Q4 Losing over $700 million due to the crypto security situation, how can parties and users prevent and manage the risk?

星球日报 view 10423 2021-12-22 09:11
share to
Scan QR code with WeChat

As 2021 draws to a close by the end of the year, we plan to address emerging climate threats occurring this year in the blockchain arena. $610 million. It is also the biggest attack in DeFi history.

The month with the most security incidents was May (mainly by BSC, lost over $300 million), August (excluding Poly Network hack, attacks on Japanese liquid gold company, lost between 91, $35 million) and 10 months, here, December.

The fourth quarter is also the most anticipated season this year. Incomplete data shows there were more than 40 security incidents in the fourth quarter, resulting in a loss of more than $700 million across various operations and types.O'Daily Planet Daily set a monthly safety milestone in the fourth quarter, picking out a few cases with significant losses and revealing them more, and exposing the risks to people and participants.

​Q4因加密安全事故损失超7亿美元 项目方和用户该如何防控风险?

​Q4因加密安全事故损失超7亿美元 项目方和用户该如何防控风险?

​Q4因加密安全事故损失超7亿美元 项目方和用户该如何防控风险?

Identifying 9 security scenarios when it comes to encryption failure

On Dec. 5, BitMart Founder and CEO Sheldon Xia tweeted that two major crimes involving gold wallets had been uncovered and hackers had deducted around $150 million from the cost of the assets. On the 6th, Sheldon Xia revealed that the crime mainly consisted of stealing a personal key from two gold purses. Other BitMart tools are safe and painless. BitMart will use its money to create data and reward its users.

On October 27, DeFi's Cream Money lending program came under attack again, costing over $130 million. Most tokens are Cream LP tokens and other ERC-20 tokens. PeckShield found a large loan used to counter this attack. (Cream Finance suffered a total of five strikes in 2021, with a total loss of around $200 million.)

On October 30, the listed company BXH went bankrupt on the BSC channel, with more than $130 million stolen. The effective address of the main hacker (BSC: 0x4…d79) is to convert 4000 ETH from the BSC chain to the ETH chain, then the address (1Jw saw

On December 3, the decentralized Badger DAO sought $120.3 million in damages, including approximately 2,100 BTC and 151 ETH. BadgerDAO said the Dec. 2 phishing incident was caused by a "bad move" by Cloudflare, the application platform running on the Badger cloud network. Hackers use hacked API keys developed without the knowledge or approval of Badger engineers to regularly inject malicious numbers that affect certain users.

On November 26, Compound was attacked by Oracle machines, removing $90 million in assets. The large-scale liquidation of the compound occurred as the DAI price of Coinbase Pro, an Oracle source, fluctuated wildly, a typical Oracle attack that manipulates the database Oracle relied on to defraud the price by not much time. -Slope.

According to Summit AscendEX internal security data released on December 12, some ERC-20, BSC, and Polygon tokens were shipped separately from the wallet exchange, and the cooling of AscendEX wallets is not affected by the situation. Security firm PeckShield Inc. tweeted that AscendEX estimates the total loss at $77.7 million (Ethereum $60 million, BSC $9.2 million, Polygon $8.5 million).

On Nov. 30, it was confirmed that automated trading protocol MonoX had been attacked against the Flash Loan, which depleted Polygon and Ethereum liquids, generating approximately $31 million in revenue.

On November 11, the USDM team used Convex to challenge the management of the Curve, which could cost more than $30 million.

On Oct. 15, negative earnings as pegged finance struggled and related institutions included DEFI5 and CC10. Discord's board said the damage was estimated at $16 million.

Details of previous experience

If you look at the methods of counterattacks, most of them are DeFi systems such as medium exchanges and DEXs due to the disadvantages of wallet, loan counter and phishing issues.

As a working organization, in addition to strengthening budgets and investments in security (such as operations and financial systems) and accepting a wide range of assessments, the design has risk management or disaster recovery (such as insurance, free headset coverage, etc.), to some extent It may also be responsible for "improving reliability".

As a first-time user, it is better to understand the average of some simple operations (like recovery) and to be careful and evaluate the operations that are very attractive. If you don't have coding skills, we recommend reading the operations review data provided by leading security companies. This generally creates a risk profile and bypasses the accuracy and timeliness of the report. Project parties and auditing agencies. , I also show a small tool here. DeFiYield's DeFi Information Scanner allows you to search and request scanned information by program name, currency, address, or search policy.

Another thing to keep in mind in the age of the Internet is to be aware of the dangers of phishing scams, fraudulent communications and evasions. Pay close attention to the latest advancements in affiliate programs, check daily newsletters (home office, Twitter, etc.) or communities (Discord, TG, etc.), and if there are any technological changes, upgrades, interventions. , negative warning or disclosure of the situation, you can be the first to know and do it.

Finally, if the project you are working on is unfortunately hired, do not rely on the advice of illegal workers and do not fall into fear. We provide a plan.

btcfans公众号

Scan QR code with WeChat

Disclaimer:

Previous: The Twitter founder made KOL unhappy with the crypto industry with tweets criticizing Web3 and crypto-VCs. Next: Everyone sees Web3 Where are we?

Related