DeFi Project Thena on BSC Chain Attacked, $20k Loss Incurred
On March 28th, it was reported that the DeFi project Thena on the BSC chain was attacked, resulting in a loss of approximately $20000, according to the monitoring by the OKLink sec
On March 28th, it was reported that the DeFi project Thena on the BSC chain was attacked, resulting in a loss of approximately $20000, according to the monitoring by the OKLink security team of the Ouke Cloud Chain. According to the security team’s analysis, the main cause of this attack event is that the Strategy contract upgrade introduced some configuration issues, and the unstake function did not perform permission verification, resulting in attackers being able to call the unstake function and pass in parameters_ Beneficiary, unstack the user’s pledged assets to_ Beneficiary address. Taking one of the transactions as an example, the attacker calls the unstake function to set_ Beneficiary is an attack contract that removes user assets and completes the attack.
Thena, the DeFi project on the BSC chain, was attacked, resulting in a loss of approximately $20000
Introduction
On March 28th, the DeFi project Thena on the Binance Smart Chain (BSC) was attacked, resulting in a loss of approximately $20,000. The OKLink security team of the Ouke Cloud Chain reported this loss after monitoring the event. Following an analysis of the attack, the OKLink team concluded that the primary cause was the result of configuration issues in the Strategy contract upgrade, coupled with the unstake function that did not perform permission verification, enabling attackers to call the function and pass parameters to remove users’ pledged assets.
Why is DeFi Security Important?
The DeFi (Decentralized Finance) space is becoming more popular, which necessitates a robust security system to protect users and their assets. The offers in the DeFi space are all for making financial gains, which makes it an attractive target for hackers, and as such, the security systems must remain rigorous.
Overview of DeFi Projects Security
Decentralized finance projects must be conversant with security best practices to detect and tackle any security risks. Some of the security methods utilized are multi-signature (multisig) wallets, smart contract audits, and bug bounties.
The multisig wallet ensures that no single entity can control transactions, thus preventing bad actors from wreaking havoc. Smart contract audits are used to check the security vulnerabilities that might exist in the smart contract code.
The Strategy Contract Upgrade
Thena’s strategy contract contained configuration issues that made it vulnerable to attack. The upgrade was not adequately checked to avoid introducing an attack vector that attackers could abuse to access and remove user assets.
Unstake Function Vulnerability
The Thena protocol’s unstake function did not perform permission verification as expected, which made it vulnerable to attack. The attackers could use the unstake function and pass in parameters to remove users’ pledged assets. This function allowed attackers to call the function and set the beneficiary as an attack contract that could delete user’s assets entirely.
The Attack
The attackers took advantage of the vulnerabilities in the strategy contract upgrade and unstake function to execute their attack. They passed parameters to the unstake function that enabled them to transfer the user’s assets to an attacker-controlled beneficiary address. Through this method, the attackers stole approximately $20,000 from the Thena protocol.
Conclusion
As the DeFi space continues to grow in popularity, security systems must remain robust and enable early detection of vulnerabilities. The DeFi community must enforce security best practices such as smart contract auditing and bug bounties, among others. It is essential to stay vigilant and avoid vulnerabilities that might lead to significant losses.
FAQs
Q1. Is Thena the only DeFi project that has been attacked?
No, Thena is not the only DeFi project that has been attacked. There have been several DeFi attacks, and this makes it crucial to uphold robust security measures.
Q2. What measures can be taken to prevent such attacks in the future?
Measures such as smart contract audits, bug bounties, and regular security maintenance checks can help detect and prevent such attacks. It is also vital to implement security protocols and procedures when developing DeFi projects.
Q3. Is it safe to invest in DeFi projects?
Investing in DeFi projects is a personal choice that one must make by evaluating the risks and benefits carefully. It is essential to conduct thorough research of a DeFi project before investing.
This article and pictures are from the Internet and do not represent qiAiAi's position. If you infringe, please contact us to delete:https://www.qiaiai.com/ai/11338.html
It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.
Related recommendations
-
DidYouKnowGaming’s YouTube Account Hacked to Promote XRP Scams: What Happened and How to Keep Your Account Safe
On April 30th, it was reported that YouTube blogger DidYouKnowGaming, who has 2.4 million subscribers, tweeted yesterday that his YouTube account had been stolen and hackers used h
-
Cryptocurrency Market Witnesses a 6.8% Drop in 24 Hours but Bitcoin and Ethereum Remain Dominant
According to the report, according to CoinGecko data, the current total market value of cryptocurrency is 977.153 billion US dollars, with a drop of 6.8% in 24
-
The server returned an error message:Rate limit reached for default-gpt-3.5-turbo in organization org-9QdnwRZK5tvuwq885ta3oQOU on requests per min. Limit: 20 / min. Current: 30 / min. Contact support@openai.com if you continue to have issues. Please add a payment method to your account to increase your rate limit. Visit https://platform.openai.com/account/billing to add a payment method.
On February 21, the number of transactions of Blur token BLUR in the NFT trading market was 11546 yesterday, the number of active addresses was 5220 yesterday,…
-
Tech Giants Summoned for Alleged Collusion with US Government to Suppress Freedom of Expression
According to reports, Watcher Guru tweeted that the Justice Department of the United States House of Representatives summoned the chief executives of Apple, Am…
-
Understanding the Market Trends from 12:00-21:00: Insights from the Sui and Xiao Feng Report
12: 00-21:00 Keywords: Sui, Xiao Feng, Ethereum Market Value, Pendle
Important updates on the evening of April 15th
IntroductionThe market is a complex place, where trends and patt -
Shanghai aims to become a leading hub for artificial intelligence
It is reported that the Shanghai Municipal Commission of Science and Technology and others issued the \”Plan for Promoting the Construction of the\” Big Zero Bay…
-
Security team: phishing websites steal 2237 BNBs
According to reports, PeckShield has detected phishing website attacks, diverting 2237 BNBs ($767800) from liquidity providers. The attacker has already transferred 780 BNBs to Tor
-
PaprMeme Raises $3 million in Funding Round Led by Coinbase Ventures
It is reported that the NFT lending platform PaprMeme launched by four former Coinbase employees completed the financing of US $3 million, and Coinbase Venture…
-
Razer Launches ZVentures Web3 Incubator to Bring Web3 Enabled Games to Mainstream Players
According to reports, gaming hardware and peripheral giant Razer has launched the Web3 incubator zVentures Web3 Incubator (ZW3I), aiming to help bring Web3 enabled games to mainstr
-
A Message on Investment Opportunities from 21:00-7:00
21:00-7:00 Key words: Aptos, Accenture, ARK fund, Coinbase stock, A16z
Overview of important developments overnight on February 27
Interpretation …