Hashing Bits

24th July edition

Hacks:

-> 23rd July:
THORChain ($RUNE) set ablaze when it got hacked again for $8 Million. Many ERC 20 tokens lost their value as a result of this attack. According to the official statement, ETH router was targeted in this attack. The attack seems like a white-hat job since the attack was limited. A breakthrough of the attack can be found here.

-> 21st July:
Sanshu Inu, a meme-based cryptocurrency, was hacked by the deflation token mechanism of KEANU token to attack the reward vulnerabilities in the Memestake smart contract. The attacker made a profit of 56 ETH. Expected loss is $110,881. Read vulnerability analysis here.

OpenEthereum’s node stopped progressing on the Ropsten network after block number 10679538 due to the way go-ethereum implementation checked the balance of the transaction sender for 1559-style transactions in the go-ethereum client. Updated versions are available for download on respective websites. A detailed postmortem can be found here.

-> 19th July:
DeFi project, Array Finance was a victim of a flash-loan attack. The hacker used Array’s pricing mechanism to attack the project. According to the official statements, the attacker made a profit of approx. 273 ETH or $515,000. Vulnerability postmortem can be found here.

Vulnerability Writeups:

Updates have surfaced regarding the previous THORChain hack that involved hacking the ETH Bifrost gateway to exploit the network. More details are available at:

https://medium.com/thorchain/post-mortem-eth-router-upgrade-62ecddd2e5fe

https://www.runebase.org/

DeFi Security:

8 Potential Warning Signs of a Rug Pull by Immunefi.

Why Shiba Swap is a Ticking Time Bomb by Financial Watch.

A Closer Look into Recent DeFi Attacks by Crypto Coffee.