ChainCatcher news, OneKey founder Yishi publicly stated about "Curve ecosystem DeFi protocol Resupply suffering a price manipulation attack resulting in a loss of $9.6 million," demanding that Curve provide a fair solution for every investor and return the user funds lost due to serious technical errors by the project team.Yishi revealed that he is one of the three major investors in Resupply, and the losses from this incident amount to millions of dollars. He accused the team of banning reasonable questioners on Discord and lacking the necessary accountability. He emphasized that the vulnerability stemmed from the failure to destroy the initial shares when deploying the ERC4626 vault, allowing attackers to mint shares at almost zero cost and drain the vault, which constitutes a protocol-level design and deployment error.Yishi stated that it is unreasonable for the Resupply team to shift the losses onto the insurance pool depositors, as the insurance pool is meant for black swan events and market fluctuations, not to cover the team's technical negligence. He also pointed out that Curve, Convex, and Yearn had participated in supporting Resupply in various forms and had gained actual benefits from it, and should not shirk responsibility afterward. He called for the relevant parties to bear the necessary costs and return user assets.In response to the incident, Curve stated this morning, "Although Resupply was not developed by the Curve team, its creators are experienced, and we believe they will do their best to address the issue. The insurance pool is intended to provide protection for such security incidents, and any recovered assets should be prioritized for processing."

ChainCatcher news, the Iranian cryptocurrency trading platform Nobitex has released its fourth announcement regarding the theft incident: "In the ongoing response to the recent security incident at Nobitex, the situation is now under control, and all external access to our servers has been completely severed. Users may notice a significant decrease in their wallet balances on various blockchain networks at Nobitex. This is due to our technical team proactively emptying the hot wallet funds to protect user assets. Therefore, users need not worry about the changes in these wallet balances.The stolen assets have been transferred to a wallet using a non-standard address, composed of random characters, which is distinctly different from the patterns of attacks on traditional cryptocurrency trading platforms. These wallets were subsequently used to destroy and burn user assets. Clearly, the purpose of this attack is not economic gain, but rather an attempt to harm the security and psychological safety of users' assets through deceptive means.The stolen funds can still be publicly tracked on the blockchain network, with the estimated total amount of stolen assets currently around 100 million USD. Furthermore, due to network restrictions and blocked access to external servers, the platform's recovery may take longer than usual. However, Nobitex is making every effort to expedite the repair process. All user assets are fully secured by Nobitex's reserve fund, and users will not incur any financial losses. Further updates will be provided through subsequent announcements."

ChainCatcher news, according to Beincrypto, the blockchain security platform Scam Sniffer has disclosed that the notorious phishing organization Inferno Drainer has recently launched a new type of attack utilizing the upcoming EIP-7702 feature in Ethereum, resulting in individual user losses of up to $150,000.EIP-7702 is a proposal in the Ethereum Pectra upgrade that allows external accounts (EOA) to temporarily act as smart contract wallets during transactions. Attackers exploit this by using authorized MetaMask wallets to batch transfer user assets, rather than directly controlling wallet permissions.Yuxian, the founder of Slow Mist Technology, stated that such attacks have evolved from traditional private key theft to utilizing the "execute" command to perform malicious authorizations in the background. Security experts recommend that users regularly check their token authorization status and use tools like Etherscan to identify abnormal delegation behaviors to mitigate potential risks.

ChainCatcher news, according to the official blog, Binance announced that from January to July 2024, it successfully prevented losses of over $2.4 billion from potential scams and fraudulent activities that could have affected more than 1.2 million users.Binance has adopted an advanced internal risk engine that utilizes a hybrid approach of artificial intelligence (AI) and manual review for real-time monitoring around the clock. Of the $2.4 billion in prevented losses recorded so far this year, over $1.1 billion is related to suspected cryptocurrency scams, accounting for approximately 45% of the total amount.Binance's Chief Technology Officer Rohit Wad stated, "User-centricity has always been Binance's top priority, which reflects our commitment to building and maintaining industry-leading technological tools and security processes that enable us to protect users and their assets around the clock."He also added, "We want users to remain vigilant and take responsibility for their own security. While our team has implemented extensive measures to protect your funds, users themselves always play the biggest role in safeguarding their assets. Stay informed, use strong security measures, and be alert to potential scams."

ChainCatcher news, DEX dYdX announced that the domain registrar for dydx.exchange (previously Squarespace) confirmed that on July 23, the Squarespace account of dYdX Trading was accessed by unauthorized individuals, as these individuals successfully conducted a social engineering attack on Squarespace customer support.During the approximately 2 hours that the dydx.exchange domain was hijacked, 2 users lost a total of approximately $31,000.dYdX Trading has contacted these users and will ensure they are fully compensated. After re-securing the domain, dYdX has added additional controls to prevent such incidents from happening again, including migrating the domain to Cloudflare.

ChainCatcher message, L3 chain Degen stated on platform X that a user lost nearly 90% of their funds during the cross-chain process from Degen Chain to Base. To address this, Degen will create a form to ensure that users who encounter such issues can receive refunds.At the same time, Degen will make significant adjustments in the coming weeks to provide better service. Degen acknowledges the failure to resolve issues in a timely manner and apologizes to the affected users.

ChainCatcher news, May 17 - Dolce & Gabbana USA Inc., the American company of the Italian luxury brand Dolce & Gabbana, has been sued by a customer who claims that the NFT he purchased for $6,000 has lost 97% of its value due to the company's delivery errors. The complaint states that the delivery of the digital clothing was 20 days late and "could only be used on a metaverse platform with almost no users." Even after the digital clothing was released, token holders were unable to use them for the next 11 days because Dolce & Gabbana had not obtained prior approval from the metaverse platform. The plaintiff, Luke Brown, stated that the NFT he purchased lost $5,800. Brown filed the lawsuit on behalf of a group of individuals who purchased digital assets from the NFT project. The case also lists the NFT marketplace UNXD as a defendant.

ChainCatcher news, ZachXBT posted a community risk alert on Telegram, pointing out that the Across Protocol documentation link leads to a fake Discord server, which is suspected to have caused users to lose approximately $880,000 in aEthWBTC. Currently, the Across team has responded that they have removed the fake link.

ChainCatcher news, according to The Block, the user losses in the Azuki "official Twitter account was hacked" incident amount to approximately $780,000.Additionally, data provided by Web3 security researcher Fantasy shows that the number of affected addresses in this incident is relatively small. A user address starting with 0x3ec had 751,000 USDC stolen, while other users lost small amounts of ETH, NFTs, and other project tokens. Currently, the hacker has converted all the USDC into ETH. (source link)