Tag: dns hijacking

The blockchain and cryptocurrency domain continues to battle against a variety of security threats, as elucidated in the SlowMist Weekly Security Report for the period October 1 – October 7, 2023. The report sheds light on ten distinct security incidents impacting entities across the spectrum, from individual token ventures to large-scale platforms, underlining the financial toll exerted by these attacks.

Statistical Overview

Total Security Incidents: 10

Noteworthy Trend: A surge in DNS Hijacking Attacks and Discord compromises.

Severe Impact: Stars Arena bearing the brunt with a loss approximating $3,000,000.

Incident Breakdown

1. Galxe (2023-10-06): A case of unauthorized access via DNS hijacking led to the misappropriation of visitors’ funds, affecting 1,120 users, with a financial fallout of around $270,000.

2. MCT (2023-10-06): DNS domain hijacking unfolded, enabling the potential upload of private keys to a fraudulent domain. Though the loss remains undisclosed, precautionary actions were advised.

3. Fake CommEx token (2023-10-06): An orchestrated liquidity withdrawal in a rug pull scenario saw the deployer walking away with approximately $154,000.

4. Friend.tech (2023-10-05): Four users were subjected to SIM card swap attacks, resulting in a collective loss nearing $385,000.

5. Stars Arena (2023-10-05): A glaring security breach within the platform’s smart contract framework led to a heist of about $3,000,000.

6. DePay (2023-10-05): The platform endured a flash loan attack, albeit with a relatively minor loss of $827.

7. Metropolis World (2023-10-05): The compromise of the platform’s Discord server was reported, though the loss hasn’t been quantified.

8. GEMIE (2023-10-02): A hack on the Discord server led to the distribution of phishing links. The users were cautioned against interaction, with the loss yet to be specified.

9. VendX (2023-10-02): Similar to Metropolis World and GEMIE, VendX’s Discord server fell prey to compromising activities.

10. Fake EigenLayer Token (2023-10-01): An exit scam on a counterfeit token resulted in a windfall for the deployer, with losses accumulating to around $300,000.

Recommendations

In light of the persistent menace of social engineering and phishing forays, coupled with smart contract vulnerabilities, the crypto community is urged to exercise vigilance. The diverse nature of the attacks spotlighted this week emphasizes the indispensability of robust, multi-faceted security strategies. While certain entities suffered crushing financial setbacks, others showcased prompt response mechanisms to curb potential damages. The report accentuates that regular testing and updates, alongside cautious interaction with digital platforms, are cardinal in diluting security risks.