The BlockSec Phalcon blockchain security system warns of a series of malicious transactions related to unverified contracts on the Binance Smart Chain, causing losses of over $600,000.
The contract was not made public, lacking slippage protection, and a fake liquidity channel was used to exploit and sell the TA Token, causing significant losses for users.
MAIN CONTENT
Detection of unverified contracts with serious security vulnerabilities on Binance Smart Chain.
The attack relies on exploiting the lack of slippage protection and fake liquidity wallets.
Users are advised to quickly revoke access to prevent further losses.
How dangerous are unverified contracts on Binance Smart Chain?
BlockSec Phalcon security experts confirm that contract 0x16d7c6f43df19778e382b7a84bcb8c763971a551 poses a significant risk due to not being open-source, making vulnerabilities hard to detect and easy to exploit.
The lack of verification for contracts means that users cannot check the details of the Smart Contract code, resulting in a high risk of losing money if unauthorized attacks occur.
In July 2024, numerous malicious transactions resulted in losses exceeding $600,000 – a testament to the serious threat facing the cryptocurrency community on BSC.
What security vulnerability created the opportunity for the attack?
The main reason is that the contract lacks slippage protection mechanisms, allowing hackers to exploit the TA Token through fake liquidity wallets.
Moreover, attackers executed transactions by transferring Tokens from fake pools to legitimate pools, causing imbalances and making illegal profits.
BlockSec Phalcon's in-depth analysis shows that comprehensive slippage protection and validating liquidity pools are essential to avoid similar money losses.
These incidents serve as a warning about the importance of thoroughly evaluating contracts before approving access and investing. Users need to act quickly to protect their assets.
– CEO of BlockSec Phalcon, July 2024
How can users protect their assets from risks posed by unverified contracts?
Users are advised to immediately revoke any access granted to unverified contracts to minimize the risk of losing Tokens.
Existing access management and wallet monitoring tools can help detect and disable contracts showing malicious signs to better protect assets.
Continuous monitoring of contracts on BSC and other blockchains is also an effective measure to detect security risks early.
Regularly checking and revoking access when suspicious is an important tool to mitigate damage caused by malicious contracts.
– Blockchain cybersecurity expert Nguyen Van Hung, 2024
Can the risk levels of unverified contracts be compared across different platforms?
Blockchain Platform Risk Level of Unverified Contracts Incident Rate in the Past 6 Months Common Security Measures Binance Smart Chain (BSC) Very High 35% Slippage check, contract verification Ethereum Average 20% Open code assessment, third-party audit Polygon Low 10% Combining audit with on-chain monitoring
Frequently Asked Questions
What is an unverified contract?
An unverified contract is a Smart Contract that has not made its source code public, reducing trust and increasing the risk of unauthorized exploitation.
What role does slippage protection play in security?
Slippage protection limits the price discrepancy when trading, preventing the exploitation of price volatility to attack the contract.
How to revoke access from unsafe contracts?
Users can use electronic wallets or access management tools to check and revoke access granted to fraudulent contracts.
Why are fake liquidity pools dangerous?
Fake pools enable attackers to manipulate Token prices, making illegal profits and causing harm to real users.
What should users do when they detect suspicious transactions?
Trading should be stopped, rights checked, and access revoked immediately to protect assets, while monitoring security alerts from experts.
Source: https://tintucbitcoin.com/hop-dong-bsc-chua-xac-thuc-bi-tan-cong/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news in the cryptocurrency market and not miss any important information!
