000,000 CRV, 100,000 bLUSD, and 125,000 USDT. Since the incident on June 10, 2024, a total of $11.6 million has been repaid.

(7) On June 17th, Dyson was attacked on BNBChain, resulting in a loss of about $31,000.

(8) On June 21st, the Blast ecosystem project YOLO Game's liquidity pool on Bazaar was stolen for $1.5 million, primarily due to the lack of permission checks in the "exitPool" function, allowing anyone to impersonate a liquidity provider and deplete the pool. The hacker has returned 90% of the funds.

(9) On June 23rd, the online gambling platform Sportsbet was suspected to have been attacked by the BtcTurk hacker, resulting in a loss of over $3.5 million.

(10) On June 23rd, CoinStats was attacked, with the hacker sending notifications containing phishing links through the application to users. Approximately 1,590 wallets were affected. The most affected was likely a wallet belonging to Blurr.eth, which had 3,657 MKR ($8.7 million) stolen and sold by the hacker on-chain for 2,482 ETH. This caused the price of MKR to plummet from $2,462 to $2,280, a 7% drop in a short period.

Rug Pull / Phishing Scams

Typical Security Incidents: 8

(1) On June 2nd, an address starting with 0x6435 suffered a loss of $1.58 million due to a network phishing scam.

(2) On June 5th, an address starting with 0xa38a suffered a loss of $2.12 million due to signing a permit network phishing signature.

(3) On June 6th, an address starting with 0x2ac2 suffered a loss of $368,717 due to signing a permit network phishing signature. The stolen assets were Uniswap and SushiSwap LP tokens.

(4) On June 9th, an address starting with 0x1Ea4 suffered a loss of $1.05 million worth of Pendle USD due to signing a permit network phishing signature.

(5) On June 13th, an address starting with 0x4dc suffered a loss of $249,365 due to signing a Uniswap Permit2 network phishing signature.

(6) On June 17th, an address starting with 0x107f suffered a loss of 170cbETH ($663,308) due to signing a permit network phishing signature.

(7) On June 18th, an address starting with 0x6759 suffered a loss of $445,778 due to signing a network phishing signature.

(8) On June 21st, an address starting with 0x4e9E was subjected to a network phishing attack, resulting in a loss of about $214,000.

Summary

From the analysis of the above events, it can be seen that the amount of losses increased in June compared to May, and phishing scam incidents also increased. Zero Hour Technology's security team recommends that project parties remain vigilant, conduct internal security training and permission management, and seek professional security companies for audits and background checks before launching a project.

Note:

The content of this article is collected and compiled from publicly available information.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。