Safety Monthly Report | A Link That Led to Huge Losses, Video Teaches You How to Prevent It
In June, the total losses across the internet amounted to approximately 210 million USD. There were a total of 31 incidents of fraud and phishing on official social media, accounting for 9.91% of the losses, a decrease of 75.69% compared to the previous period. However, security awareness must not be relaxed, as a single click can lead to irreversible losses.Author: OKLink
On June 10, the lending protocol UwU Lend on Ethereum was attacked, resulting in a total loss of $22.7 million. The attacker exploited a vulnerability in the contract related to oracle price manipulation, causing a loss of approximately $19 million, and on June 13, again took advantage of the project's governance operation error to attack, profiting $3.7 million.
Attack Process:
1) Flashloan obtained USD to manipulate SUSDE and lower its price;
2) Address 0xf19d66 deposited 19,979 WBTC, 615 million DAI, and 301 million SUSDSE into pool_2409;
3) Address 0x87ed92 deposited 318,000 ETH (approximately 1.193 billion SUSDSE) into pool_2409;
4) Address 0x87ed92 borrowed 301 million SUSDSE and transferred it to address 0xf19d66, then address 0xf19d66 used these SUSDSE to deposit into pool_2409. Address 0x87ed92 repeated this operation four times;
5) Address 0xf19d66 borrowed 319,000 ETH from address 0x87ed92, then address 0x87ed92 repeated steps 3 and 4;
6) Address 0x87ed92 withdrew 344,000 WETH from UwULend;
7) Address 0xf19d66 manipulated the SUSDSE price and liquidated the loan of address 0x87ed92;
8) Using uSUSDE as collateral, address 0x4cd6fe borrowed 3.5 million DAI and 4.2 million USDT from UwU.
Major Security Incident - Rug Pull*
On June 8, a Rugpull occurred in the zkSync ecosystem emholicECO, resulting in a loss of approximately $3.4 million.
Major Security Incident - Phishing Scam*
On June 23, a whale user suffered a phishing attack, resulting in a loss of approximately $11 million.
Major Security Incident - Private Key Leak****
On June 22, some hot wallets in BtcTurk were attacked, suspected to be related to a private key leak, causing a fund loss of *$90 million*, of which *$5.3 million* of the stolen funds were frozen and recovered.
OKLink Tips
In June, the proportion of scams and phishing incidents decreased, but we must remain vigilant. OKLink reminds everyone not to disclose your private keys or mnemonic phrases to anyone, and to maintain a skeptical attitude towards projects promising abnormally high returns. Before investing, be sure to conduct thorough research on the project and the team. Do not overlook any click, such as messages in the community, a link in a text message, or a private message link impersonating official customer service; these may hide irreversible traps.
Utilize tools like OKLink to query information about currencies and projects, and conduct thorough research. With data as the foundation, one can remain calm and build a defense line for their on-chain security.
Source video: https://youtu.be/ed7cd9j15mw
