ZEROBASE was a victim of a front-end attack, which resulted in the loss of over 270 users and their entire $240,000 of USDT.
Users were duped into accepting a phishing smart contract in BNB Chain by hackers
A front-end interface exploit is used in a phishing attack
The hackers obtained control of the ZEROBASE web interface without hacking the blockchain itself. The users were redirected to a counterfeit interface and asked to give their consent to USDT spending permissions. As soon as it was approved, the money was drained. One of the victims lost 123,597 USDT. Blockchain researchers Lookonchain affirmed that there is an unauthorized activity that was observed by several users at around 2:30 PM UTC on Friday. The destructive contract in this attack was 0x0dd28fd7d343401e46c1af33031b27aed2152396.
Front-end hacks deal with the user interface in comparison to traditional smart contract exploits. Upon approval of the wallet, Hackers will insert a malicious program to siphon funds after transactions are made. According to security firms, such attacks are difficult for non-technical users to notice. Lookonchain also encouraged users affected to go to their wallet settings and delete suspicious authorizations with websites such as revoke. cash.
Binance and ZEROBASE react to the incident
ZEROBASE admitted the X-compromise at the front end, and to users who contacted the malicious contract, it would automatically block their wallets to prevent any further deposits and withdrawals until approvals were canceled. The platform has put in place measures that would guard against additional losses.
Binance Wallet blocked the phishing site and labeled the related contracts. Affected users also received alerts within 30 minutes to go and revoke any unauthorized approvals. Binance stated that it would keep an eye on the situation and act to secure the users.
Expansive crypto security issues raised
The ZEROBASE hack is after the heightened attention to the security of crypto platforms following the late November attack on the Upbit exchange. The value of digital assets stolen by hackers was 44.5 billion won, or approximately $33 million, and transferred to over a thousand wallets. The South Korean government asked Binance to freeze stolen funds, but it only froze 17% of the requested funds as a result of a delay in verifying the funds.
In another incident, blockchain security system CertiK detected suspicious Tornado Cash deposits, which are attributed to a big emergency withdrawal of 0G Labs. About 520,000 0G tokens worth $516,000 were withdrawn with a privileged functionality. Such events support the fact that front-end and smart contract security should be highly considered in the crypto industry.
Binance and ZEROBase are working hard to reduce risks, and users are encouraged to be cautious when dealing with wallets or staking sites.
