Security team: Reaper Farm project was attacked and analyzed, and the project party lost about 1.7 million US dollars

[Security team: Reaper Farm project was attacked and the project party lost about 1.7 million US dollars] According to the security public opinion monitoring data of Chengdu Lianan's "Chain Bing-Blockchain Security Situational Awareness Platform", the Reaper Farm project was hacked Attack, Chengdu Lianan security team found that because the owner address in _withdraw is controllable and there is no access control, calling the withdraw or redeem function can extract any user assets. When the funds are transferred to Tornado.Cash, the Chengdu Lianan Lianbizhui platform will monitor and track the stolen funds in real time.

Other news:

Security Team: Team Finance’s funds were damaged or due to poor contract implementation: Jinse Finance reported that according to the monitoring of Okey Cloud Chain, in addition to the contract loopholes in the attack in the Team Finance security incident, the implementation of the migration contract of Uniswap V3 was not rigorous or caused is one of the main causes of loss.

As previously reported, Team Finance claimed that $14.5 million in Token was stolen and the protocol was temporarily suspended. [2022/10/28 11:53:10]

Security Team: The official Discord of Alter Ego Hunters was attacked: Jinse Finance reported that according to the monitoring of the security team CertiK, the official Alter Ego Hunters stated that its Discord was attacked, and users should not click any links, mint or approve any transactions. [2022/9/18 7:04:07]

Security team: New free dao attackers used flash loans to repeatedly receive airdrop rewards and gained about 4481 WBNB: According to news on September 8, according to Beosin EagleEye platform monitoring, the New free dao project was hacked and lost about 4481.3 WBNB (approx. $1.25 million). The Beosin security team analyzed and found that the attacker first used flash loans to lend WBNB and exchanged all of them for NFD tokens. Then use the attack contract to repeatedly create multiple attack contracts to receive (0x8b068e22e9a4a9bca3c321e0ec428abf32691d1e) airdrop rewards, and finally exchange them for WBNB to return the flash loan arbitrage and leave the market. At present, the attacker has converted the profitable 2000BNB into 55.6w USDT, and stored it and the remaining 2,481BNB in the attacker's address. Beosin trace is doing real-time monitoring and tracing of stolen funds. [2022/9/8 13:16:48]