From d25277cb85a01ca8c5a2ca87fa90a0474e8a0ce5 Mon Sep 17 00:00:00 2001 From: svg-arch <54551804+svg-arch@users.noreply.github.com> Date: Tue, 5 Mar 2024 21:27:18 +0000 Subject: [PATCH 1/3] Create 2023-08-14-Rocketswap.md --- .../attacks/posts/2023-08-14-Rocketswap.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 content/attacks/posts/2023-08-14-Rocketswap.md diff --git a/content/attacks/posts/2023-08-14-Rocketswap.md b/content/attacks/posts/2023-08-14-Rocketswap.md new file mode 100644 index 000000000..04b1d6c10 --- /dev/null +++ b/content/attacks/posts/2023-08-14-Rocketswap.md @@ -0,0 +1,35 @@ +--- +date: 2023-08-14 +target-entities: Rocketswap +entity-types: DeFi +attack-types: Private Key Leak +title: "Rocketswap Suffers $868,000 Loss in Exploit" +loss: 868000 +--- + +## Summary + +Rocketswap, a protocol for trading on Base and providing liquidity, suffered a severe security breach on August 14, 2023, leading to a significant loss of $868,000. The exploit was made possible due to the compromise of private keys, which were stored on a server, enabling unauthorized asset transfers. + +## Attackers + +The identity of the attacker is unknown. The following addresses are associated with this attack: + +- [Base](https://basescan.org/address/0x96c0876F573e27636612CF306C9db072d2B13DE8) +- [Ethereum](https://etherscan.io/address/0x96c0876f573e27636612cf306c9db072d2b13de8) + +## Losses + +Rocketswap lost approximately $868,000 in total. The stolen assets were swapped into 471 ETH. + +## Timeline + +- **August 14, 2023, 10:53:35 PM +UTC:** The [first malicious](https://basescan.org/tx/0x25c11d664f89ef9237ecf2e8ff1f067821cb829694b184c7ee74e6d0a3f9bfba) transaction occurred. +- **August 14, 2023, 12:25 AM +UTC:** Rocketswap [reported](https://twitter.com/RocketSwap_Labs/status/1691229656593371136) about the exploit. +- **August 15, 2023, 02:19 AM +UTC:** Rocketswap [announced](https://twitter.com/RocketSwap_Labs/status/1691258298409029632) a new open-sourced farm contract. +- **August 16, 2023:** Rocketswap [announced](https://mirror.xyz/0x4198bADb0c3ea2efF397F3015a81A1c577ECA247/aYhXdB8FadnWPg40V7_VQEUPWaeUK4t32JYenq7IHM8) the Airdrop Сompensation Programme. +- **August 17, 2023:** Neptune Mutual [published](https://neptunemutual.com/blog/taking-a-closer-look-at-rocketswap-exploit) an analysis of the incident. + +## Security Failure Causes + +- **Insecure Management of Private Keys:** The exploit occurred primarily due to the insecure storage of private keys used for offline signatures on the server. From 79a1668fc9b4911ec8ea4068f16d894cdf4bd55e Mon Sep 17 00:00:00 2001 From: svg-arch <54551804+svg-arch@users.noreply.github.com> Date: Sun, 10 Mar 2024 12:49:53 +0000 Subject: [PATCH 2/3] Update 2023-08-14-Rocketswap.md --- content/attacks/posts/2023-08-14-Rocketswap.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/attacks/posts/2023-08-14-Rocketswap.md b/content/attacks/posts/2023-08-14-Rocketswap.md index 04b1d6c10..f866247b2 100644 --- a/content/attacks/posts/2023-08-14-Rocketswap.md +++ b/content/attacks/posts/2023-08-14-Rocketswap.md @@ -24,9 +24,9 @@ Rocketswap lost approximately $868,000 in total. The stolen assets were swapped ## Timeline -- **August 14, 2023, 10:53:35 PM +UTC:** The [first malicious](https://basescan.org/tx/0x25c11d664f89ef9237ecf2e8ff1f067821cb829694b184c7ee74e6d0a3f9bfba) transaction occurred. -- **August 14, 2023, 12:25 AM +UTC:** Rocketswap [reported](https://twitter.com/RocketSwap_Labs/status/1691229656593371136) about the exploit. -- **August 15, 2023, 02:19 AM +UTC:** Rocketswap [announced](https://twitter.com/RocketSwap_Labs/status/1691258298409029632) a new open-sourced farm contract. +- **August 14, 2023, 10:53:35 PM UTC:** The [first malicious](https://basescan.org/tx/0x25c11d664f89ef9237ecf2e8ff1f067821cb829694b184c7ee74e6d0a3f9bfba) transaction occurred. +- **August 15, 2023, 12:25 AM UTC:** Rocketswap [reported](https://twitter.com/RocketSwap_Labs/status/1691229656593371136) about the exploit. +- **August 15, 2023, 02:19 AM UTC:** Rocketswap [announced](https://twitter.com/RocketSwap_Labs/status/1691258298409029632) a new open-sourced farm contract. - **August 16, 2023:** Rocketswap [announced](https://mirror.xyz/0x4198bADb0c3ea2efF397F3015a81A1c577ECA247/aYhXdB8FadnWPg40V7_VQEUPWaeUK4t32JYenq7IHM8) the Airdrop Сompensation Programme. - **August 17, 2023:** Neptune Mutual [published](https://neptunemutual.com/blog/taking-a-closer-look-at-rocketswap-exploit) an analysis of the incident. From d49698816036da0c64bfca78175f761ade7fdb91 Mon Sep 17 00:00:00 2001 From: svg-arch <54551804+svg-arch@users.noreply.github.com> Date: Mon, 11 Mar 2024 23:59:33 +0300 Subject: [PATCH 3/3] Update 2023-08-14-Rocketswap.md --- content/attacks/posts/2023-08-14-Rocketswap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/attacks/posts/2023-08-14-Rocketswap.md b/content/attacks/posts/2023-08-14-Rocketswap.md index f866247b2..42d60675d 100644 --- a/content/attacks/posts/2023-08-14-Rocketswap.md +++ b/content/attacks/posts/2023-08-14-Rocketswap.md @@ -24,7 +24,7 @@ Rocketswap lost approximately $868,000 in total. The stolen assets were swapped ## Timeline -- **August 14, 2023, 10:53:35 PM UTC:** The [first malicious](https://basescan.org/tx/0x25c11d664f89ef9237ecf2e8ff1f067821cb829694b184c7ee74e6d0a3f9bfba) transaction occurred. +- **August 14, 2023, 10:53 PM UTC:** The [first malicious](https://basescan.org/tx/0x25c11d664f89ef9237ecf2e8ff1f067821cb829694b184c7ee74e6d0a3f9bfba) transaction occurred. - **August 15, 2023, 12:25 AM UTC:** Rocketswap [reported](https://twitter.com/RocketSwap_Labs/status/1691229656593371136) about the exploit. - **August 15, 2023, 02:19 AM UTC:** Rocketswap [announced](https://twitter.com/RocketSwap_Labs/status/1691258298409029632) a new open-sourced farm contract. - **August 16, 2023:** Rocketswap [announced](https://mirror.xyz/0x4198bADb0c3ea2efF397F3015a81A1c577ECA247/aYhXdB8FadnWPg40V7_VQEUPWaeUK4t32JYenq7IHM8) the Airdrop Сompensation Programme.