In brief ⚡
Miner Token Exploited for $463.4k: ERC-X Vulnerability Leads to 87% Price Drop
DeFi Exploits Strike BSC: @particle_trade and @dualpools Suffer Losses Totalling $180k
Crypto Casino Duelbits Loses $4.6 Million in Exploit; Hacker Utilizes Asset Swaps to Obfuscate Trail
Visit QuillMonitor
Hacks and Scams⚠️
MinerCx
Amount of Loss: ~ $463k
Analysis
Miner ERC-X token, following an exploit on Feb 14, lost approximately 168.8 ETH (valued around $463.4k), leading to an 87% drop in its price.
The exploit was attributed to a vulnerability in the smart contract, specifically in the _update function, which erroneously awarded free tokens when users transferred tokens to themselves.
The attacker exploited this flaw by sending tokens to themselves in multiple transactions, causing the balance calculation to double the tokens in the attacker's account.
The Miner Team responded by announcing plans to re-audit the vulnerable contract and redeploy it after rectification. They intend to use the remaining liquidity of approximately 130 ETH for redeployment and plan to take a pre-exploit snapshot of current holders.
Additionally, the team attempted to negotiate with the attacker through an on-chain message, offering a 30% reward (~$120k) in return for returning the stolen funds, but as of now, the attacker has not responded to the offer.
Particle Trade and Dual Pool
Amount of Loss: ~ $139k and $41k
Analysis
Two DeFi protocols, @particle_trade and @dualpools, experienced exploits resulting in significant losses, approximately $139k and $41k respectively.
@particle_trade confirmed the exploit, attributing it to unchecked user input on their previously deprecated NFT contract, while asserting that their current protocol remained unaffected.
@dualpools, however, has yet to officially acknowledge the hack, despite details of the exploit being shared publicly.
The breakdown of stolen funds from the @dualpools exploit includes various cryptocurrencies such as BNB, BTCB, ETH, ADA, and BSC-USD.
Specific transaction and contract addresses associated with the @dualpools exploit have been identified and shared, providing insight into the malicious activity.
DuelBits
Amount of Loss: ~ $4.6M
Analysis
On February 13th, the crypto casino platform Duelbits experienced a significant exploit resulting in approximately $4.6 million worth of crypto assets being lost.
The exploit targeted Duelbits' wallets on both the Ethereum ($ETH) and Binance Smart Chain ($BNB) networks.
While Duelbits has not yet released an official statement regarding the hack, speculation suggests a compromised private key or loss of wallet access control as potential causes.
Stolen funds included various tokens such as USDT, APE, and SHIB, with the attacker attempting to obfuscate the trail by swapping assets from the BNB chain to Ethereum.
To overcome gas fee limitations during asset bridging, the hacker utilized the FixedFloat service for quick cryptocurrency exchanges.
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Tweets
ALPHA ALERT : I just found a cool, well articulated way to approach a codebase while auditing smart contract. 𝐒𝐨𝐮𝐫𝐜𝐞𝐬 𝐚𝐧𝐝 𝐒𝐢𝐧𝐤𝐬 This is used in Web2. They call it as Taint Analysis.
𝐇𝐨𝐰 𝐝𝐢𝐝 𝐈 𝐟𝐢𝐧𝐝 𝐚 𝐰𝐚𝐲 𝐭𝐨 𝐛𝐥𝐨𝐜𝐤 𝐭𝐡𝐞 𝐋𝐚𝐲𝐞𝐫𝐙𝐞𝐫𝐨 𝐩𝐚𝐭𝐡𝐰𝐚𝐲?
This new ERC404 hype seems to have a funny side-effect in its _transf
Every blockchain or smart contract language should be aware of the “tutorial avalanche” and do their best to trigger it.
3 mandatory checklists to go through before doing a smart contract security audit on your codebase:
GitHub Repos
uniswap-resources
Articles
6 security sins of Web3 bridges
Exchange Rate Manipulation in ERC4626 Vaults
ZK-Audit
Vulnerable Spots of Lending Protocols
Ethereum Executes Blockchain Hard Fork to Return DAO Funds
Web3 Community Spotlight🔦
Transforming Assets: Unlocking Real-World Asset Tokenization
Thanks for reading HashingBits! Share a summary of our newsletter on your social media platforms, tag us, and use the #AwareToEarn hashtag, and you could win 10 USDT as a reward! Help us build a safer Web3 ecosystem and have a chance to earn rewards and support our work.
Subscribe now