The SlowMist cybersecurity team has released its weekly incident report covering hacks and scams occurring during the week before Christmas, from December 17 to December 24. According to the on-chain analysts, the total losses resulting from exploits detected during this period amounted to $1,760,600.
Among the most significant security incidents last week, SlowMist highlighted the attack on Pine Protocol, a platform designed for lending and borrowing digital assets, including NFTs. Additionally, there was a security breach affecting Flooring Protocol, a platform supporting NFT fractionalization.
In the case of Pine Protocol, a malicious actor exploited a security vulnerability in FixedFloat and ChangeNOW, withdrawing Ethereum and transferring a portion to the cryptocurrency mixer TornadoCash. According to SlowMist, "The exploiter appears to have received part of the bounty."
Read also: Malicious AI in FinTech: 2024 Threat Prediction
Meanwhile, it seems that SlowMist may have referenced the attack on Flooring Protocol to highlight that the issue was patched last week, rather than to announce a new exploit of the platform. The exploit in question is likely the earlier incident, which involved the theft of 36 Pudgy Penguins and 14 Bored Apes, with estimated damage between $1.60 million and $1.68 million.
One of the most notable rug pulls during this period was the Ordinal Dex (ORDEX) exit scam, resulting in the theft of $70,600. According to SlowMist, it was "A concerning incident on ETH with a substantial liquidity withdrawal, resulting in a complete price drop."
Another Web3 security firm, PeckShield, shared its post about this exit scam with the X community on December 25, claiming that "The address 0xea81...9e31 has swapped 1,000,000,000,000,000 ORDEX for 30.96 ETH."
Read also: Inferno Drainer Is Dead, but Angel Drainer Thrives
In its report, SlowMist also highlighted significant social media compromises.
One such incident involved the Twitter hack of UniSat Wallet, an open-source Chrome extension specifically designed for Bitcoin Ordinals and BRC-20 tokens. The compromised account was the official profile of the UniSat Wallet project. Additionally, the Twitter account of the Web3 influencer 0xKofi fell victim to a hack.
Furthermore, SlowMist reported the compromise of the Discord account belonging to MetaKey, a popular platform used for generating and storing digital credentials.
SlowMist advises maintaining a heightened level of vigilance, especially concerning "sudden liquidity changes in DeFi protocols" and other unusual activities.
