Cybersecurity firm CertiK reports twelve blockchain-related security incidents between August 18 and 25, resulting in a total loss of $8.2 million, nearly $3.3 million less than the loot stolen by criminals last week. In addition, eight social media accounts belonging to Web3 projects were hacked during this period. The attackers used the hacked accounts to promote phishing websites.
Among the large liquidity withdrawals CertiK noted this week were the transfer of $224,000 from the ACC liquidity pool, $123,700 from the HACHIKO liquidity pool, transactions of almost $90,000 from the Towelie pool, and $50,000 from the HarryPotterObamaJustinHuobiSun token liquidity pool.
CertiK also warned its X (formerly Twitter) followers about zkSync's fake airdrops exploiting the name of a scaling Ethereum engine zkSync. Scammers are also actively promoting fake airdrops of CYBER, the token of the CyberConnect ICO, a decentralized social graph protocol.
Some of the Discord hacks discovered by CertiK this week involved the announcement channel of a trading platform Marginly and the play-two-earn Web3 ecosystem and community Rhinos Rebellion Army.
Meanwhile, on-chain security analysts from another cybersecurity company Phalcon Explorer detected an attack on the Binance Smart Chain-based STV liquidity pool, which subsequently lost more than $500,000.
"The smart contracts are not verified, and we suspect that this is a case of price manipulation resulting from a flawed price calculation that relies on the token balance," Phalcon says in today’s X post, adding that there were multiple attacks on the pool that allowed the hacker to profit by "repeatedly invoking the buy/sell functions."
Another recent incident was an exit scam performed by the deployers of the Magic Blocks project in which $57,000 was lost.
Meanwhile, prominent on-chain detective ZachXBT warned crypto users about SIM swap exploits that are becoming increasingly popular in the Web3 community. On August 23, the sleuth shared with his X followers the latest statistics about the SIM swapping attacks related to crypto projects, which caused losses of over $13.3 million in four months.
Shortly after this post, there was an update on ZachXBT’s Telegram channel in which he reported six new SIM swap incidents that occurred between August 19 and 23.
"Never use SMS 2FA and instead use an authenticator app or security key to secure accounts," ZachXBT advises crypto users, as fraudsters can easily exploit the ability to port a victim's phone number to their device and drain funds from any financial services that use that number for two-factor verification.