In a weekly update, SlowMist reveals that there were approximately $830,000 that were lost in Web3 security incidents.
According to statistics from SlowMist’s Blockchain Hacking Archive, from August 28 to September 3, 2023, there were “a total of 7 security incidents, resulting in an estimated loss of approximately $830,000.”
Specific Incidents
Ivan Bianco
On August 29, 2023, Ivan Bianco, a Brazilian YouTube user, “accidentally leaked the mnemonic phrase for his cryptocurrency wallet during a live stream on his Fraternidade Crypto channel.”
This led to the theft of cryptocurrencies and “a batch of NFTs worth nearly $60,000.” The account “has approximately 34,000 subscribers on YouTube.”
During the live stream, Bianco opened “a file containing his mnemonic phrase, which allowed an unidentified individual to gain control of his wallet and steal the funds.” After the loss, Bianco filed a police report. He also stated “that following the theft, an unidentified man contacted him on Discord.”
This anonymous individual “claimed to be the thief, expressed regret for his actions, and then abruptly ended the call.” After the conversation, the wallet that “had been used to steal most of the assets returned cryptocurrencies worth about $50,000 to Bianco.”
Starkware
On August 30, 2023, it was reported “that Starkware, an Ethereum Layer 2 scaling solution, had repeatedly warned its users over the past few months that if they did not take action before an upcoming upgrade, they would lose access to their funds.”
Despite these warnings, some users apparently did “not see the notices, which led to many being locked out of their Starkware accounts and losing access to their funds.” The total value of the affected accounts is “estimated to be $550,000.” Due to community pressure, Starkware has since “re-enabled the wallet upgrade functionality.”
Compared to the multi-million dollar losses in previous weeks, this week has “seen a significant reduction.”
However, the number of Discord-related security incidents has “continued to increase.”
Attackers generally prepare “a phishing website that closely resembles the official one before the attack.” They lure project administrators “to click on virus-infected links or malicious bookmarks to acquire related tokens and subsequently gain administrative rights to the project’s Discord server. After securing administrative access, the attacker typically mutes all channels and adds their own Discord Bot to the server.”
They then disseminate phishing links within the channel, using words like “claim,” “airdrop,” “mint,” “reward” to bait users into clicking. The attackers may also “conduct phishing through private messages while impersonating administrators.”
Users should enable privacy settings “to disable private chats from server members upon joining a Discord server.”
It is also advisable to add notes to Discord bots “that have been verified through multiple layers of official authentication.”
This helps in identifying fraudulent bots “when they publish phishing content.”
Project teams must pay close attention “to community feedback, promptly remove malicious accounts from community Discord servers, and provide anti-phishing safety education to users as soon as they join the Discord server.”
As covered, SlowMist is a blockchain security firm “established in January 2018.”
The firm was started by “a team with over ten years of network security experience to become a global force.”
Their goal is to make the blockchain ecosystem “as secure as possible for everyone.”
For more details on this update, click here.