Attackers Preparing for Christmas - Over $1.76 Million Lost

Notable security incidents right before Christmas included the exploit of Pine Protocol and the rug pull affecting the Ordinal Dex (ORDEX) investors.

Thief wearing a costume of Santa Claus
Last week, criminals were especially active, targeting the social media accounts of popular Web3 projects.

The SlowMist cybersecurity team has released its weekly incident report covering hacks and scams occurring during the week before Christmas, from December 17 to December 24. According to the on-chain analysts, the total losses resulting from exploits detected during this period amounted to $1,760,600.

Among the most significant security incidents last week, SlowMist highlighted the attack on Pine Protocol, a platform designed for lending and borrowing digital assets, including NFTs. Additionally, there was a security breach affecting Flooring Protocol, a platform supporting NFT fractionalization.

In the case of Pine Protocol, a malicious actor exploited a security vulnerability in FixedFloat and ChangeNOW, withdrawing Ethereum and transferring a portion to the cryptocurrency mixer TornadoCash. According to SlowMist, "The exploiter appears to have received part of the bounty."

Read also: Malicious AI in FinTech: 2024 Threat Prediction

Meanwhile, it seems that SlowMist may have referenced the attack on Flooring Protocol to highlight that the issue was patched last week, rather than to announce a new exploit of the platform. The exploit in question is likely the earlier incident, which involved the theft of 36 Pudgy Penguins and 14 Bored Apes, with estimated damage between $1.60 million and $1.68 million.

One of the most notable rug pulls during this period was the Ordinal Dex (ORDEX) exit scam, resulting in the theft of $70,600. According to SlowMist, it was "A concerning incident on ETH with a substantial liquidity withdrawal, resulting in a complete price drop."

ORDEX rug pull
Source: PeckShieldAlert, X

Another Web3 security firm, PeckShield, shared its post about this exit scam with the X community on December 25, claiming that "The address 0xea81...9e31 has swapped 1,000,000,000,000,000 ORDEX for 30.96 ETH."

Read also: Inferno Drainer Is Dead, but Angel Drainer Thrives

In its report, SlowMist also highlighted significant social media compromises.

One such incident involved the Twitter hack of UniSat Wallet, an open-source Chrome extension specifically designed for Bitcoin Ordinals and BRC-20 tokens. The compromised account was the official profile of the UniSat Wallet project. Additionally, the Twitter account of the Web3 influencer 0xKofi fell victim to a hack.

Furthermore, SlowMist reported the compromise of the Discord account belonging to MetaKey, a popular platform used for generating and storing digital credentials.

SlowMist advises maintaining a heightened level of vigilance, especially concerning "sudden liquidity changes in DeFi protocols" and other unusual activities.