According to the news from SlowMist Zone, Value Defi, a Binance Smart Chain DeFi project, was been hacked today. The SlowMist get involved immediately and share the result in a form of a newsletter for your reference.

Attack analysis

1. The attacker fisrtly swap 0.05 WBNB for vBSWAP token.

2. At the meanwhile, the attacker make a flashloan, so vSwap contract will transfer the vBSWAP token and WBNB to the attacker.

3. …

According to news from the SlowMist Zone, the DeFi project Uranium on the Binance Smart Chain was “hacked” with a loss of 50 million U.S. dollars. The SlowMist security team immediately intervened in the analysis and shared it for your reference in the form of a newsletter:

Attack analysis

This problem occurred on the pair contract of the Uranium project. The swap function part of the contract logic refers to the logic of PancakeSwap, allowing users to lend out funds through flash loans. However, when this function checks the contract balance according to the constant product formula, there is a problem of…

The Ethereum DApp project Paid Network was under attack. The attacker minted nearly 160 million U.S. dollars in PAID tokens through contract vulnerabilities and made a profit of 2,000 ETH (about 3 million U.S. dollars). The SlowMist Security Team followed up and analyzed it at the first time, and now we will analyze the details for your reference.

Attack details analysis

The well-known DeFi project Furucombo was hacked and lost more than 15 million U.S. dollars. The SlowMist security team immediately intervened in the analysis and shared the details of the attack with everyone.

Attack details analysis

The contract in question this time is in Furucombo’s own agency contract. The entire attack process is very simple. By setting the logical address of Furucombo’s AaveV2 Proxy, the attacker caused all subsequent logic called through the Furucombo proxy contract to be forwarded to the attacker’s own malicious contract, resulting in the theft of any funds.

On February 5, 2021, according to the intelligence of the SlowMist Zone, the DAI strategy pool of the well-known chain machine gun pool yearn finance was attacked. The SlowMist security team immediately followed up the analysis. The following is a brief analysis of SlowMist:

1. The attacker first borrowed a large amount of ETH from dYdX and AAVE using flash loans

2. The attacker uses the ETH loaned from step 1 to loan DAI and USDC in Compound

3. The attacker deposits all USDC and most of the DAI in step 2 into the Curve DAI/USDC/USDT pool. At this time…


At present, the demand for using LP Token for mortgage lending is increasing, but there is currently no comprehensive method for securely obtaining the price of LP Token on the market. In the process of analyzing the method of obtaining LP Token price, the SlowMist security team paid attention to the Alpha Finance team’s method of safely obtaining LP price. After reading carefully, I will share relevant thoughts with everyone.

Analysis of LP Token price acquisition

At present, the common ways to obtain LP Token prices are as follows:


On January 27, 2021, according to the SlowMist Zone intelligence, SushiSwap was attacked again. The problem was that the transaction fee of the DIGG-WBTC trading pair was taken away by the attacker through special means. The SlowMist security team immediately intervened in the analysis of related incidents after receiving the intelligence. The following are the details of the attack.

What is SushiMaker

SushiMaker is an important component of the SushiSwap protocol. It is used to collect the handling fee of each trading pair of SushiSwap, and by setting the routing of each token, the handling fee of different trading pairs is finally converted…

Since 2020, the DeFi market has been prospering wildly. DEXs led by Uniswap and SushiSwap have developed particularly rapidly, stealing a large number of transactions from traditional exchanges. At the same time, the congestion of the Ethereum network and excessive gas fees have greatly affected the user experience . Based on the above reasons, as the world’s leading exchanges, Huobi and OKEx have laid out plans one after another, focusing on infrastructure construction, and successively launching exchange public chains to find new possibilities through transformation and increase exchanges. Ecological value.

On December 21, 2020, the Huobi Eco-Chain Heco mainnet was…

According to statistics from the SlowMist Technology Blockchain Hacked Event Library ( , there were 122 blockchain security incidents that were disclosed in the blockchain ecology in 2020: 54 of which were smart contract and token security incidents. There were 29 exchange security incidents, 12 public chain attacks, 12 wallet attacks, and 15 other attacks.

Cumulative number of blockchain attacks

With the implementation of various applications, the security problems caused by blockchain digital assets are generally on the rise. There are various types of digital currency crimes. Theft, fraud, illegal fundraising, money laundering, illegal transactions on the dark web, crimes and other cases are frequent…

According to the intelligence of the SlowMist Zone, on December 29, 2020, the price of the Cover agreement plummeted. The SlowMist security team followed up and analyzed related incidents as soon as possible. The following is a brief analysis process.

A brief analysis

1. In the Blacksmith contract of the Cover protocol, users can mortgage BPT tokens through the deposit function;

2. After the first deposit-withdraw, the attacker will update the pool through the updatePool function and use accRewardsPerToken to record the cumulative reward;

3. Later, the reward will be distributed through the _claimCoverRewards function and recorded using the rewardWriteoff parameter;

4. After…


Focuses on Blockchain Ecosystem Security, has served Huobi/OKEx/Binance/imToken, nearly a thousand commercial customers in total.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store