OKLink, as your first line of defense, provides access to over 40 top blockchain browsers, offering users a one-stop query entry.
Security awareness is your most powerful shield in the Web3 world and your first line of defense in protecting digital assets.
OKLink, as your first line of defense, provides access to over 40 top blockchain browsers, offering users a one-stop query entry.
At the same time, tools such as address monitoring, token authorization query, and address health are fully empowering users to navigate Web3 in a secure manner.
This month, the total cumulative losses worldwide amounted to approximately $110 million, a 42.11% decrease from March.
Official social media accounts suffered a total of 32 cases of fraud and phishing, accounting for 7.67% of the losses. These were mainly concentrated on X, Discord, and various phishing websites.
REKT and RugPull events accounted for 43.90% and 44.07% of the losses, respectively, while other security events accounted for 4.36% of the losses.
Case Analysis:
On April 19, Hedgey Finance experienced a major security vulnerability on Ethereum and Arbitrum, resulting in a loss of approximately $44.7 million. The hacker exploited a vulnerability that lacked user input validation, gaining authorization to vulnerable contracts and stealing assets from the contracts. This event became the largest REKT security incident in April.
Attack Process:
Attack Transaction: https://www.oklink.com/cn/eth/tx/0xa17fdb804728f226fcd10e78eae5247abd984e0f03301312315b89cae25aa517
1) Borrowed 1.3 million USDC from Balancer flash loan;
2) Deposited 1.3 million USDC into the ClaimCampaigns contract using createLockedCampaign();
3) Due to the lack of input validation, the ClaimCampaigns contract mistakenly authorized the malicious address for 1.3 million USDC;
4) Retrieved the deposited 1.3 million USDC through cancelCampaign(). At this point, the attacker gained authorization for 1.3 million USDC in the contract, allowing them to steal the 1.3 million USDC from the contract in subsequent attack transactions;
5) Repaid the flash loan;
https://www.oklink.com/cn/eth/tx/0x2606d459a50ca4920722a111745c2eeced1d8a01ff25ee762e22d5d4b1595739
6) Used the obtained authorization to steal 1.3 million USDC from the ClaimCampaigns contract.
Problematic Code
https://etherscan.deth.net/address/0xbc452fdc8f851d7c5b72e1fe74dfb63bb793d511
Largest RugPull Security Incident in April
On April 21, the crypto gambling platform ZKasino experienced a RugPull, resulting in a loss of approximately $33 million.
OKLink Security Tips
The losses from security incidents this month have decreased compared to the previous month, but there are still many cases of asset loss due to private key leaks. Please avoid disclosing your private keys or mnemonic phrases to anyone and do not store them by taking screenshots. Additionally, exercise caution when downloading software to prevent devices from being compromised by trojans, leading to leaks of private keys or mnemonic phrases. Maintain a skeptical attitude towards projects that claim to provide abnormally high returns and conduct thorough research on the project and team before considering investment.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
