Create 2023-08-14-Rocketswap.md

[svg-arch]

No description provided.

[JediFaust]

/articlecheck

[github-actions]

Fact Checking

• Statement: Rocketswap, a protocol for trading on Base and providing liquidity, suffered a severe security breach on August 14, 2023, leading to a significant loss of $868,000. ✅
  • Source: https://www.cryptopolitan.com/rocketswap-labs-suffers-865k-breach-unveils-recovery-plan-with-new-farm-contract/
• Statement: The identity of the attacker is unknown. The following addresses are associated with this attack: ✅
  • Source: https://coinmarketcap.com/community/articles/64dc9bc3d0391c502518b3cf
• Statement: Rocketswap lost approximately $868,000 in total. The stolen assets were swapped into 471 ETH. ✅
  • Source: https://neptunemutual.com/blog/taking-a-closer-look-at-rocketswap-exploit/
• Statement: - August 14, 2023, 10:53:35 PM UTC: The first malicious transaction occurred. ✅
  • Source: https://basescan.org/tx/0x25c11d664f89ef9237ecf2e8ff1f067821cb829694b184c7ee74e6d0a3f9bfba
• Statement: - Insecure Management of Private Keys: The exploit occurred primarily due to the insecure storage of private keys used for offline signatures on the server. ✅
  • Source: https://neptunemutual.com/blog/taking-a-closer-look-at-rocketswap-exploit/

Editor's Notes

In the Timeline section:

• Standardize the date formats to "Month day, year, time PM UTC"
• Add missing timeline events from the text

Suggested improvements:

• Expand the Summary to provide more background context
• Provide more details on the losses in the Losses section
• Include preventative measures in the Security Failure Causes section

Hugo SSG Formatting Check

• Does it match Hugo SSG formatting? ✅

Filename Check

• Correct Filename: 2023-08-14-Rocketswap.md ✅

Section Headers Check

• Allowed Headers: ## Summary, ## Attackers, ## Losses, ## Timeline, ## Security Failure Causes ✅

Metadata Headers Check

• Allowed Metadata Headers: date, target-entities, entity-types, attack-types, title, loss ✅
• Notes:
  • The date metadata header matches the date August 14, 2023 mentioned in the text August 14, 2023 2023-08-14 ✅
  • The target-entities metadata header matches the affected entity Rocketswap mentioned in the text Rocketswap Rocketswap ✅
  • The loss metadata header matches the $868,000 loss mentioned in the text $868,000 868000 ✅
  • The entity-types header correctly indicates "DeFi" based on the target entity ✅
  • The attack-types header correctly indicates "Private Key Leak" based on the exploit details ✅

[evgenydmitriev]

/articlecheck

[github-actions]

Duplication checker

Is this a new article for Crypto wiki? ✅

[github-actions]

Fact Checking Results

• Statement: Rocketswap, a protocol for trading on Base and providing liquidity, suffered a severe security breach on August 14, 2023, leading to a significant loss of $868,000. ✅

  • Source: https://www.cryptopolitan.com/rocketswap-labs-suffers-865k-breach-unveils-recovery-plan-with-new-farm-contract/

• Statement: The exploit was made possible due to the compromise of private keys, which were stored on a server, enabling unauthorized asset transfers. ✅

  • Source: https://neptunemutual.com/blog/taking-a-closer-look-at-rocketswap-exploit/

• Statement: Rocketswap lost approximately $868,000 in total. The stolen assets were swapped into 471 ETH. ✅

  • Source: https://neptunemutual.com/blog/taking-a-closer-look-at-rocketswap-exploit/

• Statement: The first malicious transaction occurred on August 14, 2023, 10:53 PM UTC. ⚠️

  • Source: None

• Statement: On August 15, 2023, Rocketswap reported about the exploit and announced a new open-sourced farm contract. ✅

  • Source: https://cointelegraph.com/news/base-dex-rocketswap-announces-emergency-plan-after-exploit

Editor's Notes

• The timeline section should include the exact time in UTC for each event, e.g. "August 14, 2023, 10:53 PM UTC:" instead of just "August 14, 2023:".
• The timeline is missing some key events like when Rocketswap reported the exploit and announced the new farm contract. These should be added with exact timestamps if available.
• Some sections like "Attackers" and "Security Failure Causes" could benefit from more details and context. For example, what specific vulnerabilities enabled the private key compromise?
• Overall the content is factual and well-structured, just needs some additional details and formatting tweaks in the timeline.

Hugo SSG Formatting Check

• Does it match Hugo SSG formatting? ✅

Filename Check

• Correct Filename: 2023-08-14-Rocketswap.md
• Your Filename: 2023-08-14-Rocketswap.md ✅

Section Headers Check

• Allowed Headers: ## Summary, ## Attackers, ## Losses, ## Timeline, ## Security Failure Causes
• Your Headers: ## Summary, ## Attackers, ## Losses, ## Timeline, ## Security Failure Causes ✅

Metadata Headers Check

• Allowed Metadata Headers: date, target-entities, entity-types, attack-types, title, loss
• Your Metadata Headers: date, target-entities, entity-types, attack-types, title, loss ✅
• Notes:
  • The date header matches the date mentioned in the Summary section: August 14, 2023 2023-08-14 ✅
  • The target-entities header matches the affected entity mentioned in the Summary section: Rocketswap Rocketswap ✅
  • The loss header matches the total loss amount mentioned in the Losses section: $868,000 868000 ✅
  • The entity-types header "DeFi" corresponds to the target entity Rocketswap, which is a decentralized trading protocol. ✅
  • The attack-types header "Private Key Leak" matches the description of the private key compromise enabling the attack. ✅

[svg-arch]

@evgenydmitriev

The timeline is missing some key events like when Rocketswap reported the exploit and announced the new farm contract. These should be added with exact timestamps if available.

It has already been added.

Some sections like "Attackers" and "Security Failure Causes" could benefit from more details and context. For example, what specific vulnerabilities enabled the private key compromise?

It is only known that the keys were stored on the server, and the server was hacked.