H1 2023 Web3 Security Statistics

🚨Total losses from hacks, phishing scams, and rug pulls in Web3 reached $655.61 million in the first half of 2023.

Among them,
108 attacks -> $471.43M
Phishing scams -> $108M
110 rug pulls -> $75.87M https://t.co/8Q9kmDETfQtwitter.com/i/web/status/1…
2/ The total loss from hacks in Web3 has significantly decreased compared to last year.

In H1 2022, the total loss from attacks was ~$1.91 billion, and in H2 2022, it was about $1.69 billion, while in H1 2023, this value dropped to $470 million.

Last month, Beosin security researchers have discovered a high-risk vulnerability CVE-2023–33252 in the library of SnarkJS (version 0.6.11 and earlier).

The high-risk vulnerability that allowing double-spending has now been fixed by Circom. It has a severity score of 7.5 in the… twitter.com/i/web/status/1… 2/ Circom is a zero-knowledge proof circuit compiler developed in Rust. The team behind Circom has also developed the SnarkJS library, which supports various functionalities, including trusted setups, generation and verification of zero-knowledge proofs.

Swaprum on Arbitrum rugged for ~$3M.

The deployer of Swaprum used the add() backdoor function to steal LP tokens staked by users, then removed liquidity from the pool for profit.

One tx:
arbiscan.io/tx/0x36fef881f… 2/ The project has upgraded the the normal liquidity collateral reward contract to a contract containing backdoor functions.

arbiscan.io/address/0x9980…

arbiscan.io/address/0xcb65…

On Apr 15th, @HundredFinance was exploited for over $7M on #Optimism.
Hundred Finance was also a victim of a reentrancy attack on Mar 2022.
Txs:
0x15096dc6a59cff26e0bd22eaf7e3a60125dcec687580383488b7b5dd2aceea93
0x6e9ebcdebbabda04fa9f2e3bc21ea8b2e4fb4bf4f4670cb8483e2f0b2604f451 2/ The root cause is that the attacker can manipulate the exchangeRate by donating a large amount of WBTC to the hWBTC contract.
In the getAccountSnapshot function, the value of exchangeRateMantissa relies on the amount of WBTC in the contract.

Root cause: The reset of lastCalledPool is before the check. This results in an invalid check on Pool, allowing attackers to specify malicious Pool to transfer users’ funds that have approved when swap.

Example: 0xea3480f1f1d1f0b32283f8f282ce16403fe22ede35c0b71a732193e56c5c45e8 1) The attacker created the malicious pool contract 30 days ago.
2) The swap is performed by calling SushiSwap's router function processRoute, specifying the malicious contract as the pool contract.

Sentiment protocol was under an attack with a loss of ~$1 million caused by a price error due to reentrancy.
arbiscan.io/tx/0xa9ff2b587…

https://twitter.com/sentimentxyz/status/1643319780042997763

2/ The attacker first calls the "joinPool" function of Balancer Vault to make a deposit. Then he calls "exitPool" to withdraw, during which Balancer Vault sends eth to the attacker to call the fallback function of the attack contract.

Analysis:
The hacker first targets a pool with low liquidity to see if the MEV bot will front-run the tx.
For example, the hacker tempts the bot with 0.04 WETH.
It is found that the pool is indeed monitored by the MEV bot, the bot will also use all of its funds for arbitrage.

https://twitter.com/BeosinAlert/status/1642802983175061504

On the other hand, because the MEV bot uses the attacker’s validator to produce the block, and the attacker has been trying to see if MEV uses his validator.
So here the MEV bot is verified in advance to see if it will perform and can view the bundle as a validator.

@eulerfinance Euler Finance was exploited with a ~$197M loss in multiple Txs.
34,224,863 $USDC, 849 $WBTC, 85,818 $stETH and 8,877,507 $DAI were stolen.
Take on tx to analyze:
0xc310a0affe2169d1f6feec1c63dbc7f7c62a887fa48795d327d4d2da2d6b111d 2/ The hacker first flashloaned $30M $DAI via AAVE and deposited $20M to get 19,568,124 eDAI.
Then called mint function to use the 19,568,124 eDAIs to borrow 195,681,243 eDAIs (collateral assets) and 200,000,000 dDAIs (debt assets), thus scaling up the eDAI balance to ten times.

On Feb 24, Shata Capital’s EFVault contract was exploited for $5.14M after an upgrade.
Attacker: 0xa0959536560776ef8627da14c6e8c91e2c743a0a

The attacker deposits 0.1 Ether into EFVault contract 26 days ago to get a certain number of shares. 2/ The project owner upgraded the EFVault contract by proxy before the attack.
After the EFVault contract was upgraded, the initialize function in the new implementation contract could not be called again, making it impossible to initialize the new variables.

$FDP was under a flashloan attack in bscscan.com/tx/0x09925028c…
The loss is ~$10K.
(Thanks @bbbb again) 2/ The attacker flashloans 1,363 WBNBs uses 16 of them to swap for 284631626035854 $FDP.
The FDPs are calculated by currentRate before the manipulation. Here rtotal is not reduced and neither the pair nor the attacker is a deflationary exception.

@DFXFinance was attacked for ~$4M on Nov 10, 2022. The vulnerability is similar to a CTF challenge (damnvulnerabledefi.xyz/challenges/4.h…). The key of the vulnerability lies in the combination of the flashloan business and other business of the contract. Take one tx to anlyaze:
0x52c53c5a2ae3082b8765dd5924d6ad0dc704223f6d0c98325a1b9ccd9d134ef7

The hacker first flashloaned $140,000 in $XIDRs and $95,000 in $USDC, but it seems from the token transactions that the hacker immediately repaid the flashloan, which is a bit illogical.

#Flashloan
Beosin EagleEye monitored a flashloan attack on MooCakeCTX contract. The loss is ~$140K.
There is no time restrictions on collateral and rewards, and the prevention of caller is not comprehensive enough, enabling the attacker to increase dividends via flashloan. 2/ Tx:
bscscan.com/tx/0x03d363462…

The attacker flashloaned $BUSD and swapped into vBUSD and then into $CAKE, as only $CAKE can be used as collateral in StrategySyrup. The $CTK are prepared at the same time, so that smartchef function can call a successfully performed transfer.

⚠️Team Finance exploited for $14.5M

https://twitter.com/TeamFinance_/status/1585562380591063043

The attack contract 0xCFF07C4e6aa9E2fEc04DAaF5f41d1b10f3adAdF4 exploits the vulnerability that migrate function of the LockToken contract does not properly validate _id and params, and illegally migrate $WTH, $CAW, $USDC, $TSUKA tokens from V2 to V3 liquidity pool.

Beosin EagleEye monitored a flashloan attack on $ULME with a loss of 50,646 $BUSD.

Users are advised to revoke BUSD's approval for ULME contracts and transfer out funds in time.

Attack flow🔽

bscscan.com/tx/0xdb9a13bc9… 2/ First borrow 1,000,000 BUSD via flashloan and swap for $ULME tokens through Pancakeswap. Here the attacker should have collected the list of users who approved the BUSD to the ULME contract.

#BeosinAlert #Flashloan
$PLTD suffers a price manipulation attack with a profit of 24,497 $BUSD for the hacker.
(Tx provided by @bbbb)

TX：0x8385625e9d8011f4ad5d023d64dc7985f0315b6a4be37424c7212fe4c10dafe0

Attacker’s address：0x6ded5927f2408a8d115da389b3fe538990e93c5b The attacker mainly exploits the vulnerability in the PLTD contract to reduce the balance of PLTDs in Case-LP (0x4397c7) to 1 via flashloan, and then uses the $PLTD to swap all the $BUSD into the attack contract.

#Flashloan
On July 10, @OMNI_xyz OMNI protocol suffered a reentrancy attack. The hacker made a profit of ~496 $ETH and deposited into Tornado.cash.
We take one of the attack Txs (0x05d65e0adddc5d9ccfe6cd65be4a7899ebcb6e5ec7a39787971bcc3d6ba73996) as an example: 2/ The attacker first borrowed 1,000 $WETH and 20 #Doodles via flashloan and staked NFTs with ids 720, 5251 and 7425, obtained the corresponding digital receipts and then borrowed 12.15 WETH.