Blockchain Security Roundup: November 2023

Blockchain Security Roundup: November 2023

·

2 min read

Another eventful month has unfolded in the world of blockchain security, with this month's highlights featuring a staggering amount of stolen assets!

Our Latest Research

Secure Proxy Models: Understanding Beacon Proxies

The Hacks

KyberSwap - $47M - The multi-chain decentralised exchange aggregator implemented a vulnerable smart contract that allowed the attacker to manipulate the liquidity pool with the use of flash loans.

Aerodrome and Velodrome DeFi - $40k - This hack was carried out in the Web2 space, where the attacker compromised the domain name system (DNS) to take control of the official website links, which would redirect users to a phishing site associated with a malicious contract that would steal user's funds.

HECO Bridge and HTX - $100M - Both projects are associated with Justin Sun and have suffered a massive security breach potentially orchestrated by the Lazarus Group.

Kronos Research - $25 M - An API key compromise, usually referred to as a Web2 vulnerability, was the lead cause of this hack.

dYdX DEX and YFI Token - $9M - Market manipulation attack, not strictly a cybersecurity related issue, but nevertheless a significant loss for the space.

Raft Protocol - $3.3M - The attacker artificially inflated the collateral value within the protocol by utilising flash loans which led to them minting millions of extra R stablecoins.

Poloniex - $126M - Another hack affecting an exchange affiliated with Justin Sun.

Onyx Protocol - $2.1M - The protocol fell victim to a classic smart contract vulnerability, read-only reentrancy.

Other

Rug Pulls and How to Avoid Them

For real-time hack alerts visit: https://twitter.com/rivanorthSec


Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.