Skip to main content

· 5 min read
Sebastian Lim

Monthly Incident Sharing (Feb 2024)

Introduction

In this monthly series, HashDit is sharing the monthly security incidents in the crypto space and what we can learn from them. For this Feb 2024 edition, the total losses mounted up to $132 million, showing a 141% increase compared to February 2023.

Of which, they are split across 3 sections: DApps ($65m), CEXs ($62m) and Phishing ($5m).

In this sharing, we focus on the DApps incidents. Below are the top 5 DApps incidents that DApp Developers should pay attention to.

Top 5 DApps incidents

PlayDapp - $30m - Private Key Compromise

PlayDapp is a GameFi and Web3 Service protocol. In this attack, the hacker was able to compromise the original Minter account. As such, a malicious minter account was added and he minted 200m $PLA tokens, before dumping them on the open market.

Since then, the token transfer method has been paused and the token is planning to be migrated to a new address $PDA.

Root cause: The hacker was able to compromise the private key of the original Minter account. It is unclear if it was an internal or external attack.

Onchain information:

Add Malicious Minter tx

Malicious Mint tx

Vulnerable code snippet:

IMG-1 IMG-2

Ronin Network’s Jihoz - $10m - Private Key Compromise

Ronin Network is a bridge protocol allowing cross chain of funds. In this attack, Ronin Network’s cofounder Jihoz had his wallet compromised. However, the attack is limited to only personal accounts, and does not affect operations of Sky Mavis and the Ronin chain.

Root cause: The hacker was able to compromise the private key of Jihoz’s wallet. As such, his assets were stolen from there.

Onchain information:

Vulnerable code snippet:

IMG-3 IMG-4 IMG-5

Shido - $3.3m - Private Key Compromise

Shido is a L1 blockchain protocol which combines the interoperability of Cosmos, and the development power of EVM and WASM. In this attack, the attacker was able to compromise the StakingV4Proxy owner's wallet on Ethereum, upgrading to a malicious logic, withdrawing $SHIDO tokens and dumping them on the open market.

Root cause: The hacker was able to compromise the private key of StakingV4Proxy’s owner wallet. It is unclear if it was an internal or external attack.

After transferring ownership to a malicious owner, he immediately upgrades the StakingV4Proxy contract with a malicious withdrawToken() function that withdraws all $SHIDO tokens from the contract.

Onchain information:

StakingV4Proxy owner transfer tx

StakingV4Proxy upgrade tx

Withdraw all $SHIDO tokens tx

Vulnerable code snippet:

IMG-6 IMG-7

Seneca - $3.1m - Lack of Validation

Seneca Protocol is a DeFi lending platform and stablecoin issuer. In this attack, the attacker was able to compromise approximately 1,385 PT-Kelp rsETH from a Seneca collateral pool. He subsequently swapped these tokens for approximately $3 million worth of ETH.

Root cause: There is a lack of validation check for the user input data in the performOperations() function. This bug allows any account to call the function while specifying OPERATION_CALL as the action to be performed, allowing an exploiter to arbitrarily invoke external calls to steal funds from approving users.

Onchain information:

Hack tx on Ethereum

Hack tx on Arbitrum

Vulnerable code snippet:

IMG-8 IMG-9 IMG-10

BlueberryFDN - $1.6m - Oracle Misconfiguration

BlueberryFDN is a DeFi protocol which allows lending and borrowing of funds across chains. In this instance, the attack was front-runned by a whitehat, c0ffeebabe.eth. The vulnerability was due to the lending contract's incorrect handling of price decimals. As such, the attacker was able to borrow all the liquidity of three lending pools (OHM, USDC, WBTC) with extremely low collateral, since the assets borrowed are under-estimated, due to the non-normalized price.

Root cause: There was an incorrect usage of the oracle because the oracle always returns prices scaled to 18 decimals, thus causing assets that have less than 18 decimals to be undervalued significantly when being borrowed.

On Ethereum, WETH has a decimal of 18, OHM has a decimal of 9, USDC has a decimal of 6, and WBTC has a decimal of 8. Since BlueberryProtocol’s price oracle scales all token prices based on a decimal of 18, this caused the value of OHM to shrink by 1e9, USDC by 1e12, and WBTC by 1e10. As a result, the attacker managed to borrow assets worth 460 ETH by only collateralizing 1 ETH.

Onchain information:

Hack tx

Code snippet:

IMG-11

Key lessons for developers

  1. Keys should be properly secured, rotated regularly and have some level of decentralization. Adopt a zero-trust model. Conduct proper background checks for new employees in view of insider compromises.
  1. Validation is important - ensure all possible user inputs are checked for state changing methods. This is especially true for calldata parameters where attackers can craft any data and when the protocol contract handles users’ approvals.
  1. Proper handling of decimals in different tokens used in the protocol is fundamental, particularly when calculating token price values. Furthermore, guaranteeing that the price oracles used in the protocol are normalized to the expected decimals is critical. Price oracles provide current and accurate token prices, thus any discrepancies might lead to significant errors in token pricing and overall system operations.

Feel free to contact us at support@hashdit.io for any support needed! Stay safe!

· 3 min read
Sebastian Lim

HashDit API Integration

What Is HashDit?

HashDit is a Web3 Security Firm dedicated to providing completely free security solutions to both end users and protocol developers on the BNB Chain. Our central objective is to furnish crucial threat intelligence to empower day-to-day DeFi investors in making well-informed decisions. Navigating this DeFi intricate landscape poses challenges even for seasoned investors, let alone newcomers. HashDit aims to bridge this knowledge gap by offering timely and comprehensive threat intelligence on DeFi projects. HashDit's API integration extends its influence to numerous prominent applications, anchoring active measures to safeguard users from the clutches of fraudulent activities. Hashdit typical clients include but are not limited to the following protocols.

1.TrustWallet

HashDit's API takes center stage within TrustWallet, an industry vanguard Web3 Wallet. Serving as a protective layer within the user experience, HashDit's threat intelligence suite preempts elevated risks by promptly notifying users before they connect to the dApp or execute transactions. This proactive approach ensures users operate with heightened vigilance, fortifying their engagement within the dynamic DeFi landscape.

In 2023, HashDit API continually safeguarded assets on TrustWallet and prevented 584k of 630k risky BSC transactions, that's a 93% coverage, preventing users from transferring nearly $169m to scammers!

2.PancakeSwap

This leading DEX on the BNBChain, with a substantial $1.3 billion in TVL, seamlessly incorporates HashDit's solution. Automated scans of tokens within the PancakeSwap framework offer users discernible risk scores. This feature empowers users with real-time insights into potential transactional risks, bolstering informed decision-making amid their DeFi interactions.

3.BscScan

A prime example of HashDit's impact unfolds through its collaboration with blockchain explorers, most notably BscScan. Integrating risk alerts within the explorer's interface bolsters user prudence and caution. Users are empowered to tread warily when engaging with projects or addresses displaying suspicious or high-risk attributes. This measured approach fosters an environment of cautious exploration, preventing undue exposure to potential risks.

Integrate HashDit API With 3 Steps

  • Step1: Apply for access by sending a request with following information to support@hashdit.com.
    • Project name
    • Project description & main products
    • Estimated chains
    • Estimated QPS
      • Query Per Second, the HashDit Security API rate limit is 1200 calls/minute. If you require a higher limit than the available plans, please input correct QPS info.
    • Scenario (see more details in “Security Scanner Scenario” below)
      • DeFi Wallet
        • Url Security Scanner
        • Address Security Scanner
      • Dex
        • Token Security Scanner
        • Others (input the description)
    • Release date
  • Step2: HashDit team will review the request and provide the api token and test examples within 5 work days.
  • Step3: You can build up the Security Scanner within your project 🎉.

Security Scanner Scenario

1.Wallet

IMG-1

IMG-2

2.Dex Token Security Scanner

IMG-3

· 4 min read
Sebastian Lim

Monthly Incident Sharing (Jan 2024)

Introduction

In this monthly series, HashDit is sharing the monthly security incidents in the crypto space and what we can learn from them.

For this Jan 2024 edition, the total losses mounted up to $153 million, showing a staggering 453% increase compared to January 2023.

Top 5 DApps incidents

Orbit Chain - $81.5m

Orbit Chain is a Bridge protocol, which uses the model of locking collateral on the source chain to mint wrapped tokens on the destination chain. In this attack, the hacker was able to compromise 1 of the bridge’s vault and steal its funds. Hack tx

Root cause: Backend compromise. The hacker was able to produce 15 correct Signer keys (v, r, s values), although the threshold needed was just 7.

Vulnerable code snippet:

IMG-1

Magic Internet Money (MIM) - $6.5m

Magic Internet Money is a DeFi protocol which allows lending and borrowing of funds. In this attack, the attacker was able to compromise 1 of the protocol’s markets and steal funds. Hack tx

Root cause: The borrow function in CauldronV4 contracts was vulnerable to manipulation of the part parameter (the user’s share of total debt) via repeatedly borrowing and repaying an asset, taking advantage of the rounding error.

Vulnerable code snippet:

IMG-2 IMG-3 IMG-4 IMG-5

Gamma Strategies - $4.6m

Gamma Strategies is a DeFi protocol which allows active liquidity management and market making strategies. In this attack, the attacker was able to compromise 1 of the protocol’s vaults and steal funds. Hack tx

Root cause: The liquidity ratio checker function erroneously allowed for deposits in any ratio so long as the contents within the vault were single-sided. This allowed for a disproportionate amount of token 0 being deposited, gaining more shares than expected. A second issue was there was no check for the current tick to be within the base position’s lower and upper tick (only a check for the tick change)

Vulnerable code snippet:

IMG-6 IMG-7 IMG-8 IMG-9

Radiant - $4.4m

Radiant is a DeFi protocol which allows lending and borrowing of funds across chains. In this attack, the attacker was able to compromise 1 of the protocol’s markets and steal funds. Hack tx

Root cause: "New/empty market" exploit. It is a known vulnerability to the combination of a rounding error and a totalSupply value of 0. Bug introduced in recent upgrade.

Vulnerable code snippet:

IMG-10

Socket Dot Tech - $3.3m

Socket Dot Tech is an Interoperability protocol bringing seamless connectivity across blockchains. In this attack, the attacker was able to compromise 1 of the protocol’s vaults and steal funds. Hack Tx

Root cause: Unsafe call in the performAction() function. The attacker constructed calldata in the swapExtraData parameter to call transferFrom() of arbitrary tokens, transferring tokens approved to the contract by other users to the attacker's address. Bug was introduced in the recent proxy upgrade.

Code snippet:

IMG-11

Key lessons for developers

  1. Keys should be properly secured, rotated regularly and have some level of decentralization. Adopt a zero-trust model. Conduct proper background checks for new employees in view of insider compromises.
  1. Validation is important - ensure all possible user inputs are checked for state changing methods. This is especially true for calldata parameters where attackers can craft any data and when the protocol contract handles users’ approvals.
  1. Rounding in Solidity always rounds down. As such, it is important to perform multiplication before division and to round down for the user during withdrawals, and round up during deposits. Consider increasing precision during calculations to avoid unexpected manipulation attacks.

    However, in the latest donation attacks for lending protocols, we see that the usual rule to favor protocol for calculations is no longer sufficient. There must be better health checks for bad debt as well, at the end state of a transaction.

  1. For projects utilizing lending protocols:

    • When deploying a new market (especially for Compound / Aave v2 forks), ensure that it is first initialized with 0 Collateral Factor and deploy with small deposit to lock dead shares.
    • Disallow deposits when the pool price is out of the base range of liquidity.
    • Increase precision on price change thresholds and deposit ratios.
    • For those allowing single-sided pool deposits, add a conditional statement to prevent deposits of any ratio of assets so long as vault is single-sided.
  2. Always engage a security auditor to review all code upgrades before they are deployed on chain. This prevents new bugs from being introduced.

Feel free to contact us at support@hashdit.io for any support needed! Stay safe!

· 8 min read
Sebastian Lim

Twitter Compromise Security Blog

Introduction

In the landscape of cryptocurrencies, Twitter plays a primary role as a conduit of essential news and real-time updates, weaving itself into the fabric of professional and personal crypto interactions. Yet the importance of this reach brings with it a need for unyielding security. Compromised Twitter accounts - particularly those focused on crypto - pose substantial threats; their impacts can resonate deeply not just within individual digital wallets, but across the entire crypto market.

In this blog post, we're going to explore both the personal and professional implications of these security breaches, paying special attention to their effects within the crypto community. As we journey through the world of crypto Twitter, grasping the potential threats is crucial to fortifying our digital fortress and nurturing a safe, reliable space for crypto discourse.

Part 1: Understanding Compromised Accounts

A compromised Twitter account means a legitimate, usually verified account, falls prey to a malicious entity. The attacker obtains control, gaining access to personal data and the power to impersonate the original account holder. In the crypto-Twitter world, this can lead to misinformation, financial manipulation or phishing attacks, posing substantial risks to the wider crypto community.

There are 3 main risks associated with Compromised Accounts

  1. Potential distribution of harmful links or malware. This could occur if the malicious actor uses the hijacked account to send or post dangerous links which, when clicked, could infect a user's device with malware. This puts the user's personal and potentially sensitive data at risk, as malware can be used to steal information, spy on user activity, or even hijack further accounts.

  2. Manipulate trusting followers into making detrimental financial decisions based on misleading guidance.

  3. Security breaches reflect negatively on the organization behind the account, damaging their reputation and casting doubt about their competence in protecting user information and funds. Hence, Twitter account security is crucial to maintaining credibility and safeguarding followers' interests.

There have been several notable accounts (not only Crypto related) that have been compromised just in 2024 so far:

  • SEC Ref
  • Mandiant Ref
  • CoinGecko Ref
  • ReStake Finance Ref
  • Injective Ref
  • Arkham Intelligence’s CEO Ref

Part 2: Signs of a Compromised Twitter Account

Recognizing the signs of a compromised Twitter account is crucial to minimize potential damage.

Symptoms include but are not limited to:

  1. User point of view

    1. Compromised accounts start making an unexpected tweet from their usual timeline.

      For example,

      IMG-1

      • Urgent call to action message

      • Twitter card spoofing is a technique used by the scammers to trick users into believing they are clicking on the official site.

      • Replies are usually turned off to prevent users from calling them out and warning others.

    2. Making unsolicited DMs to everyday users. This will be to gain trust since it appears to be from a trusted source and can be seen from the DM recipient.

    3. Blocking security related accounts that call them out. This is to prevent accounts with wider following from informing others.

  1. Compromised account’s point of view

    1. The project party might start noticing unexpected tweets, retweets, or likes appearing on your profile

    2. Receiving direct messages you did not send

    3. Noticing changes to your account settings such as email, password, or linked phone number that you didn't make

    4. Alerts for login attempts or successful logins from unfamiliar locations, a sudden increase in the number of unknown followers, involuntarily following new accounts

    5. Messages from your followers about suspicious activity or spam originating from your account.

Part 3: How Twitter Accounts Get Compromised

Understanding how hackers compromise Twitter accounts is key to enhancing your security position.

  1. Phishing:

    1 of the most common techniques used is through Social Engineering and Phishing. For example, if DMs are turned on and your social media presence is strong, they target you, gain your trust and subsequently ask you to click and authorize Twitter permissions through a 3rd party site. This 3rd party site will gain access to posting on your behalf, changing passwords and settings etc.

  2. SIM Swap Attacks:

    These represent a real threat to Twitter users who've linked their accounts with their mobile numbers, presenting a lucrative attack vector for bad actors. In essence, scammers manipulate this to their advantage to commandeer your account.

  3. Password Vulnerability and Lack of 2FA:

    A negligently secure mindset lays the foundation for such attacks. Usage of weak passwords that can fall prey to brute-force attacks and absence of Two-Factor Authentication (2FA) turns the account into low-hanging fruit for hackers.

  4. Consequences of Data Breaches:

    Accounts running on the same password across multiple platforms are in jeopardy. The compromise of one account may well trigger a domino effect, subjecting various other accounts to risk too.

  5. The Risk of Malware:

    If you're storing passwords unencrypted on your local desktop or making visits to dangerous websites to download potentially malicious applications, you're inadvertently setting the stage for hackers to access your passwords.

Part 4: How to Secure Your Twitter Account

Understanding the necessary steps to secure your Twitter account is essential to maintaining your privacy and safety online.

To ensure the robust security of your Twitter account, consider the following steps:

  1. Creating a strong password is one of the first and most fundamental steps towards securing your online presence. Regularly updating your password can also bolster its resilience against unauthorized access.

    It should be at least 12 characters long and composed of varied elements including a combination of uppercase letters, lowercase letters, numbers, and symbols. Avoid including easily guessable data such as your name, birthdates, or common words. If remembering a complex password seems challenging, consider using a reliable password manager or creating a passphrase, which is a sentence-like string of words that is easy to remember and hard for hackers to crack.

  2. Switch to Non-SMS-Based 2FA: It would be best to activate a non-SMS-based two-factor authentication. Instead of SMS, consider using an authenticator app or, for maximum security, a Yubikey.

  3. Regularly Audit Third-Party App Permissions: It's pivotal to periodically verify third-party application permissions linked to your account and screen for any unsanctioned approvals. These could potentially be monitoring your actions. Basic guide is as follows:

    More -> Settings and Support -> Settings and Privacy -> Security and Account access -> Apps and sessions -> Connected apps -> Delete it!

    IMG-2

  4. Be Cautious of Suspicious Activity: Stay alert to any dubious emails, direct messages, or links from unfamiliar sources. In spite of possible impersonations, it's prudent not to interact with them.

  5. Use Secure and Updated Devices: It's crucial to access your Twitter account through secure devices that are regularly updated to keep your account safe from newly discovered threats.

  6. Continuously Review Account Access: Regular updating of who has permission to access the Twitter account can prevent unauthorized access.

  7. Periodic Security Model Updates: Review your security model now and then, especially when there are changes in your organization like a team member leaving or a new member joining and needing access to the account.

  8. Being familiar with prevalent hacking techniques and conducting regular security checks allow you to proactively defend your account. Understanding the way hackers operate and staying vigilant about your account's security offers an extra layer of protection.

Part 5: What to Do if Your Account Gets Compromised

If your account gets compromised, it is paramount that you react quickly to mitigate any negative consequences to the community.

  1. Password Reset: Promptly update your password, making sure to include all associated emails.

  2. Cease Third-Party Permissions: It's crucial to terminate all third-party permissions without delay to prevent further unauthorized access.

  3. Inform the Community: Immediately alert your community about the compromised account using alternative communication channels such as a secondary Twitter account or other platforms like Discord or Telegram. This would warn them against trusting any new posts from the breached account.

  4. Contact Twitter Support: If all these measures still yield no improvement, consider reaching out to Twitter's customer support, ideally from a different Twitter account. This might aid in further resolving the issue.

Conclusion

In conclusion, in an era of escalating cyber threats, safeguarding your digital presence is more critical than ever, particularly so for projects that reach a large audience or manage high Total Value Locked (TVL). The stakes for these projects are particularly high due to the significant influence and value they hold.

Understanding common signs of account compromise, being aware of prevalent hacking methods, creating robust passwords, and consistently refining security settings are not just best practices, they are necessities. Projects must take accountability for their impact and make Twitter account security a constant priority. Always remember, the strength of your online security is only as robust as its weakest link, thus maintaining a secure environment requires consistent vigilance, awareness, and behavior adjustments.

Feel free to contact us at support@hashdit.io for any support needed! Stay safe!

· 5 min read
Sebastian Lim

Top 10 incidents in 2023

The following were the top 10 security incidents in terms of financial loss in 2023.

IMG-1

Fintoch - $32 Million Loss

On 24th May 2023, Fintoch, a Investment Fraud Ponzi Scheme, was found to have exit scammed for ~$32m worth of USDT.

Fintoch advertises a 1% daily APR, the team page listed a false person "Bob Lambert" as their CEO when he is in fact a US based paid actor (Mike Provenzano). The project claimed to be based in Silicon Valley but it was in fact not registered there. Furthermore, Fintoch claimed to be owned by Morgan Stanley.

Later on, the Singapore Government issued a warning against this fraud and Morgan Stanley issued a similar one as well.

Stake - $18 Million Loss

On 4th September 2023, the Stake platform was exploited, resulting in almost $18m loss on BSC. Stake is a Betting platform for users to gamble their cryptocurrency on multiple chains. The incident was due to a Private Key Compromise of several of its operating wallets, leading to their funds being directly stolen. However, the eventual root cause was not shared by the project team, and the platform continued business as usual by changing operating wallets subsequently.

Ipp - $15 Million Loss

On 26th May 2023, the Ipp project conducted a rugpull worth nearly $15m worth of USDT. The project has since deleted all its social media accounts.

The root cause of this rugpull was that there was a backdoor function in the staking contract of the project. The backdoor function allowed the scammers to have privileged access to remove users’ staked funds in the contract.

Safemoon - $9 Million Loss

SafeMoon markets itself as a decentralized cryptocurrency with reflection rewards for holders. On 28th March 2023, the project was exploited for roughly $9m worth of WBNB funds.

The vulnerability leading to the attack is because of a bug that was introduced in the latest update. Specifically, the burn() function introduced can be called publicly, and secondly the From address can be externally controlled. This means that any address can technically have its $Safemoon tokens burned from their wallet.

The hacker was able to continually call the burn() method, parsing in the address of the Safemoon-WBNB pool. By destroying the number of $Safemoon in the LP pool, the value of $Safemoon is artificially inflated, allowing the hacker to make a back swap for WBNB and profit.

SwapX - $7 Million Loss

On 27th February 2023, SwapX, an AMM project was exploited, resulting in the loss of ~$7m worth of funds on BSC. The victim smart contract which was unverified, had a vulnerable function without proper access control, which misuses the allowances given by other users.

The attacker exploited this vulnerability to swap other users’ funds for other tokens, in other words, users had their funds swapped not on their own accord. As a result, the other tokens such as $DND and $LZ had a price bump which allowed the attacker to make a back swap and profit from the price gap.

Coinex - $6 Million Loss

On 12th September 2023, Coinex, a CEX was exploited for roughly $6m on BSC. Similar to the Stake platform case, the incident was due to a Private Key Compromise of several of its operating wallets, leading to their funds being directly stolen.

This case was found to be linked to North Korea's infamous Lazarus group as they laundered funds through multiple channels onchain after the attack. The project team eventually pledged a 100% refund for all affected users and restarted services after 1 week.

Atlantis Loans - $4 Million Loss

On 12th June 2023, Atlantis Loans was exploited for around 4m. In this attack, the hacker executed a malicious governance proposal to take over all the core contracts of the ecosystem. During the execution, the hacker managed to take over the Admin role of all those core contracts. As such, he injected a malicious implementation to steal the funds of users that have approved to those contracts in the past.

Interestingly, the first proposal submitted was actively caught by the community and voted off. However, due to the lack of eyes on the project, the 2nd malicious proposal passed the quorum without sufficient Against votes.

FUT - $3 Million Loss

Early this year, on 4th January 2023, the FUT token rugpulled for nearly $3m worth of funds. These funds were laundered through multiple exchanges.

The loophole is in the Masterchef contract, where there was a backdoor function which allowed the scammer to steal staked funds from users.

$GMETA - $2 Million Loss

On 18th July 2023, $GMETA token conducted an exit scam of ~$2m, resulting in a 96% price drop.

The scam project party minted these large amounts of $GMETA tokens to a dormant address that they have control back in February. Once the price of the token has been pumped substantially, the scammers sold them all for a profit.

Circulate - $2 Million Loss

On 12th January 2023, Circulate executed a rugpull for roughly $2m worth of BUSD. The scam project party managed to hide a malicious code within the unverified contract to steal funds that were staked in the contract. The funds have since been bridged to ETH and laundered through Tornado Cash

· 4 min read
Sebastian Lim

Disclaimer

The information provided through the BNB Chain community does not constitute advice or recommendation for investment or trading. Projects are listed in no particular order below. BNB Chain does not take responsibility for any of your investment decisions. Please seek professional advice before taking financial risks.

Contract names are there for reference only, there may be legitimate contracts which share the same name, always double check The contract addresses which are the unique identifier of any smart contract.

Overview

PancakeSwap is the most popular decentralized exchange native to BNB Chain. You can swap tokens, invest in yield farms and liquidity pools, and buy and sell collectibles. It is part of the ever-growing world of decentralized finance protocols.

PancakeSwap stands tall as the flagship DeFi platform within the BNB Smart Chain (BSC) ecosystem, however, risks exist in every DEX and blockchain ecosystem. HashDit diligently checks projects every week to identify potential threats within the PancakeSwap landscape, ensuring your trading experience is protected. Consider HashDit as a trusted guide that helps you navigate in DeFi by highlighting potential hazards and keeping your journey secure. Remember, vigilance and a proactive approach are vital for a safe and successful DeFi experience.

High Risk TVL protocol on PCS

In this week's report, there were 11 newly identified risky addresses. Trending newly identified risky addresses:

AddressContractNameWeekly Active Transactions
0x1633b7157e7638c4d6593436111bf125ee74703fSplintershards (SPS)395
0x7bd6fabd64813c48545c9c0e312a0099d9be2540Dogelon Mars (ELON)263
0xb1f2d9678d14a74a9654ad73a43e7e60c59dc911TDY (TDY)98
0x4799c398bf0c202a985149796524c34043d62df9Meta Game (MTG)47
0x47f41a2b6e3cb035bb051f187f1908f51b7e5958JingTu (JT)20
0x2f4e9c97aaffd67d98a640062d90e355b4a1c539Afrostar (AFRO)18
0x83a86adf1a7c56e77d36d585b808052e0a2aad0eSaveYourAssets (SYA)17
0x13e1070e3a388e53ec35480ff494538f9ffc5b8dBRICKS (BRICKS)9
0xdf0816cc717216c8b0863af8d4f0fc20bc65d643SHIBA BSC (SHIBSC)9
0x88888888faedeb25b94a015af705f18666079038AGAME (AG)7

Key themes on high risks:

  1. Red Alarm projects are manually identified by our security team for being potential scams. These are identified from a project level, for example projects that utilize fake social media marketing, or create scam meme projects. They are labeled under the DApps section of this page (45%)

  2. Roughly 36% of the newly identified risky addresses were through threat intelligence. These addresses are either confirmed rugpulls (project has already removed rugged) or scam tokens that have high risk of rugs.

  3. Another theme for these contracts is that they have a privileged role, e.g owner is an EOA, which could mean some centralization risk as the owner can mint or toggle honeypot mode at will, so there could be rugpull risk. This portion represents 18% of the total newly identified risky addresses.

Refer to this link for the full list.

Tip: Filter by Top_TVL_Risky_Pool / Trending_Risky_Pool / Trending_Risky_Tokens to retrieve the risky addresses from different sources.

Integrations with PancakeSwap

Hashdit has partnered with PancakeSwap to integrate the DappBay’s Red Alarm. The risk score level reflects how risky the interacted token is, helping users make better informed decisions.

Example: Fake Circle Token - 0x84ef2e2e977062da3cfc12c038fa3ce2d42d01b1 IMG-1

The RedAlarm keyword will link to the risk scanner as seen in the image below. IMG-2

Please take note that the risk level in Pancake & Risk Scanner might be different, because Hashdit use more conservative strategies for PancakeSwap than DappBay risk scanner.

IMG-3

Stay Safe!

HashDit advises you to act with caution in general, but ask that you take particular care when dealing with the projects we highlight as risky on our weekly update. Continue enjoying the BNBChain ecosystem and most importantly, stay SAFU!

About HashDit?

HashDit is building a safe blockchain ecosystem on BNB Chain by providing threat intelligence, code auditing and instant analysis for smart contracts. In the vast and ever-evolving world of Defi investing, HashDit stands as a beacon of trust and knowledge for everyday investors. HashDit is a member of AvengerDAO, which is a community-driven initiative created to protect users and projects on BNB Chain from malicious actors and activity.

· 4 min read
Sebastian Lim

Disclaimer

The information provided through the BNB Chain community does not constitute advice or recommendation for investment or trading. Projects are listed in no particular order below. BNB Chain does not take responsibility for any of your investment decisions. Please seek professional advice before taking financial risks.

Contract names are there for reference only, there may be legitimate contracts which share the same name, always double check The contract addresses which are the unique identifier of any smart contract.

Overview

PancakeSwap is the most popular decentralized exchange native to BNB Chain. You can swap tokens, invest in yield farms and liquidity pools, and buy and sell collectibles. It is part of the ever-growing world of decentralized finance protocols.

PancakeSwap stands tall as the flagship DeFi platform within the BNB Smart Chain (BSC) ecosystem, however, risks exist in every DEX and blockchain ecosystem. HashDit diligently checks projects every week to identify potential threats within the PancakeSwap landscape, ensuring your trading experience is protected. Consider HashDit as a trusted guide that helps you navigate in DeFi by highlighting potential hazards and keeping your journey secure. Remember, vigilance and a proactive approach are vital for a safe and successful DeFi experience.

High Risk TVL protocol on PCS

In this week's report, there were 23 newly identified risky addresses. Trending newly identified risky addresses:

AddressContractNameWeekly Active Transactions
0x037b202ca88d2028d82936d5615ee5088cb9fd78Distributed Autonomous Organization (DAO)2182
0xbededdf2ef49e87037c4fb2ca34d1ff3d3992a11FEG Token (FEG)985
0x61b83edf87ea662c695439a807c386455c9e797cIgnore Fud (4TOKEN)402
0xe4fae3faa8300810c835970b9187c268f55d998fCateCoin (CATE)390
0x6e3fd1dea627226998da6e9e0c7ef95f417d6c35AEXN GLOBAL COIN (AGC)374
0x185674a45c57ebb884c609c2619740f2994767e9Helena Financial V2 (HELENA2)29
0x64abc441f2d011c64f0118f44debbe3e56958ffeHasee (Hasee)24
0xf606bd19b1e61574ed625d9ea96c841d4e247a32Guardian (GUARD)23
0x746760ecf1d8088c1014ef3d43dc45d5af8febf3Pi Network DeFi (Pi Networ...)16
0x674aa28ac436834051fff3fc7b6e59d6f9c57a1cOptimus Inu (OPINU)12

Key themes on high risks:

  1. Roughly 34% of the newly identified risky addresses were through threat intelligence. These addresses are either confirmed rugpulls (project has already removed rugged) or scam tokens that have high risk of rugs.

  2. Another theme for these contracts is that they showed scam features. This means that it could be a Ponzi, Honeypot or fake token. This portion represents 26% of the total newly identified risky addresses.

  3. Another theme for these contracts is that they have a privileged role, e.g owner is an EOA, which could mean some centralization risk as the owner can mint or toggle honeypot mode at will, so there could be rugpull risk. This portion represents 21% of the total newly identified risky addresses.

Refer to this link for the full list.

Tip: Filter by Top_TVL_Risky_Pool / Trending_Risky_Pool / Trending_Risky_Tokens to retrieve the risky addresses from different sources.

Integrations with PancakeSwap

Hashdit has partnered with PancakeSwap to integrate the DappBay’s Red Alarm. The risk score level reflects how risky the interacted token is, helping users make better informed decisions.

Example: Fake Circle Token - 0x84ef2e2e977062da3cfc12c038fa3ce2d42d01b1 IMG-1

The RedAlarm keyword will link to the risk scanner as seen in the image below. IMG-2

Please take note that the risk level in Pancake & Risk Scanner might be different, because Hashdit use more conservative strategies for PancakeSwap than DappBay risk scanner.

IMG-3

Stay Safe!

HashDit advises you to act with caution in general, but ask that you take particular care when dealing with the projects we highlight as risky on our weekly update. Continue enjoying the BNBChain ecosystem and most importantly, stay SAFU!

About HashDit?

HashDit is building a safe blockchain ecosystem on BNB Chain by providing threat intelligence, code auditing and instant analysis for smart contracts. In the vast and ever-evolving world of Defi investing, HashDit stands as a beacon of trust and knowledge for everyday investors. HashDit is a member of AvengerDAO, which is a community-driven initiative created to protect users and projects on BNB Chain from malicious actors and activity.

· 4 min read
Sebastian Lim

Disclaimer

The information provided through the BNB Chain community does not constitute advice or recommendation for investment or trading. Projects are listed in no particular order below. BNB Chain does not take responsibility for any of your investment decisions. Please seek professional advice before taking financial risks.

Contract names are there for reference only, there may be legitimate contracts which share the same name, always double check The contract addresses which are the unique identifier of any smart contract.

Overview

PancakeSwap is the most popular decentralized exchange native to BNB Chain. You can swap tokens, invest in yield farms and liquidity pools, and buy and sell collectibles. It is part of the ever-growing world of decentralized finance protocols.

PancakeSwap stands tall as the flagship DeFi platform within the BNB Smart Chain (BSC) ecosystem, however, risks exist in every DEX and blockchain ecosystem. HashDit diligently checks projects every week to identify potential threats within the PancakeSwap landscape, ensuring your trading experience is protected. Consider HashDit as a trusted guide that helps you navigate in DeFi by highlighting potential hazards and keeping your journey secure. Remember, vigilance and a proactive approach are vital for a safe and successful DeFi experience.

High Risk TVL protocol on PCS

In this week's report, there were 26 newly identified risky addresses. Trending newly identified risky addresses:

AddressContractNameWeekly Active Transactions
0x3374bdb800708d1b3173eac918c58d766c7ddd28XYZ finance (XYZ)598
0x28ce223853d123b52c74439b10b43366d73fd3b5FAME MMA (FAME)353
0xe9c803f48dffe50180bd5b01dc04da939e3445fcVelas (VLX)269
0xf87940f78f2f4d99a0c5c22e3fcc21795cd53245Kamaleont (KLT)225
0x1236a887ef31b4d32e1f0a2b5e4531f52cec7e75GamiWorld.io (GAMI)117
0x69c2fcae7e30b429166bd616a322e32bec036bcfMuratiAI (MURATIAI)91
0xd024ac1195762f6f13f8cfdf3cdd2c97b33b248bMiniFootball (MiniFootball)85
0x24086eab82dbdaa4771d0a5d66b0d810458b0e86Pepe AI (PEPEAI)82
0x631c2f0edabac799f07550aee4ff0bf7fd35212bPoollotto.finance (PLT)68
0xb56554296bc11afc98847914254a2beb82ba2bedTKING (TKING)48

Key themes on high risks:

  1. Almost half of the newly identified risky addresses (46%) were through threat intelligence. These addresses are either confirmed rugpulls (project has already removed rugged) or scam tokens that have high risk of rugs.

  2. Red Alarm projects are manually identified by our security team for being potential scams. These are identified from a project level, for example projects that utilize fake social media marketing, or create scam meme projects. They are labeled under the DApps section of this page (23%)

  3. Another theme for these contracts is that they showed scam features. This means that it could be a Ponzi, Honeypot or fake token. This portion represents 23% of the total newly identified risky addresses.

Refer to this link for the full list.

Tip: Filter by Top_TVL_Risky_Pool / Trending_Risky_Pool / Trending_Risky_Tokens to retrieve the risky addresses from different sources.

Integrations with PancakeSwap

Hashdit has partnered with PancakeSwap to integrate the DappBay’s Red Alarm. The risk score level reflects how risky the interacted token is, helping users make better informed decisions.

Example: Fake Circle Token - 0x84ef2e2e977062da3cfc12c038fa3ce2d42d01b1 IMG-1

The RedAlarm keyword will link to the risk scanner as seen in the image below. IMG-2

Please take note that the risk level in Pancake & Risk Scanner might be different, because Hashdit use more conservative strategies for PancakeSwap than DappBay risk scanner.

IMG-3

Stay Safe!

HashDit advises you to act with caution in general, but ask that you take particular care when dealing with the projects we highlight as risky on our weekly update. Continue enjoying the BNBChain ecosystem and most importantly, stay SAFU!

About HashDit?

HashDit is building a safe blockchain ecosystem on BNB Chain by providing threat intelligence, code auditing and instant analysis for smart contracts. In the vast and ever-evolving world of Defi investing, HashDit stands as a beacon of trust and knowledge for everyday investors. HashDit is a member of AvengerDAO, which is a community-driven initiative created to protect users and projects on BNB Chain from malicious actors and activity.

· 4 min read
Sebastian Lim

Disclaimer

The information provided through the BNB Chain community does not constitute advice or recommendation for investment or trading. Projects are listed in no particular order below. BNB Chain does not take responsibility for any of your investment decisions. Please seek professional advice before taking financial risks.

Contract names are there for reference only, there may be legitimate contracts which share the same name, always double check The contract addresses which are the unique identifier of any smart contract.

Overview

PancakeSwap is the most popular decentralized exchange native to BNB Chain. You can swap tokens, invest in yield farms and liquidity pools, and buy and sell collectibles. It is part of the ever-growing world of decentralized finance protocols.

PancakeSwap stands tall as the flagship DeFi platform within the BNB Smart Chain (BSC) ecosystem, however, risks exist in every DEX and blockchain ecosystem. HashDit diligently checks projects every week to identify potential threats within the PancakeSwap landscape, ensuring your trading experience is protected. Consider HashDit as a trusted guide that helps you navigate in DeFi by highlighting potential hazards and keeping your journey secure. Remember, vigilance and a proactive approach are vital for a safe and successful DeFi experience.

High Risk TVL protocol on PCS

In this week's report, there were 29 newly identified risky addresses. Trending newly identified risky addresses:

AddressContractNameWeekly Active Transactions
0x71c20e781c623c022134713ef7f78aacf0109849META WORLD (MGC)734
0xfaf18e53f52122085a8743e2bfb324c0577b98b5UBKX (UBKX)635
0x4ffa143ce16a24215e8df96c0cef5677a7b91ee4REGENT COIN (REGENT)505
0xf99f2aec50adfde23cc67ab6240168b0a59f1d30IVY (IVY)327
0x641ec142e67ab213539815f67e4276975c2f8d50DogeKing (DogeKing)87
0x317c8971d88e749504cef345fbc69c65258501dbEternal World (ETL)72
0x92dd5b17bdacbbe3868a09be5a3df93032c29ddbKubic (KUBIC)51
0x7d18f3fe6e638fad0adacc5db1a47f871a2c2cc4dollarmoon (Dmoon)34
0x42269ac712372ac89a158ad5a32806c6b6782d66Vip Panda Community (VPC)28
0x0ebc30459551858e81306d583025d12c7d795fa2Amazing doge (Adoge)19

Key themes on high risks:

  1. 1 theme for these contracts is that they have a privileged role, e.g owner is an EOA, which could mean some centralization risk as the owner can mint or toggle honeypot mode at will, so there could be rugpull risk. This portion represents 31% of the total newly identified risky addresses.

  2. About one-quarter of the newly identified risky addresses (24%) were through threat intelligence. These addresses are either confirmed rugpulls (project has already removed rugged) or scam tokens that have high risk of rugs.

  3. Another theme for these contracts is that they showed scam features. This means that it could be a Ponzi, Honeypot or fake token. This portion represents 13% of the total newly identified risky addresses.

Refer to this link for the full list.

Tip: Filter by Top_TVL_Risky_Pool / Trending_Risky_Pool / Trending_Risky_Tokens to retrieve the risky addresses from different sources.

Integrations with PancakeSwap

Hashdit has partnered with PancakeSwap to integrate the DappBay’s Red Alarm. The risk score level reflects how risky the interacted token is, helping users make better informed decisions.

Example: Fake Circle Token - 0x84ef2e2e977062da3cfc12c038fa3ce2d42d01b1 IMG-1

The RedAlarm keyword will link to the risk scanner as seen in the image below. IMG-2

Please take note that the risk level in Pancake & Risk Scanner might be different, because Hashdit use more conservative strategies for PancakeSwap than DappBay risk scanner.

IMG-3

Stay Safe!

HashDit advises you to act with caution in general, but ask that you take particular care when dealing with the projects we highlight as risky on our weekly update. Continue enjoying the BNBChain ecosystem and most importantly, stay SAFU!

About HashDit?

HashDit is building a safe blockchain ecosystem on BNB Chain by providing threat intelligence, code auditing and instant analysis for smart contracts. In the vast and ever-evolving world of Defi investing, HashDit stands as a beacon of trust and knowledge for everyday investors. HashDit is a member of AvengerDAO, which is a community-driven initiative created to protect users and projects on BNB Chain from malicious actors and activity.

· 4 min read
Sebastian Lim

Disclaimer

The information provided through the BNB Chain community does not constitute advice or recommendation for investment or trading. Projects are listed in no particular order below. BNB Chain does not take responsibility for any of your investment decisions. Please seek professional advice before taking financial risks.

Contract names are there for reference only, there may be legitimate contracts which share the same name, always double check The contract addresses which are the unique identifier of any smart contract.

Overview

PancakeSwap is the most popular decentralized exchange native to BNB Chain. You can swap tokens, invest in yield farms and liquidity pools, and buy and sell collectibles. It is part of the ever-growing world of decentralized finance protocols.

PancakeSwap stands tall as the flagship DeFi platform within the BNB Smart Chain (BSC) ecosystem, however, risks exist in every DEX and blockchain ecosystem. HashDit diligently checks projects every week to identify potential threats within the PancakeSwap landscape, ensuring your trading experience is protected. Consider HashDit as a trusted guide that helps you navigate in DeFi by highlighting potential hazards and keeping your journey secure. Remember, vigilance and a proactive approach are vital for a safe and successful DeFi experience.

High Risk TVL protocol on PCS

In this week, there were 17 newly identified risky addresses. Trending newly identified risky addresses:

AddressContractNameWeekly Active Transactions
0x71cce0035d82c21cf4b908bcd8f1117fff0fa623bitcoin (bitcoin)427
0x2b3559c3dbdb294cbb71f2b30a693f4c6be6132dLucky star Currency (LSC)350
0x872a34ebb2d54af86827810eebc7b9dc6b2144aaRocketVaultRocketX (RVF)215
0x0a92285241b0ea93eff4195db4530af1a4bcfe0cCRYPTO_STREET (CST)179
0x16e79e09b3b56bcbba83667aff88dc6ca727af2eBART SIMPSON COIN ($BART)162
0x4673f018cc6d401aad0402bdbf2abcbf43dd69f3French connection finance (FCF)100
0x3c1748d647e6a56b37b66fcd2b5626d0461d3aa0DinoX Coin (DNXC)23
0x123458c167a371250d325bd8b1fff12c8af692a7DRAC Token (DRAC)17
0xb6b91269413b6b99242b1c0bc611031529999999CALO (CALO)15
0x8424b4c691473c873067b65d5f40f3ff0bf7463eSHIBKING INU (Shibking)9

Key themes on high risks:

  1. Almost three-quarter of the newly identified risky addresses (70%) were through threat intelligence. These addresses are either confirmed rugpulls (project has already removed rugged) or scam tokens that have high risk of rugs.

  2. Red Alarm projects are manually identified by our security team for being potential scams. These are identified from a project level, for example projects that utilize fake social media marketing, or create scam meme projects. They are labeled under the DApps section of this page(11%)

  3. Another theme for these contracts is that they showed scam features. This means that it could be a Ponzi, Honeypot or fake token. This portion represents 11% of the total newly identified risky addresses.

Refer to this link for the full list.

Tip: Filter by Top_TVL_Risky_Pool / Trending_Risky_Pool / Trending_Risky_Tokens to retrieve the risky addresses from different sources.

Integrations with PancakeSwap

Hashdit has partnered with PancakeSwap to integrate the DappBay’s Red Alarm. The risk score level reflects how risky the interacted token is, helping users make better informed decisions.

Example: Fake Circle Token - 0x84ef2e2e977062da3cfc12c038fa3ce2d42d01b1 IMG-1

The RedAlarm keyword will link to the risk scanner as seen in the image below. IMG-2

Please take note that the risk level in Pancake & Risk Scanner might be different, because Hashdit use more conservative strategies for PancakeSwap than DappBay risk scanner.

IMG-3

Stay Safe!

HashDit advises you to act with caution in general, but ask that you take particular care when dealing with the projects we highlight as risky on our weekly update. Continue enjoying the BNBChain ecosystem and most importantly, stay SAFU!

About HashDit?

HashDit is building a safe blockchain ecosystem on BNB Chain by providing threat intelligence, code auditing and instant analysis for smart contracts. In the vast and ever-evolving world of Defi investing, HashDit stands as a beacon of trust and knowledge for everyday investors. HashDit is a member of AvengerDAO, which is a community-driven initiative created to protect users and projects on BNB Chain from malicious actors and activity.