Hacked projects in the first half of 2022 have raised many questions regarding the trade-off between hot growth and security in the crypto sector.
Background
According to recorded data from The Block, the first half of 2022 was when the market witnessed many hack/exploit events with the most considerable asset value.
The total value of damage from attacks recorded in the first half of 2022 was about 1.6 billion USD.
When will a blockchain be attacked?
A hacker or group of hackers might seize control of a blockchain by controlling the bulk of its processing power, or hashrate. If they control more than fifty percent of the network’s hashrate, they may change the blockchain in what is known as a 51% assault. This enables them to modify transactions that have not been validated by the blockchain that existed before they took control. Transactions are deemed successful once six confirmations have been received.
NFT projects are not exempt from hacker attacks targeting the cryptocurrency market. A series of discord hacks occurred on Solana blockchain projects such as Fractal and Monkey Kingdom, appropriating user assets through a link announcing the sale of fake NFTs.
Pandora.Digital – a full-stack DEX encompassing cross-platform AMM, income-generating NFTs, launchpad, marketplace, and decentralized jackpot – has more than once been targeted by those cybercriminals.
Not long ago, Pandora’s exchange encountered a hack involving its profit-making NFTs. There was a minor technical flaw within its NFT marketplace that could potentially allow hackers to create high-level Droidbot NFTs (which can fetch relatively high prices on the marketplace) by exploiting the randomized algorithm in the smart contract.
The developer team quickly identified the attack issue and installed a fix. Pandora’s users have also received support to ensure their NFTs and funds were safe during the attack.
When a user crafts a PandoBox, opens a PandoBox, or upgrades a DroidBot, Pandora’s smart contracts will process these requests using a randomized algorithm to generate the level and mine power of these NFTs. The randomly generated level determines the NFT’s value in the marketplace and its associated mining power.
The algorithm first calculates a seed value based on the current block.
This seed number can be manipulated to achieve a satisfactory result. Then, it will be used to generate a randomized number by calculating the block hash of the next block confirmation block (at this point, it’s the subsequent three blocks).
We can summarize this as:
seed = uint256(block.timestamp + block.gaslimit + uint256(blockhash(n)) + uint256(block.coinbase) + uint256(tx.origin)
rand = uint256(blockHash(n + blockConfirmations)) * seed
However, this method can be dangerous if the blockhash(n + blockConfirmations) = 0x0000000000000000000000000000000000000000000000000000000000000000. This is due to how Consensus Protocol in BNB Smart Chain works. Malicious individuals may try to generate a “good” seed number, multiplied by the blockhash, which can cheat their way into getting a high-level NFT.
Final thought
We are happy to quickly close the issue and mitigate the detrimental effect of this exploit threat.
Blockchain technology’s fast-paced growth also makes it hard to keep applications and users safe. The team understands the security challenges faced by blockchain technology and will continue to grow strong and tackle any difficulties that may come ahead.
| Sustain your finances with Pandora — your favourite DeFi companion! *Telegram Group DEX: https://t.me/PandoraCommunity *Telegram Channel DEX: https://t.me/PandoraDigitalNews *Telegram Group Launchpad: https://t.me/Pandora_IDO *Telegram Channel Lauchpad: https://t.me/PandoraIDO *Twitter: https://twitter.com/Pandora_DEX *Facebook: https://www.facebook.com/PandoraDigital.DEX/ *Instagram: https://www.instagram.com/pandora_dex/ *Medium: https://medium.com/@pandora_digital *Discord: https://discord.gg/z7mpcJFfqG *Reddit: https://www.reddit.com/r/pandoradigital/ *Blog: https://news.pandora.digital/ *Partnership: https://partner.pandora.digital/ *Official Dapp: https://pandora.digital/ ***Beware of fake accounts impersonating pandora.digital. We will NEVER text you first and ask for your private keys or individual information. |
