ChainCatcher news, according to the on-chain options protocol Moby's post on X, in order to protect user asset security, it is recommended to revoke valid approval transactions related to the following addresses:PositionManager: 0xB03E14Eeb1a4B2F95a7e1CBe400BAec3E78d2a1FSettleManager: 0xA62027C5edc68Abc52D3a3BbDd213Fa12457320BsRewardRouterV2: 0x64e1faFA9e9d5F1a7431B886F5Fbff4052c5925dmRewardRouterV2: 0x6881E756EA3322AEAadE0267C2a7FcF2A887ee9AMoby stated that these are precautionary measures to ensure wallet security, and efforts are currently being made to restore and maintain a stable and secure environment.Previously, according to Beosin monitoring, Moby is suspected of a private key leak, with hackers modifying the execution contract to use the emergencyWithdrawERC20 function to withdraw 207 ETH, 3.7 BTC, and 1,470,191 USDC, totaling approximately 2.5 million USD.

ChainCatcher news, OKLink has officially released the 2024 Security Annual Report, which states that the cumulative losses from on-chain security incidents across the network amount to approximately $1.945 billion. The losses due to private key leaks have decreased by 65.45% compared to 2023, totaling about $305 million, which accounts for 16% of the total losses. Among these, phishing scams caused losses of $705 million, accounting for 36% of the total losses. REKT incidents and RugPull incidents caused losses of $383 million and $141 million, respectively.Mainstream public chains remain the primary targets for hacker attacks, with losses for major public chains such as BTC, ETH, and ARB reaching $744 million, $902 million, and $228 million, respectively. In 2024, OKLink continues to make efforts, providing core technical support to over 120 municipal-level units and successfully assisting in handling more than 300 cases, with a total amount involved of approximately $685 million.At the same time, OKLink also offers a variety of on-chain security tools and features, such as address monitoring and token authorization queries, helping users quickly check and manage the assets authorized to smart contracts by addresses, identify suspicious transactions and addresses, thereby preventing fraudulent transactions.

ChainCatcher message, Slow Mist's Yuxian posted on platform X stating that a well-known bot platform was discovered to have a related vulnerability by a white hat, which could lead to private key leakage. The white hat provided feedback, but it seems there was some controversy regarding the bounty for the vulnerability. The white hat is concerned that this bot platform may face risks similar to DEXX being hacked in the future, and if that happens, the investigation may trace back to the evidence he left at that time, so he seeks to clear his name.Yuxian stated that to avoid being non-neutral, it is specifically noted: the term "white hat" mentioned here does not necessarily mean a white hat, and it is not possible to verify who is right or wrong, or who is more right or less right. If this bot platform is hacked in the future, there will be some information shared by this white hat that can be used for verification.

ChainCatcher news, decentralized exchange (DEX) Clipper clarifies that there was a vulnerability in its withdrawal function, which led to a recent hack of its protocol, resulting in a loss of $450,000, rather than the "third party" claim of a private key leak.Clipper stated: "On December 1, the attacker exploited two liquidity pools, locking approximately 6% of the total value. A third party claimed there was a private key leak issue. We can confirm that this is not the case and is inconsistent with Clipper's design and security architecture. The withdrawal function in the form of a token (bundled exchange + deposit/withdrawal transactions) has been disabled."Previously, the co-founder of security company Fuzzland posted on X that Clipper was "hacked due to an API vulnerability (such as private key leakage)," adding that the API might have vulnerabilities that allowed attackers to sign deposit and withdrawal requests, stealing more funds than they deposited.

ChainCatcher news, DeBox officially announced that due to the leakage of the private key of the EOA wallet of the DeBox operational account, 31.03 ETH and 4.879 million BOX were stolen. The official emphasized that this incident is unrelated to the asset security of platform users, and the community can rest assured.The response plan includes:Stabilization Fund Buyback: The stabilization fund will be used to buy back the stolen tokens from exchanges, expected to be completed within a week.Token Distribution: All repurchased tokens will be injected into the BOX DAO asset pool, with specific uses to be decided by community voting.Account Security Upgrade: Once the DeBox App supports multi-signature login, the operational account will be migrated to a multi-signature wallet.Tracking and Accountability: A professional security company has been commissioned to conduct investigations and asset tracking, with progress updates to be provided regularly. Any recovered assets will be managed through BOX DAO voting.The DeBox team stated that they will continue to track the theft address and reserve the right to take legal action, while also committing to continue building an open, transparent, and sustainable ecosystem.Previous news, the DeBox project has dropped over 30% in the past 24 hours, with Uniswap V2 pool liquidity remaining at only $2,900, and total on-chain liquidity around $10,000.

ChainCatcher message, the DeSci project Pump Science announced this morning that its test wallet (address starting with T5j2UB) has suffered a private key leak due to negligence in the GitHub code repository. This wallet has been marked as the off-chain creator of URO and RIF tokens on the pump.fun platform, and attackers may exploit this private key to issue more tokens.The project team stated that this private key was initially used for testing purposes only, and the development team mistakenly believed it was unimportant. Pump Science reminds users that any new tokens issued by this compromised wallet, aside from URO and RIF, should be considered scams.As a result, URO is currently priced at 0.034 USDT, with a 24-hour decline of 30.55%; RIF is priced at 0.0846 USDT, with a 24-hour decline of 36%.

ChainCatcher news, on-chain detective ZachXBT posted in his personal telegram channel that: Previously, the wallets related to crypto KOL JRNY were suspected to have been transferred and sold crypto assets worth approximately 4 million dollars, indicating that the private keys of his wallet may have been compromised.

ChainCatcher message, the on-chain token trading platform DEXX is suspected to have been hacked, with multiple users in the community reporting that funds have been transferred out of the platform, possibly due to private key leakage. Currently, DEXX officials have not responded to this matter.According to community feedback, users are advised to transfer all tokens to a new on-chain wallet as soon as possible, and it is recommended not to exchange for SOL, as it will be instantly transferred away.

ChainCatcher message, according to CertiK Alert monitoring, the private key of SUNRAY·FINANCE has been leaked, and the attacker has gained ownership of SUN and ARC tokens, minted a large number of tokens, and then sold them off to drain its DEX trading pair.Currently, the attacker has stolen $2.855 million in funds.

ChainCatcher news, according to CertiK monitoring, the largest hacker losses so far in October are due to private key leaks. In the third quarter, most losses were caused by PKC and phishing. Since the beginning of this month, CertiK has recorded 3 major PKC incidents, with total losses of approximately 60 million dollars: of which Radiant Capital is about 55 million dollars, Tapioca DAO about 4.5 million dollars, and Burve Protocol about 500 thousand dollars.

ChainCatcher news, Slow Mist's Chief Information Security Officer 23pds stated on the X platform that after analysis, it was found that Indodax's hot wallet private keys were not compromised by hackers, but rather other systems were attacked, such as signature machines.Previous news, on September 11 at 7 AM, according to Cyvers Alerts monitoring, Indodax's wallet conducted over 150 suspicious transactions across different networks, with a total loss of approximately 18.2 million USD, and suspicious addresses are exchanging various tokens for Ethereum.

ChainCatcher message, SlowMist founder Yu Xian stated that the DAI L2 Deployer private key leak has led to some recently deployed L2 DAI contract addresses being "honeypot" addresses controlled by attackers.There are no related risks on Optimism and Arbitrum, but the contracts on Base and Polygon networks are unsafe. The mainnet DAI contract is secure.

ChainCatcher news, OKLink released the July 2024 security report, stating that the cumulative losses from on-chain security incidents across the network amount to approximately $290 million. Losses due to private key leaks account for 88.31% of the total losses, phishing incidents account for 3.03%, REKT incidents account for 7.33%, and RugPull incidents account for 1.31%.On July 18, the private key of the WazirX exchange's multi-signature wallet was leaked, resulting in a loss of approximately $235 million, making it the largest security incident in July. On July 16, the LiFi Protocol cross-chain bridge aggregation protocol was attacked, leading to a loss of about $10 million. The attacker exploited a vulnerability that allowed arbitrary calls to steal assets authorized by users of this contract.In addition, there were a total of 14 incidents of scams and phishing on official social media, resulting in losses of approximately $3.89 million, a decrease of 81.34% compared to June. OKLink reminds users not to disclose your private keys or mnemonic phrases to anyone, not to click on unverified links, and to learn how to use Web3 on-chain tools to mitigate risks. This is an important line of defense in protecting yourself in the Web3 world.

ChainCatcher news, according to Beosin Alert monitoring, it was discovered that the Indian exchange WazirX was attacked. The attacker obtained the signature data of the multi-signature wallet administrator of the exchange, modified the logic contract of the wallet, and executed incorrect logic to steal assets.Attacker address: 0x6eedf92fb92dd68a270c3205e96dccc527728066Attacked address: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4Based on the attacker's behavior, it is speculated that the reason is the leakage of the multi-signature wallet administrator's private key. Beosin summarizes the cause of the attack as follows:The attacker deployed the attack contract: 0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4. The function of this contract is to extract the token assets specified by this contract.The attacker obtained the signature data of the WazirX multi-signature wallet administrator and modified the wallet's logic contract to the already deployed attack contract. The corresponding transaction is:https://etherscan.io/tx/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185dThe attacker submitted a token withdrawal transaction to the WazirX multi-signature wallet. Due to the proxy model mechanism, the wallet contract will use delegatecall to invoke the relevant functions of the attack contract, transferring the wallet's tokens.The flowchart of the stolen funds shows that, so far, the hacker has transferred part of the funds to Changenow and Binance exchanges.

ChainCatcher news, MetaBit Capital released a statement on social media that the wallet private keys used by IFCT users for withdrawals have been leaked, and the specific cause of the leak is under ongoing investigation.It is reported that this incident led to the sale of approximately 750,000 MBT, resulting in a significant drop in the coin price. MetaBit has sought assistance from the judicial authorities and will soon release relevant recovery measures.

ChainCatcher message, Slow Mist founder Yu Xian posted on social media regarding the attack on CoinStats, stating: "I used this app quite a while ago; it's convenient for checking the asset status of target wallets. There are quite a few applications like this, so I won't name them. Some have their own wallet functions (which is a risky area), allowing users to create wallets and use them subsequently. I'm quite curious about how CoinStats Wallet, which is supposed to be user self-custodied, had its private keys leaked on such a large scale; the official statement is that it's 1.3%.This kind of large-scale leak, with a limited proportion, can be speculated upon, but I won't discuss it here. Let's wait for the official disclosure of details."

ChainCatcher news, Wintermute research director Lgor Lamberdiev stated that pump.fun was likely attacked due to a private key leak, resulting in the theft of 2000 SOL and a large amount of MEME coins.Lamberdiev also mentioned that the service account address 5PXxuZ somehow signed the txs, transferring funds to the attacker and random addresses, instead of deploying the Raydium pool, which strongly suggests that the attack was likely caused by the leak from pump.fun.