blocksec

According to monitoring by BlockSec, a suspicious transaction targeting an unknown contract (Stake) on the BSC chain was discovered, resulting in a loss of approximately $133,000.The attacker exploited a vulnerability in the spot price dependency of the Stake contract, manipulated the TUR price in the TUR-NOBEL pool, and then staked TUR. Based on the inflated price, they triggered reward calculations and claimed the amplified rewards through a referral account, ultimately exchanging the stolen TUR for USDT to profit.

According to BlockSec monitoring, the PancakeSwap BCE-USDT pool on the BSC chain was attacked a few hours ago, resulting in a loss of approximately $679,000. The root cause lies in the flawed destruction mechanism of the BCE token.The attacker deployed two malicious contracts to bypass trading restrictions and trigger the destruction of tokens within the pool, profiting approximately $679,000 by manipulating the reserves in the BCE-USDT pool.

According to BlockSec monitoring, the DBXen contract was attacked this morning, with estimated losses of about $150,000. The root cause lies in the inconsistency of the sender's identity under the ERC2771 meta-transaction. In the burnBatch() function, the gasWrapper() modifier uses _msgSender() (the actual user) to update the state, while the callback function onTokenBurned() uses msg.sender (the relayer). This leads to accCycleBatchesBurned being recorded for the user, but lastActiveCycle being incorrectly updated for the relayer.This inconsistency disrupts the logic of claimFees() and claimRewards(). When updateStats() is run for the user, the contract incorrectly assumes there are unprocessed burned batches because accCycleBatchesBurned has been updated while lastActiveCycle has not, resulting in incorrect calculations of rewards and fees, allowing the attacker to extract excess funds for profit.

According to BlockSec monitoring, the AM/USDT pool on the BSC chain was attacked a few hours ago, with estimated losses of about $131,000.The root cause lies in a flaw in the burn mechanism, which was exploited to manipulate the AM reserves in the pool and artificially inflate the token price. The attacker first manipulated the toBurnAmount, then triggered the burn logic after adjusting the AM balance in the pool, causing the AM reserves to drop to abnormally low levels, allowing the attacker to sell the AM back to the pool at an artificially inflated price for profit.

According to BlockSec monitoring, its system detected a suspicious transaction targeting the MT-WBNB liquidity pool on BSC, with an estimated loss of approximately $242,000. The reason lies in a flaw in the buyer restriction mechanism: under deflationary mode, normal buying operations are reverted, while the router/trading pair is whitelisted, allowing attackers to bypass restrictions through router swaps and liquidity removal to obtain MT from the trading pair.The attacker then sold MT to accumulate pendingBurnAmount and called distributeFees() to directly destroy MT from the trading pair, artificially inflating the price, and then exchanged MT back to WBNB for profit. Additionally, a recommendation rule allowing the transfer of the first 0.2 MT to bypass buyer restrictions enabled the attacker to initiate the attack.

According to BlockSec monitoring, Inverse Finance is suspected of suffering a loss of approximately $240,000 due to an attack. YAM Finance responded in a post on platform X, stating that this incident is not a vulnerability in the Inverse contract, but rather related to the LlamaLend mechanism.According to their explanation, the attacker initiated a "donation attack" on sDOLA on LlamaLend, driving the price from about 1.188 sDOLA = 1 DOLA up to about 1.358 sDOLA = 1 DOLA, and subsequently liquidated almost all user positions that had crvUSD borrowed against sDOLA as collateral. It is still unclear why the increase in collateral value triggered liquidations, as it should logically keep users away from the liquidation line rather than bring them closer.It is worth noting that the "secondary effects" of this price anomaly are still ongoing. As a result, users who did not engage in leveraged operations on LlamaLend and only held sDOLA have seen their paper profits increase by about 14%. Additionally, DOLA is currently trading at about a 1% discount in the secondary market compared to its pegged value, and some community members suggest that borrowing users consider repaying their DOLA debts during this discount phase.

According to BlockSec monitoring, Inverse Finance is suspected to have been attacked, resulting in a loss of approximately $240,000.The incident may involve DOLA price manipulation, leading to multiple users being liquidated. Currently, BlockSec has contacted the relevant team but has not yet received a response.

Blockchain security agency BlockSec monitored and discovered that the Base and the FOOMCASH contract on the Ethereum network encountered imitation attacks, using methods similar to the previous Veil Cash vulnerability. The attacker forged zkSNARK proofs due to incorrect verification key configuration, resulting in a total loss of approximately $2.26 million for the contract.Among them, a single attack transaction on Base caused a loss of about $427,000, while approximately $1.83 million in related transactions on Ethereum are suspected to be white hat rescue operations.

According to BlockSec monitoring, the account abstraction wallet Holdstation was hacked, with multi-chain assets stolen amounting to $100,000. The hacker has transferred the stolen funds to the Bitcoin network.The Holdstation team has released an on-chain message and is attempting to negotiate with the attacker.

BlockSec released a significant vulnerability analysis of a closed-source contract, detecting a series of suspicious transactions targeting victim contracts deployed on Ethereum, Arbitrum, Base, and BSC for SwapNet and Aperture Finance, with total losses exceeding $17 million.Fundamentally, the root cause of both incidents is quite simple: the victim contracts have arbitrary call vulnerabilities due to insufficient input validation, allowing attackers to exploit this vulnerability to misuse existing token allowances and perform transferFrom to steal assets.Although the SwapNet and Aperture Finance incidents affected different protocols and blockchains, the fundamental issues in both cases are not complex: user-controlled underlying calls and insufficient input validation in contracts holding token allowances.

BlockSec, in collaboration with Bitget, has released a research report titled "AI × Trading × Security: The Evolution of Risks in the Era of Intelligent Trading 3.0." The report systematically analyzes how AI capabilities evolve and their integration with Web3, exploring how AI reshapes trading efficiency and decision-making logic in Web3. It further discusses the evolutionary trends of offensive and defensive patterns in Web3 during the AI era and the new paradigms of security. Additionally, the report outlines the application directions and real challenges of AI in the Web3 security system from the perspectives of risk control, anti-money laundering, and risk identification.In the specific case analysis, the report takes Bitget's GetAgent as an example, pointing out that it leans more towards a general trading information and advisory tool. GetAgent is not a traditional conversational bot but rather a "second brain" for traders in complex liquidity environments. Its core logic lies in the deep integration of AI algorithms and real-time multidimensional data, creating a complete closed loop that connects data, strategies, and trade execution to assist users in making more effective decisions in high-frequency, multi-variable market environments.The report concludes by stating that the deep integration of Web3 and AI has become an important trend in industry development, while security, risk control, and compliance capabilities are the key foundations for sustaining this trend. The report emphasizes the need for different institutions within the industry to collaborate in advancing technology, governance, and security standards to jointly promote the healthy and sustainable development of the intelligent trading era.

According to market news, a series of suspicious transactions targeting victim contracts deployed on Ethereum, Arbitrum, Base, and BSC were discovered a few hours ago. These transactions were carried out by contracts deployed by two creators, resulting in a total loss of over $17 million.The victim contracts are not open source and appear to have a vulnerability allowing arbitrary calls. The attackers abused existing token authorizations to execute transferFrom operations to steal assets. Affected deployers: 0xbeef63AE5a2102506e8a352a5bB32aA8B30B3112------loss of approximately $3.67 million; 0x9cb8d9BaE84830b7F5F11ee5048c04a80b8514BA------loss of approximately $13.41 million.

The blockchain security agency BlockSec stated that the FutureSwap protocol deployed on Arbitrum was attacked again by hackers exploiting a reentrancy vulnerability, just four days after its first attack, resulting in a loss of approximately $74,000.The attacker first over-minted LP tokens using the reentrancy function 0x5308fcb1 three days ago, and after the cooldown period ended, redeemed the excess collateral to realize profits.

The security agency BlockSec's on-chain tracking platform BlockSec Phalcon posted on platform X, stating, "Balancer and several of its fork projects were attacked a few hours ago, resulting in losses exceeding $120 million across multiple chains. This was an extremely complex attack.Preliminary analysis indicates that the root cause was the attacker's manipulation of the invariant calculation for BPT prices, distorting the BPT price calculation and allowing the attacker to profit from a single batch transaction from a specific stablecoin pool.Taking the attack transaction on Arbitrum as an example, the batch swap operation can be broken down into three stages: 1. The attacker exchanges BPT for the underlying asset to precisely adjust the balance of one token (cbETH) to bring it close to the rounding boundary (amount = 9). This creates conditions for precision loss in the next step; 2. The attacker then uses a pre-constructed amount (= 8) to swap between another underlying token (wstETH) and cbETH. Due to rounding down when scaling the token amount, the calculated Δx slightly decreases (8 0.918 to 8), resulting in an underestimated Δy, which causes the invariant (D) in Curve's StableSwap model to also decrease. Since BPT price = D / total supply, the BPT price is artificially suppressed; 3. The attacker then reverses the exchange of the underlying assets back to BPT, restoring balance while profiting from the drop in BPT price.

Blockchain security company BlockSec posted on social media that Balancer and several forked protocols have been attacked. The losses are as follows:Balancer on Ethereum chain lost $70 million;Balancer on Base chain lost $3.9 million;Balancer on Polygon chain lost $117,000;Beets on Sonic chain lost $3.4 million;Balancer on Arbitrum chain lost $5.9 million;Beethoven on Optimism chain lost $283,000.

ChainCatcher message, according to BlockSec monitoring, an unknown contract on the Base chain was attacked, resulting in a loss of approximately $219,000 (55 WETH). The cause of the attack is suspected to be improper access control, allowing arbitrary calls to the transferFrom function, leading to the theft of assets authorized by the victims.

ChainCatcher news, according to market reports, Sharwa.Finance has disclosed that it was attacked and subsequently paused operations. However, several hours later, multiple suspicious transactions occurred, suggesting that the attacker may have exploited the same underlying vulnerability through a slightly different attack path.Overall, the attacker first created a margin account, then used the provided collateral to borrow more assets through leveraged lending, and finally initiated a "sandwich attack" targeting the exchange operations involving the borrowed assets.The root cause seems to be the lack of bankruptcy checks in the swap() function of the MarginTrading contract, which is used to exchange the borrowed assets from one token (like WBTC) to another token (like USDC). This function only verifies solvency based on the account status at the start of the exchange, leaving room for manipulation during the operation process.Attacker 1 (starting with 0xd356) executed multiple attacks, profiting approximately $61,000. Attacker 2 (starting with 0xaa24) executed one attack, profiting approximately $85,000.

ChainCatcher news, according to BlockSec Phalcon, their system detected multiple suspicious transactions targeting two unknown contracts on Ethereum, resulting in a loss of approximately $120,000. The attacker exploited the lack of access control in the key functions approveERC20 and withdrawAll of the victim contracts, successfully extracting tokens from within the contracts. These victim contracts are not open source and were deployed by the same address.

ChainCatcher message, according to market news, BlockSec Phalcon alert, its system detected a "transferFrom" issue, resulting in a loss of approximately $90,000 on the Base chain.This issue is due to insufficient access control leading to arbitrary low-level calls in the callback function. It is recommended to immediately revoke all approvals for the unknown contract 0xD9f4a3238154ff6439e37F98c9B11489353715Bb.

ChainCatcher news, according to BlockSec Phalcon (@Phalcon_xyz) monitoring, a suspicious transaction targeting the Bunni protocol (@bunni_xyz) contract was found on the Ethereum network, resulting in a loss of approximately 2.3 million dollars.