We've wrapped up 2023 and 2024 is in full swing. In the first edition of the year we'll be looking back at the biggest and most relevant security news of the past month.
Top Hacks
Orbit Bridge - $81.5M - On the eve of New Year's, December 31, 2023, Orbit Chain's Ethereum bridge, fell victim to a cyberattack most likely caused by the compromise of credentials or private keys.
Levana Protocol - $1.1M - The breach unfolded over a 13-day period from December 13 to December 26 and led to a loss of about 10% of the protocol's liquidity reserves.
NFT Trader - $3M - NFT Trader was exploited due to reentrancy vulnerabilities in its old smart contracts, leading to the theft of approximately $3 million in high-value NFTs.
Flooring Protocol - $1.6M - In December 2023, Flooring Protocol suffered an exploit of its peripheral/multi-call contract, resulting in attackers netting around $1.6 million.
INX - $1.6M - INX Digital Company reported a breach in December 2023, where attackers compromised a third-party provider’s servers, executing unauthorised transactions and stealing approximately $1.6 million.
Telcoin - $1.2M - Telcoin incurred losses of about $1.2 million in December 2023 due to an attack exploiting vulnerabilities in the wallet’s proxy contracts on the Polygon blockchain.
Thirdweb - $190K -Thirdweb disclosed a critical vulnerability in libraries implementing ERC2771 and Multicall that allowed one to impersonate msgSender which negates every access control implementation. Coinbase NFT, OpenSea and many other projects were vulnerable. It only took a few days for multiple attackers to exploit this attack vector and start targeting vulnerable projects starting with the $190K compromise of Time.
More Blockchain Security from Rivanorth
Secure Proxy Models: Understanding Beacon Proxies
Rug Pulls and How to Avoid Them
Real-time hack news and info: https://twitter.com/rivanorthSec
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.
You build the future. We help you secure it.