Users lose their fortune in a few clicks: 5 major security incidents for the last 7 days

Although the share of crypto crime in the total transaction volume decreases, users should remain vigilant. For a few last days, the blockchain world has experienced a number of incidents resulting in users losing their assets.

When trying to get high returns, users fall into the trap of scammers. In 2021, the scope of rug pulls reached more than $2.8B and all of them, except for the rug pull attributable to Thodex exchange, were related to DeFi projects. Investors are tricked into buying tokens. After collecting assets, malicious actors disappear. One of the key reasons why investors fall victim as a result of rug pulls is the growing popularity of DeFi where the transaction volume increased by 912% in 2021 compared to 2020. Also, the creation of DeFi tokens is a simple process that can be accomplished by individuals without any technical background and the listing of these tokens on exchanges can take place without auditing the code of the smart contract.

Recent Incidents

The project @MarkMetaNetwork has initiated a scamming campaign whereby only whitelisted users can sell assets. Thus, common users are lured into buying causing the upward movement of the price of $MMT token up thereby bringing huge profits to whitelisted scammers. The price of the token jumped by more than 2,000% in just 1 day. Be aware of this scam.

The deployer of the project @TopGoal_NFT had pre-minted $TMT tokens and dumped it to >2,660 BNB. The assets were washed through @TornadoCash. In a few minutes, the price of the $TMT token dropped by >50%.

The other recent example of rug pull is #Bnb42 project. The deployer drained >6,400 BNB ($2.7M) from an unverified contract. The stolen funds were later distributed among 8 different addresses.

Social engineering is not the only type of threat. Attackers keep on trying to breach into projects. On 14 February 2022, Build Finance DAO experienced a governance attack. A malicious actor took control of the Build token contract. The hacker managed to put forward a proposal to grant him control and had enough tokens to vote for passing it. The attacker minted as many various tokens as possible by exploiting a smart contract and drained funds from liquidity pools. As a result of the hack, the exploiter deposited 163 ETH to Tornado Cash.

On 8 February, the retirement accounts in crypto of some of the users of IRA Financial Trust were drained, frozen, and locked. The users did not receive any explanation from IRA Financial or Gemini exchange on which their crypto assets were held. The cost of the breach is $36M. IRA Financial is investigating the incident.

Thus, the risk of becoming a victim of crypto hacks remains high. Users should both assess the reliability of the project they work with and remember to follow basic personal security rules such as using multi-factor authentication and securely storing private information. Only when both a project and its users consider security as a top priority, the chances for hackers to successfully attack the project are minimal.

The alerts about hacks and scam cases have been found on Twitter.