Blockchain security | 19 security incidents in March, DeFi security issues highlighted

Editor's Note: This article has been deleted without altering the author's original intention.

According to the data from the PeckShield situational awareness platform, in the past month, a total of 19 prominent security incidents occurred in the entire blockchain ecosystem. The degree of damage was rated as "intermediate", and the amount of damage reached 10 billion yuan, involving DeFi 2. 2 cases, 1 smart contract, 14 scams, etc.

DeFi security

A total of 2 DeFi security incidents occurred in March, as follows:

1) On March 12, due to the plunge in the price of Ethereum ETH, a large number of MakerDAO's mortgage bond positions fell below the liquidation threshold, which triggered the execution of the liquidation procedure. Due to the sharp increase in gas costs on the Ethereum network, MakerDAO's clearing process is completely lacking in competition. The clearing robot (Keeperbot), which should have participated in the clearing process, set a lower gas value, which caused bids to be blocked. ) The auction was won at 0 DAI without competitors.

The purpose of the MakerDAO clearing auction design is to recover the largest DAI with the least amount of collateral as much as possible. This mechanism can successfully operate under normal circumstances. However, when the Ethereum system is extremely congested, or more extreme, as long as the participation in the auction is insufficient, it is easy for malicious keepers to obtain auction items at extremely low prices. In response to the problems arising from this settlement, the MakerDAO community has also urgently discussed improvements to the settlement mechanism.

2) On March 26, Synthetix's mortgage loan clearing function was found to have loopholes. Specifically: Synthetix recently launched a contract, and users can pledge ETH to obtain sETH during a 3-month trial period. All loan functions will be started and closed for liquidation, that is, any user who owns sETH can get ETH by calling the liquidation interface. However, a flaw in the processing logic code of this interface will cause any user to directly burn the borrower's sETH assets and obtain ETH. However, since this feature is in trial period, no actual loss is caused. Currently, the loan service on Synthetix's official website is still closed.

PeckShield reviews:

As the functionality of the DeFi project becomes more and more diverse, the hidden security issues are gradually exposed. Given its close connection with user assets, the security issues of the DeFi project are very serious. Because each project is developed by a different team and has a limited understanding of the design and implementation of their respective products, integrated products are likely to encounter security issues in the process of interacting with third-party platforms, which in turn can lead to enemy suffering. PeckShield hereby recommends that before the DeFi project party goes online, they should seek a team that has conducted in-depth research on the product design of each link of DeFi to do a complete security audit to avoid potential security risks.

Exchange security

There were 2 exchange security incidents in March:

1) On March 02, the U.S. Department of Justice initiated indictments against two Chinese people named Tian Yinyin and Li Jiadong on the grounds of conspiracy to launder money and remittances without a license, and frozen all their assets. Blockchain security company PeckShield was involved in tracking research analysis for the first time, based on only 20 addresses published by the US Department of Justice to trace back, obtain evidence, and restore the ins and outs of the entire case with visual graphics.

The analysis found that the attacker tried to use Peel Chain's technical means to continuously split the assets in his hand into small assets and deposit these small assets into the exchange, as shown in the following figure:

After completing the initial money laundering operation, the attacker did not directly transfer to his own wallet, but once again used the Peel Chain method to transfer the original illegally obtained BTC in batches to the OTC exchange for cash. The attacker only separated dozens of BTC from the main account at a time and deposited it into the OTC account for cash. After dozens or hundreds of operations, the attacker successfully obfuscated and cleaned thousands of BTC.

2) The OMNI network discovered a new USDT fake recharge method: hackers adopted the issuance of other types of tokens to cause USDT to fake the USDT on the exchange or wallet. When the exchange or wallet detects the USDT recharge, the propertyid in the transaction is not verified , It will lead to false recharge situation.

PeckShield reviews:

Hackers steal assets and carry out money laundering. Regardless of how thorough and complicated the process is, they generally use exchanges as part of the cash flow channel. This undoubtedly raises the requirements for the KYC and KYT businesses of major digital asset exchanges, and exchanges should strengthen the review of AML's anti-money laundering and fund compliance direction. At the same time, for security issues such as fake recharge, the exchange should make the transfer after confirming the token name and transaction status.

Smart contract

A total of 1 smart contract security incident occurred in March and exists on the Ethereum network. Specifically: On March 24, some project parties reported that after issuing ERC20 tokens, they found that some tokens of unknown origin were transferred on the chain. After in-depth analysis, it was found that there is a backdoor for the "one-click coin issuance" third-party platform used by the project party—the bad behavior of secretly adding tokens and stealing them when the coin issuing contract was created.

PeckShield reviews:

When the project party uses a third-party service to complete the development of a smart contract, it is important to do a security test before the contract goes online.

Scam runaway

In addition to the above, there were also many fraudulent road incidents in March that deserve vigilance, such as: 1) Blockchain funds disk "Silicon Valley Block Chicken" is suspected of running away, and the amount involved may reach 10 billion yuan;

2) British couple lost 14,800 XRP due to using fake Chrome browser extensions;

3) Criminals publish virtual currency news on various chat groups, using the urgency of people's investment and financial management on the grounds of epidemic prevention and control to carry out fraud and illegal fundraising activities under the guise of virtual currencies;

4) Someone on YouTube pretends to be Ripple's CEO to sell fake giveaways of 50 million XRP tokens to trick users into putting money into similar airdrop scams.

PeckShield reviews:

Various types of security hazards are constantly emerging due to lack of user safety awareness and standard operation. Various events such as phishing attacks and frauds are typical. It is reminded that users should carefully keep all kinds of private information, any small oversight may cause irreparable loss.