According to statistics from SlowMist, there will be 122 security incidents disclosed in the blockchain ecology in 2020: 54 of them are smart contracts and tokens, 29 are exchanges, 12 are public chains, and 12 are wallets.
How do ordinary users protect the security and privacy of encrypted assets? Please read: ” Selected Links | Essential Guide to Encrypted Indigenous People’s Security and Privacy “
Original title: “Slow Mist Review: Blockchain Security and Privacy Events in 2020”
Author: SlowMist Technology
The year 2020 will be an extraordinary year for blockchain and digital currency no matter from which perspective. We have witnessed the explosive growth of DeFi and the open financial ecosystem. We have witnessed the inclusion of the blockchain as one of the representatives of the new technology infrastructure into the “new infrastructure”. We have witnessed the launch of the central bank digital currency (CBDC) in China. At the same time, more countries and regions have begun to pay attention to and develop the blockchain. The “race” of the sexual blockchain has begun.
According to statistics from the hacked.slowmist.io (hacked.slowmist.io) of SlowMist’s blockchain , there were 122 blockchain security incidents that were disclosed in the blockchain ecology in 2020 : 54 of which were smart contract and token security incidents. There were 29 exchange security incidents, 12 public chain attacks, 12 wallet attacks, and 15 other attacks.
Accumulation of SlowMist blockchain attacks by hacked archives
With the implementation of various applications, the security problems caused by blockchain digital assets are generally on the rise. Digital currency crimes are diverse. Cases of theft, fraud, illegal fundraising, money laundering, illegal transactions on the dark web, crimes, etc. occur frequently, for various reasons. The resulting “black swan” incidents are endless. Through data statistics, we can see that there has been a significant increase in smart contract security incidents this year, and exchange attacks have also accounted for a relatively large proportion. Digital currency fraud, blackmail, and money laundering incidents occur almost every month.
SlowMist Technology will use this article to sort out the major events that have a significant impact on the blockchain security and privacy ecology in 2020, review the details for readers, and attach SlowMist views to each type of event. Although this article is only the tip of the iceberg, it is very representative. Let us use this article to get a glimpse of the “extraordinary” of the blockchain ecological world in 2020.
DApp and DeFi security incidents
bZx suffered two lightning loan attacks
On February 15th, the DeFi loan protocol bZx was attacked. The attacker completed a flash loan leverage arbitrage transaction across multiple protocols at the same time, resulting in the theft of $350,000 worth of ETH. On February 18, bZx was attacked by lightning loan again. The attacker made a profit of 2,388 ETH, or about 644,000 US dollars, by controlling the price of the oracle. (For details, please refer to: Slow Mist: DeFi protocol bZx was hacked twice )
MakerDAO liquidation mechanism is abnormal
On March 12, due to the sharp drop in the price of Ethereum, MakerDAO’s large number of mortgage debt warehouses fell below the liquidation threshold, triggering the execution of the liquidation process. The clearing bot (Keeperbot) that was supposed to be involved in the clearing process set a lower gas value and blocked the bid. A clearer (Keeper) won the auction with a 0DAI bid without competitors.
Uniswap’s ERC777 reentry risk
On April 18th, hackers took advantage of the compatibility issues of the DeFi platform Uniswap and the ERC777 standard to implement a reentry attack on Uniswap. Specifically, hackers used the tokensToSend callback function of the ERC777 standard for transfers to achieve a reentry attack when trading ETH-imBTC, and the total profit was 340,000 US dollars. (For details , please refer to: Slow Mist: Explaining Uniswap’s ERC777 reentry risk )
DeFi platform Lendf.Me suffers reentry vulnerability attack
On April 19th, the Ethereum DeFi platform Lendf.Me was attacked by a re-entry vulnerability and lost approximately $25 million. Later, the SlowMist security team assisted in recovering the stolen assets. (For details , please refer to: SlowMist : Detailed analysis of the hacked DeFi platform Lendf.Me and defense suggestions )
A vulnerability in the Hegic code of the DeFi project causes user assets to be permanently locked
On April 27th, a vulnerability in the Hegic code of the DeFi project caused user assets to be permanently locked by the user. A few hours after the project went live, an error in its code locked the platform’s smart contract worth 28,000 US dollars in user funds. Due to the vulnerability, the funds were locked in an expired contract, making it inaccessible.
Security flaw in Bancor’s new contract
On June 18th, due to the unverified safeTransferFrom () function on the new Bancor Network contract, user funds will be exhausted. The Bancor team stated: 1. A security vulnerability was discovered in the new Bancor Network v0.6 contract released two days ago; 2. After the vulnerability was discovered, the team conducted a white hat attack to transfer funds to a safe address; 3. Smart contract The review has been completed. But 135,229 dollars of funds were preemptively traded by two unknown arbitrage robots.
Balancer liquidity pool was attacked by hackers twice
On June 29, the liquidity pool of Balancer, a well-known DeFi platform, was attacked by hackers in a lightning loan attack, resulting in a loss of US$500,000. The Balancer liquidity pool was attacked by lightning loans and lost 500,000 US dollars. The two token pools STA and STONK suffered losses on Balancer. At present, the liquidity of these two token pools has been exhausted. On June 30th, hackers once again used dYdX’s lightning loan to attack the COMP trading pairs in the Balancer part of the liquid mining pool, and drew away the unclaimed COMP rewards from the pool, and made a profit of 10.8 ETH, which is approximately US$2,408. (For details, please refer to: Slow Mist: Detailed analysis of Balancer being hacked for the first time )
Vether (VETH) was hacked
On July 1, VETH suffered a hacker attack on the decentralized exchange Uniswap. The hacker stole 919,299 VETH (worth US$900,000) using only 0.9 ETH. After the attack, VETH officially stated, “The contract was used by the UX improvement placed in transferForm(). This is our fault. We will redeploy vether4 and will compensate all affected Uniswap pledgers.” (For details , please refer to: SlowMist: Analysis of VETH Contract Hacked )
Opyn put options were maliciously exploited by external participants
On August 5, on-chain options platform Opyn disclosed that its Ethereum put options were maliciously used by external participants. Opyn pointed out that all Opyn contracts except Ethereum put options are not affected by this vulnerability. The attacker doubled the use of oToken and stole the mortgage assets of the put option seller. According to Opyn statistics, a total of 371,260 USDC has been stolen so far. The Opyn team conducted a white hat hacking attack based on the Convexity Protocol and successfully recovered 439,170 USDC from the unpaid vault to further mitigate the loss. (For details , please refer to: SlowMist: Detailed analysis of Opyn contract hacked )
Vulnerabilities in the YAM contract of the DeFi project
On August 13th, the well-known Ethereum DeFi project YAM officially issued a post on Twitter indicating that there were loopholes in the contract. The price plummeted by 99% within 24 hours, resulting in the “permanent destruction” of the governance contract, and the $750,000 Curve token was locked It cannot be used. (For details, please refer to: DeFi YAM, how does a line of code evaporate hundreds of millions of dollars? )
DeFi project YFValue found vulnerabilities in YFV pledge pool
On August 25, the DeFi project YFValue (YFV) officially issued an announcement stating that the team found a loophole in the YFV pledge pool yesterday. Malicious participants used this loophole to reset the YFV timer in pledge separately, and USD 170 million of funds exist Risk of being locked in. Currently, a malicious participant is trying to blackmail the team using this vulnerability. (For details , please refer to: SlowMist: YFValue, how to lock hundreds of millions of assets in one line of code )
EOS project EMD runs off
On September 9, according to the intelligence of the slow fog area, the EOS project EMD was suspected of running away. Up to now, the project contract emeraldmine1 has transferred 780,000 USDT, 490,000 EOS, and 56,000 DFS to the account sji111111111, and 121,000 EOS has been transferred to the changenow coin laundering platform. The current total market value of the loss: US$2,468,838 = RMB 17,281,866.
DeFi liquidity mining project “Coral” was attacked
On September 10, the wRAM of the EOS ecological DeFi liquidity mining project “Coral” was attacked by hackers and lost more than 120,000 EOS.
Bantiample team smashed the plate and cashed out
On September 19, the project Bantiample team on the Binance Smart Chain has cashed out 3000 BNB to run away. The main developer of the team has deleted the Telegram account, and the project token BMAP has fallen by more than 90% in a single day.
Ethereum mining project LV Finance project runs off
On September 20th, according to the intelligence of the slow fog area, the Ethereum mining project LV Finance project was suspected to have gone away. In less than an hour, 4 million people were transferred away. The project used fake audit websites and provided false audit information to trick investors Invest and run away when the amount in the fund pool is large enough after a period of time. Currently, the project website lv.finance is no longer accessible.
SushiSwap imitation disk project GemSwap runs off
On September 26, the SushiSwap imitation project named GemSwap was exposed and LP was taken away. The query found that the project posted a tweet around 15:00 and revealed that it had been attacked by the developer of “whatitdobb”. It is understood that the project completed the liquidity migration earlier, but the developer who initiated the attack received the The relevant permission can take away the tokens in the liquidity pool. It is not yet clear the specific losses caused by this attack.
Eminence (EMN) suffered a lightning loan attack
On September 29th, Eminence (ENM), a game project just launched by the founder of yearn.finance, Andre Cronje, suffered a lightning loan attack. The hacker returned $8 million in funds to the yearn deployer contract. The official will redistribute the attacked USD 8 million.
DeFi Saver exchange vulnerability caused 310,000 DAI to be stolen
On October 8, imToken, a decentralized wallet, tweeted that users reported that 310,000 DAI had been stolen, which was related to the DeFi Saver Exchange vulnerability. DeFi Saver responded that the stolen funds are still safe and are contacting the victimized user. Up to now, all funds have been returned to the victimized users. (For details , please refer to: Slow Mist: How were 310,000 DAIs of DeFi Saver users stolen? )
Ethereum project WLEO contract was hacked
On October 11, the WLEO contract of the Ethereum project was hacked, resulting in the theft of $42,000 worth of funds. The hackers stole Ethereum from the pool of the decentralized exchange Uniswap by casting WLEO to themselves and replacing it with Ethereum.
Harvest.finance was attacked by lightning loan and was hugely arbitrage
On October 26, a user discovered that the DeFi mining project Harvest.finance was used to achieve huge arbitrage by using the lightning loan function. Harvest’s official tweet explained that the arbitrage attack originated from a huge flash loan and manipulated the price of Curve y Pool multiple times to arbitrage the price difference between fUSDT and fUSDC to make profits. (For details , please refer to: Slow Mist: Analysis of Harvest.Finance Hacked Event )
SharkTron Anonymous Developer Runs
On November 10th, Daniel Wood, an anonymous developer of the DeFi project based on the Tron blockchain and the JustSwap whitelist project SharkTron, ran away. Although the specific loss is not clear at present, Twitter users reported that 366 million to 400 million TRX were lost. (Worth about 10 million US dollars).
Akropolis contract has been repeatedly attacked
On November 13, hackers used the storage asset verification flaw of the Akropolis project to launch multiple consecutive reentry attacks on the contract, causing the Akropolis contract to issue a large number of pooltokens out of thin air without new asset injection, and then reuse it. These pooltokens withdrew DAI from the YCurve and sUSD pools, resulting in the loss of 2.03 million DAI in the project contract. (For details, please refer to: Out of nothing? DeFi protocol Akropolis reentry attack brief analysis )
Value DeFi protocol is attacked by lightning loan
On November 15, the Value DeFi protocol was attacked by a flash loan on Saturday. It is reported that the attacker borrowed 80,000 ETH from the Aave protocol and executed a lightning loan attack to carry out arbitrage between DAI and USDC. After exploiting the $7.4 million DAI, the attacker refunded $2 million to Value DeFi and retained $5.4 million. Subsequently, the Value DeFi team tweeted to confirm that its MultiStables vault was “a complex attack with a net loss of 6 million US dollars. (For details, please refer to: How to use flash loans to leverage millions of dollars from 0? Value DeFi protocol flash loan attack brief analysis )
Cheese Bank was attacked and lost $3.3 million
On November 16, Cheese Bank, a decentralized autonomous digital banking platform based on Ethereum, suffered a loss of USD 3.3 million due to a hacker attack. Hackers conducted a series of malicious lending operations on platforms such as dYdX and Uniswap by using an automatic market maker (AMM)-based oracle machine, resulting in a total loss of more than 3.3 million U.S. dollars, including USD 2 million in USDC.
OUSD suffers from lightning loan + reentry attack
On November 17, the DeFi protocol Origin Protocol stable currency OUSD was attacked. The attacker used dYdX’s lightning loan to carry out a reentry attack, resulting in the loss of 7.7 million USD worth of ETH and DAI. (For details , please refer to: Flash Loan + Re-entry Attack, OUSD Loss 7 Million USD Technical Analysis )
Pickle Finance unaudited contract vulnerability exploited
On November 22, the DeFi project Pickle Finance (Pickled Cucumber), a DeFi project that was once appreciated by V God, lost nearly US$20 million in DAI due to a hacker attack on an unaudited newly created smart contract vulnerability. (For details, please refer to: Fake money for real money, revealing the hacked process of Pickle Finance )
Compound’s price feed error caused $90 million in assets to be liquidated
On November 26, Compound’s $90 million assets were liquidated. Hongbo, the founder of Debank, said that the huge liquidation event of Compound was actually caused by the dramatic fluctuations in the DAI price of the oracle data source Coinbase Pro. By manipulating the information source that the oracle relies on, short-term price manipulation can be achieved to mislead the chain. price.
SushiSwap was attacked by liquidity providers
On November 30, according to the intelligence of the slow fog area, SushiSwap, the Ethereum AMM token exchange protocol, was attacked by liquidity providers and lost approximately $15,000. (For detailed explanation, please refer to: A brief analysis of the story of the Sushi Swap attack )
Warp Finance encounters lightning loan attack
On December 18, Warp Finance, a DeFi protocol for liquid LP token mortgage lending, suffered a lightning loan attack, and approximately US$8 million was stolen. Later, Warp Finance issued a statement regarding the lightning loan attack. It is said that lightning loan attackers can steal up to US$7.7 million worth of stablecoins, but the Warp Finance team has formulated a plan to recover approximately US$5.5 million worth of stablecoins still in the mortgage vault. The US$5.5 million will be The proportion is distributed to users who have suffered losses. (For detailed explanation, please refer to: Is it hacked by using delayed price feed? Detailed explanation of Warp Finance being hacked )
Cover contract vulnerability was hacked
Twitter netizens stated that Cover Protocol lost $3 million due to a loophole in the award contract. In addition, data on the chain shows that attackers (0xf05Ca…943DF) have used the Cover contract to issue a total of about 10,000 COVER, and have replaced them with assets such as WBTC and DAI. The latter block explorer showed that the attacker (address label Grap Finance: Deployer) who made a profit of 3 million US dollars by issuing additional cover returned 4350 ETH to the address label YieldFarming.insure: Deployer. Cover Protocol officially tweeted announcing that it will provide a new COVER token based on the snapshot before the vulnerability was abused. And the 4350 ETH returned by the attacker will also be returned to the LP token holder through the snapshot process. (For detailed explanation, please refer to: A tragedy caused by the storage state-a brief analysis of the Cover protocol being hacked )
Slow fog view
Due to the popularity of DeFi projects, phishing attacks against DeFi projects have become more frequent and more advanced. Investors should pay attention to project risks when investing in projects, pay attention to whether the smart contracts used by the platform are open source, whether the platform itself has security audits, and whether there are problems with smart contracts. At the same time, any DeFi project should be fully approved by a professional security team before going online. audit.
Exchange security incident
Altsbit exchange closed after attack
On February 5th, the Italian cryptocurrency exchange Altsbit’s server storing the private keys of the hot wallet was hacked, resulting in the loss of 6.929 bitcoins, 23 ETH, and other amounts of cryptocurrencies. The exchange subsequently announced its closure on May 8. .
VBITEX exchange was hacked
On February 17, the VBITEX trading platform announced that it was hacked, causing platform data to be maliciously tampered with and virtual assets stolen.
Cryptocurrency exchange Bisq stolen
On April 9th, the cryptocurrency exchange Bisq was stolen. The attacker used a flaw in the Bisq transaction protocol to steal transaction funds for a single transaction. The 7 victims lost a total of 3 BTC and 4,000 XMR.
LMEX Stock Exchange was hacked
On May 27, the LMEX Stock Exchange’s community issued a notice on the adjustment of exchange operations, stating that the platform was hacked and stolen and lost 150,000 USDT, which made the platform not low in debt. The deposit and withdrawal have been closed.
Cryptocurrency exchange Cashaa stolen
On July 12, the British cryptocurrency exchange Cashaa stated that hackers had stolen more than 336 bitcoins from one of the wallets. Currently, the exchange has stopped all crypto-related transactions.
Spanish cryptocurrency payment app 2gether stolen
On July 31, the Spanish cryptocurrency payment application 2gether announced that it had stolen US$1.4 million by hackers.
Darknet market Empire Market closed operations after fraudulently obtaining funds
On August 30, Empire Market, a well-known dark web market, was closed for operation. When it exited, the site defrauded 1.3 million users of approximately 2638 bitcoins, worth nearly 30 million U.S. dollars.
Some hot wallets of European exchange ETERBASE were stolen
On September 8, the European crypto exchange ETERBASE encountered a hacker attack, resulting in the theft of some hot wallets, including BTC, ETH and ERC-20 tokens, XRP, TRX, XTZ and ALGO. Lost more than $5 million in assets. Among them, ETH and ERC-20 token addresses lost the most funds, reaching about 3.9 million U.S. dollars, followed by XTZ addresses with a loss of about 471,000 U.S. dollars.
Kucoin exchange was hacked
On September 26, the Kucoin exchange was hacked and a large number of ETH and ERC20 tokens were transferred, including 11,486 Ethereum, 19,788,586 USDT, 525,405 Gladius (GLA), 77,874 Hawala (HAT), 21,660,274 Ocean Token (OCEAN), 8,893,428 Chroma (CHR), 30,452,178 Ampleforth (AMPL), 198,678,919 Ankr Network (ANKR), etc. Since then, the hacker’s runaway funds have been jointly blocked by various major exchanges.
Liquid data breach
Mike Kayamori, CEO of the cryptocurrency exchange Liquid, posted a notice on the official website that a data leakage security incident occurred on the exchange on November 13. A domain hosting provider that manages a core domain name mistakenly transferred control of the account and domain name to a malicious intruder, allowing it to change DNS records, thereby controlling a large number of internal email accounts, and being able to partially damage the exchange’s Infrastructure and gain access to stored documents.
Major security breach in British exchange Exmo
On December 21st, a major security breach occurred in the British cryptocurrency exchange Exmo, which caused the platform to freeze all withdrawals. According to research analysts at The Block, Exmo appears to have lost $10.5 million in funding.
Russian trading platform Livecoin was attacked
On December 24, the Russian cryptocurrency trading platform Livecoin was hacked, and the price of tokens on the platform was manipulated.
Slow fog view
The exchange has a huge amount of funds, and it is easy to attract hacker attacks. Once a problem occurs, almost all users will be affected, and the exchange should increase prevention. Simultaneously. Hackers will also maliciously invade exchanges to make profits from data leakage. The platform should take all security measures in the early architecture design to avoid such information leakage incidents. In addition, there are some malicious behaviors that the platform party runs away from thunder. After all, humanity cannot stand the test of money.
Public chain security incident
Bitcoin Gold suffered two 51% attacks
On January 28, Bitcoin Gold encountered two 51% computing power attacks, and both recharge transactions to the exchange were cancelled, involving about 1,900 BTG and 5267 BTG, which was close to 90,000 US dollars.
Cocos-BCX mapping wallet information was stolen
On April 3, Cocos-BCX verified with the exchange and internal investigations, due to malicious theft of the mapping wallet information, there was asset loss and malicious selling. After verification and confirmation with the exchange, the total amount of tokens stolen this time is 1,087,522,819.2 COCOS, and the exchange confirmed that the total amount has been sold.
Filecoin code vulnerabilities can realize unlimited Filecoin issuance
On May 28, the pomegranate mine pool technicians discovered a serious loophole in the Filecoin code, through which Filecoin can be increased unlimitedly. The pomegranate mining pool stated that in order to prove the validity of the vulnerability, 6 Block’s three miner accounts t01043, t027999, and t0234783 have achieved 1.6 billion Filecoin issuance through the vulnerability, occupying the top three of the Filecoin rich list.
Vulnerabilities in Ravencoin (RVN) blockchain
On July 3rd, the CryptoScope team discovered a loophole in the Ravencoin (RVN) blockchain. After confirmation by the rvn chief development team, an emergency update was released. It is reported that this vulnerability can generate additional RVN, but will not affect or control existing RVN assets. Because the vulnerability caused the total RVN to be 1.5% more than the original plan, and the RVN generated by the vulnerability has already flowed into the market, it is impossible to perform operations such as rollback.
ETC suffered three large-scale attacks in a row
On August 1, Bitfly tweeted that the ETC blockchain had undergone a chain reorganization of 3693 blocks at a block height of 10904146. This causes all state construction nodes to stop synchronizing. The ETC chain did not produce blocks for nearly 6 hours, and then the block production returned to normal. On August 6, Bitfly officially tweeted that today ETC encountered another large-scale 51% attack. The attack has resulted in the reorganization of more than 4000 blocks. The report shows that the initiator of the attack and the initiator of the first attack were the same miner. The attackers profited at least $1.68 million from this attack. On August 30th, Bitfly officially tweeted that today ETC encountered another large-scale 51% attack, which resulted in the reorganization of more than 7,000 blocks, which is equivalent to about two days of mining time. All lost blocks will be removed from the unexpired balance and it will check all payouts to find lost transactions.
Chainlink node operator was attacked by spam
On September 5th, nine Chainlink node operators suffered a so-called “spam attack”. The attackers obtained approximately 700 ETH from their “hot wallet”.
Grin network was 51% attacked
On November 10th, the Grin network recently suffered a 51% attack. An unknown entity controlled more than 57% of network computing power on Saturday.
Aeternity (AE) was 51% attacked
On December 8, Aeternity’s official Twitter confirmed that Aeternity (AE) was attacked by a hacker 51% yesterday. According to core members of the Aeternity community, the 51% attack caused a loss of more than 39 million AE tokens. The official team is To solve the problem, the main damages are exchanges and mining pools. Exchanges are concentrated in OKEx, Gate, and Binance.
Slow fog view
A loophole in the public chain will affect the entire chain, so the public chain must undergo professional security audits before going online. It is recommended that the public chain team cooperate with a credible and professional security team to deploy security recommendations tailored to local conditions to enhance the security dimension.
Wallet security incident
Electrum has encountered many phishing attacks
On January 19, Electrum suffered a “phishing” currency steal. On August 30th, GitHub user “1400 BitcoinStolen” stated that his huge amount of Bitcoin money disappeared in a hacker attack. The user used the Bitcoin wallet Electrum software. The user has not updated the software safely, so when he transferred Bitcoin Prompt to update and fix potential problems, but when he operated according to the prompts, the software used a loophole to connect to the hacker’s server, and 1,400 bitcoins (worth 16 million US dollars) were deposited into the hacker’s wallet. On October 12, An investigation by ZDNet revealed that hackers stole $22 million from users of Bitcoin wallet Electrum by enticing users to install fake software updates. This technique appeared as high as 2018. Since the attack was first discovered two years ago, The Electrum team has taken some measures to prevent this kind of attack. But this kind of attack still applies to users using older versions of the application.
Vulnerability in Trinity, the official IOTA wallet app
On February 12, hackers used a vulnerability in Trinity, the official IOTA wallet application, to steal funds, and the official announced the closure of the entire network.
EtherCrash cold wallet stolen
On October 30th, AlonGal, the chief technology officer of the cybercrime intelligence company HudsonRock, tweeted that on October 27th, the self-proclaimed “Ethereum’s most mature and largest gambling game” EtherCrash” cold wallet was stolen, with a loss of approximately US$2.5 million, suspected By insiders.
Ledger data breach
On December 21, a database containing personal information of more than 270,000 Ledger customers was leaked on RaidForums. The leaked information included the emails, physical addresses, and phone numbers of Ledger hardware wallet purchasers. RaidForums is a marketplace for buying, selling, sharing and sharing hacked information. The leaked Ledger information was caused by a data breach in June this year and contained emails from more than 1 million Ledger customers. Ledger CEO subsequently stated that it would not provide compensation to users who suffered data breaches.
Slow fog view
When choosing a wallet, users try to choose an internationally well-known, first-class wallet, and pay attention to whether the code of the wallet App is open source, whether the code has been security audited, whether there is a CSO or security leader in the team, all of which may affect the continuous iteration and upgrade of the wallet Is the safety in the process guaranteed? At the same time, as a user, you must download the App from the official website of the wallet to avoid mistakenly entering the phishing website to download the wallet App with the backdoor implanted.
Other types of security incidents
SIM card hacked and stolen
On February 22, Josh Jones, the founder of Bitcoin Builder and the second largest creditor of Mt.Gox, was hacked, resulting in the theft of digital currency worth $45,000,000.
Trident Crypto Fund was attacked resulting in data breach
On March 5, the Trident Crypto Fund, a crypto fund, was attacked by hackers, and the data of 266,000 users were leaked.
Cryptocurrency mining organization BitClub Network Telecom fraud
On July 10, according to an announcement issued by the Federal Attorney’s Office in New Jersey, the programmer Silviu Catalin Balaci admitted to participating in the establishment of the cryptocurrency mining organization BitClub Network, conducting telecom fraud and selling unregistered securities. Balaci confirmed that in the five years of the implementation of the plan, BitClub defrauded investors of at least $722 million in Bitcoin.
Multiple Twitter accounts were hacked
In the early morning of July 16, the Twitter accounts of many celebrities and dignitaries and some companies were hacked. These Twitter accounts all released information about digital currency phishing scams. However, these phishing messages were deleted a few minutes after being posted. So far, the scammers have received a total of 12.86 bitcoins.
CWT was hijacked and agreed to pay Bitcoin
On August 1, CWT, the fifth largest travel company in the United States, agreed to pay $4.5 million worth of bitcoin to hackers who hijacked its computer system.
Israeli manufacturer of wireless chips and camera sensors was attacked by ransomware
On September 7, hackers carried out a ransomware attack on Tower Semiconductor Ltd (TSEM), a manufacturer of wireless chips and camera sensors listed on the Israeli Nasdaq, and demanded a ransom of hundreds of thousands of dollars in Bitcoin. For safety reasons, TSEM shut down some running servers and suspended production in some factories.
Foxconn attacked by ransomware
On December 8, Foxconn was attacked by ransomware, which temporarily caused problems in its production facilities in Mexico and caused data theft. In response, Foxconn responded that its factories in the Americas have indeed been attacked by cyber ransomware recently. At present, its internal information security team has completed software and operating system security updates, while improving the level of information security protection. At the same time, the affected factories are restoring the network, which has little impact on the group’s overall operations.
The personal address of the founder of DeFi insurance agreement Nexus Mutual was attacked
On December 14, DeFi insurance agreement Nexus Mutual stated on Twitter that the personal address of its founder Hugh Karp was attacked by a platform user, stolen 370,000 NXM, and lost more than 8 million US dollars. Officials stated that this was a targeted attack. Only Karp’s address was affected, and Nexus Mutual or other members had no subsequent risks. According to the official, Karp used a hardware wallet. The attacker obtained remote access to his computer and modified the wallet plug-in MetaMask to trick him into signing the transaction and transferring the funds to the attacker’s own address.
OneCoin cryptocurrency Ponzi scheme
On December 14, the Procuratorate of Cordoba, Argentina prosecuted 12 scammers involved in the OneCoin cryptocurrency Ponzi scheme and ordered their arrests last Thursday. Eight of them have been arrested. It was previously reported that the OneCoin Ponzi scheme caused related investors to suffer a total of US$4.4 billion in financial losses from their investment in the project from April 2014 to March 2018.
Slow fog view
Recently, the market has become hot, followed by an endless stream of blackmail, fraud, pyramid schemes, and phishing incidents. The situation of various types of attacks on platforms or individuals is grim, and a large number of individuals have lost millions to tens of millions of dollars at present! Please be more vigilant, strengthen your own security awareness, be sure to enable secondary authentication (SMS or GA, email verification code is not recommended), and keep all types of private information carefully.
2020 is a year of ups and downs. The black swan of the epidemic, Bitcoin recovered from the trough of the 3.12 incident and recently rose to near historical highs, and the liquidity mining DeFi boomed and quickly landed. Blockchain is not only unknown, but also full of possibilities. I hope that the new year of blockchain will burst with greater energy and create a more diversified industry. SlowMist will also live up to your expectations and continue to escort the ecological safety of the blockchain!
