Attacker Hacks Arbitrum’s Treasure DAO for Over 100 NFTs by Leveraging Marketplace Exploit

March 4, 2022 Bitcoin.com

Security firms seek to make it more difficult for scammers to get away with DeFi project hacks

February 23, 2022 Coin Telegraph

Assure DeFi

While projects cannot wholly prevent bad actors from infiltrating the DeFi realm, security specialists say there are ways to deter such practices.

The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace.

Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit was the result of external dependencies.

#CommunityAlert @FlurryFi’s Vault contracts were attacked leading to around $293K worth of assets being stolen from Vault contracts

Incident Analysis
— CertiK Security Leaderboard (@CertiKCommunity) February 22, 2022

In another instance, on Feb. 20, social media users reported that Avalanche (AVAX)-based project Atom Protocol allegedly turned into a rug-pull hours after launch, with a screenshot from the project's alleged Twitter account (now deleted) stating:

"There is a problem/mistake in the contracts; we can't do anything. So we have to close the project, sorry."

In a report published Tuesday, Assure DeFi, a verification company providing Know Your Customer, or KYC, as well as checks on project developers, lists one French national on file as responsible for Atom Protocol. The firm conducts such checks and then creates publicly viewable compliance content. Through a statement to Cointelegraph, Assure DeFi explained that it's important to understand that knowing someone's name, address, nationality, etc., does not prevent them from committing a crime. But, Assure DeFi reps elaborated:

"It does, however, create an accountability path to pursue legal recourse against bad actors...which is the value that the Assure DeFi KYC Verification process provides."

The report lists $87,440 being stolen via the alleged rug pull and estimates that the number of "injured parties" surpasses 1,000. According to Assure DeFi, victims are urged to contact Binance support asking to freeze the alleged perpetrator's wallet and contact French law enforcement authorities regarding the alleged crime.

We believe that many people are still misunderstanding the role of KYC/verification.

KYC is a deterrent and not a scam prevention and if anyone says otherwise they are misleading you.

The real value of KYC is having a validated real-world identity behind a project..
— Assure DeFi (@AssureDefi) February 20, 2022

Jump Crypto Replaces $320 Million in Ethereum Taken From Wormhole Exploit

February 4, 2022 Bitcoin.com

Wormhole Network’s Cross-Chain Bridge Exploited for Over $250 Million in Ethereum

February 2, 2022 Bitcoin.com

CertiK’s identification of Crypto Cars as ‘rug pull’ was a false alarm

January 28, 2022 Coin Telegraph

certik

A temporary website outage of the project's main site, among other factors, led to the error.

In a period of market downturns, rumors of crypto bans and decentralized finance, or DeFi scams, blockchain enthusiasts can be sensitive to the smallest abnormalities within projects they follow and sometimes erroneously fear for the worse. The day prior, CertiK, a leading cybersecurity ranking platform in the blockchain space, issued a warning via Twitter regarding CryptoCars, alleging that it was a "rug pull." However, the staff quickly deleted the post as it was a false alarm.

Via a series of Twitter screenshots obtained by Cointelegraph, CertiK first claimed that the website and Telegram for CrytoCars were down. However, users quickly pointed out that both the CryptoCars website and Telegram apps were still functional, resulting in CertiK rescinding the community alert.

According to the developers of CryptoCars, the project's Telegram chat will be temporarily closed "until the end of the Lunar New Year from 27th Jan to 7th Feb." The CryptoCars development team is based in Vietnam, which celebrates the Lunar New Year holiday.

Sources at CertiK issued the following statement to Cointelegraph regarding the incident:

"Incident reporting, although complex, is rapid in nature and is done in a manner to alert the community on up-to-date suspicious activity. In this situation, we noticed [their] Telegram went offline, funds dropping to zero, and the $CCARs website being unavailable. This created an alert of a possible rug pull."

Despite the error, CertiK has done much to benefit the blockchain community. As recently as the day prior, it issued a verified community alert for Qubit Finance as the protocol suffered an $80 million hack.

CryptoCars launched in September 2021 as a nonfungible token, or NFT, car racing game. Structured under a play-to-earn model, CryptoCars requires players to purchase an NFT car minted on the Binance Smart Chain through a blind box created by its developers for 6,600 CCAR or from another user starting at 490 CCAR. According to its official site, the project claims to have 721,683 players, 582,666 NFT cars, and 248.8 million in-game transactions at the time of publication. It also has over 124,500 followers on Twitter.

Raising Security Standards: CertiK Unveils the Security Leaderboard, a Powerful Tool for Retail Investors Navigating the Decentralized Web

May 17, 2021 The Crypto Briefing

certik