Recently, SlowMist Zone — Blockchain Hacked Event Library (Hacked.slowmist.io) is officially upgraded and launched.

In February 2019, the Blockchain Hacked Event Library was launched in the slowmist zone. In March of the same year, a search for hacked events and a trend chart of the hacked amount were added on…

0x00 Event Background

The analysis is derived from a transaction with a transfer amount of 100,000 USD, but the transaction fee is as high as 7,676 ETH.
https://etherscan.io/tx/0x2c9931793876db33b1a9aad123ad4921dfb9cd5e59dbb78ce78f277759587115

Timelines

  • 2021/09/22 18:00 UTC+8, Post updates
  • 2021/09/22 11:00 UTC+8, First published

Background

On September 21, 2021, Vee Finacne was attacked and contract funds were stolen.

Project Description

Vee Finance is a lending protocol that is mainly forked from Compound Protocol and add leveraged trading logic on this basis. Users can obtain loan vouchers through…

According to the intelligence of the SlowMist Zone, on September 12, 2021, the Zabu Finance project on Avalanche suffered flashloan attack.

  1. The attacker first created two attack contracts, then swapped WAVAX into SPORE tokens through attack contract 1 in Pangolin, and deposited the obtained SPORE tokens to ZABUFarm contract, to…

DeRace Token (DERC), Coinspaid (CPD), Capsule Coin (CAPS), Showcase Token (SHO) all use Dao Maker’s vesting system, and the DAO Maker vesting contract is attacked when the holder is issued (DERC) in DAO Maker , i.e. there is a vulnerability in the vesting system of DERC vesting contract participants: Init…

On August 30, 2021, according to news from the SlowMist Zone, the decentralized lending protocol Cream Finance suffered flashloan attack and lost approximately US$18 million. The SlowMist security team immediately intervened in the analysis and shared the brief analysis results as follows.

Analysis

1. The attacker borrowed 500 ETH from Uniswap…

xToken was attacked today.

1. The attacker loaned 25,000 ETH from dydx

2. The attacker used part of the borrowed ETH to mortgage into AAVE V1 and V2 respectively, and loaned a large amount of SNX

3. The attacker used part of the borrowed ETH to exchange SNX from Bancor
4. …

On August 10, 2021, according to the news from the SlowMist Zone, the cross-chain interoperability protocol Poly Network was attacked by hackers. The SlowMist security team immediately cut into the analysis and shared the analysis results as follows.

The Object of Attack

As shown in the figure below, we can clearly see the architecture…

On August 10, 2021, according to the news from the SlowMist Zone, the cross-chain interoperability protocol Poly Network was attacked by hackers. The SlowMist security team immediately cut into the analysis and shared the analysis results as follows.

The details of the attack

1. The core of this attack is that the verifyHeaderAndExecuteTx function of…

1)This evening, the cross-chain interoperability protocol Poly Network was attacked, and a total of more than 610 million US dollars were transferred to 3 addresses. The impact caused the transfer of large assets of the O3 Swap cross-chain pool.

2)The SlowMist security team has grasped the attacker’s mailbox, IP, and…

SlowMist

Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store