List of Crypto Hacks Involving Access Control Vulnerability — ImmuneBytes

ImmuneBytes
4 min readMay 20, 2024

--

Access control bugs in cryptography typically refer to vulnerabilities that arise from improper or insufficient access control mechanisms within cryptographic systems.


+--------------------------+--------------------------+--------------------+-------------------+--------------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------+
| Project | Date of Exploit | Exploit Amt. (USD) | Blockchain | Type of Exploit | Type of Contract | Exploited Contract Add. | Exploit Transaction |
+--------------------------+--------------------------+--------------------+-------------------+--------------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------+
| GameToken | 2024-01-22T00:00:00.000Z | 7000000 | Polygon | Access Control Bug | Tokens | https://polygonscan.com/address/0xcf32822ff397ef82425153a9dcb726e5ff61dca7 | |
| Safemoon | 2023-03-29T00:00:00.000Z | 8900000 | BNB Chain | Access Control Bug | DeFi | | https://bscscan.com/tx/0x48e52a12cb297354a2a1c54cbc897cf3772328e7e71f51c9889bb8c5e533a934 |
| SwapX | 2023-02-27T00:00:00.000Z | 1000000 | BNB Chain | Access Control Bug | DeFi | | |
| Tales of Elleria | 2023-04-19T00:00:00.000Z | 280000 | Arbitrum | Access Control Bug | Tokens | https://arbiscan.io/address/0xfcd201954072545e2d12b90785e0e912ed7cc2b9 | https://arbiscan.io/tx/0x376aaa9b8bdf452ea4bbc4a185e639cf30eff456d96ee117571dcbb6e9cf318c |
| Land NFT | 2023-05-15T00:00:00.000Z | 150000 | BNB Chain | Access Control Bug | NFT (ERC-721) | https://bscscan.com/token/0x1a62fe088f46561be92bb5f6e83266289b94c154 | https://bscscan.com/tx/0x48878f4751f05e4366eb6c6d52a7a637f39d70a4f28cdb82b042118d9e5c81fb |
| Local Traders | 2023-05-23T00:00:00.000Z | 118000 | BNB Chain | Access Control Bug | DEX | https://bscscan.com/address/0xce3e12bd77dd54e20a18cb1b94667f3e697bea06 | https://bscscan.com/tx/0x49a3038622bf6dc3672b1b7366382a2c513d713e06cb7c91ebb8e256ee300dfb |
| Phoenix | 2023-03-07T00:00:00.000Z | 100000 | Polygon | Access Control Bug | Tokens | | |
| Melo Token | 2023-05-06T00:00:00.000Z | 90729 | BNB Chain | Access Control Bug | Tokens | https://bscscan.com/token/0x9a1aef8c9ada4224ad774afdac07c24955c92a54 | https://bscscan.com/tx/0x3f1973fe56de5ecd59a815d3b14741cf48385903b0ccfe248f7f10c2765061f7 |
| Venus Token | 2023-05-11T00:00:00.000Z | 17283 | BNB Chain | Access Control Bug | Tokens | https://bscscan.com/token/0x9fe22d981f2c9f3563d044c43e14feeecde8fc54 | https://bscscan.com/tx/0x90ee7abd5d6ec0f0f3eb61e1e8a559393aa879b90ad2da4fa2739ab6233c249f |
| Degen Millionaires Club | 2023-02-06T00:00:00.000Z | 733 | BNB Chain | Access Control Bug | Tokens | | |
| Crema Finance | 2022-07-03T00:00:00.000Z | 8800000 | Solana | Access Control Bug | DeFi | | |
| CF Token | 2022-04-11T00:00:00.000Z | 1900000 | BNB Chain | Access Control Bug | DeFi | | |
| Rabby Swap | 2022-10-11T00:00:00.000Z | 200000 | Avalanche C Chain | Access Control Bug | DeFi | | |
| Ragnarok Online Invasion | 2022-09-08T00:00:00.000Z | 44222 | BNB Chain | Access Control Bug | Tokens | | |
| HospoWise | 2022-04-04T00:00:00.000Z | 15000000 | Ethereum | Access Control Bug | DeFi | | |
| POLY NETWORK | 2021-08-10T00:00:00.000Z | 611000000 | BNB Chain | Access Control Bug | Bridge | Ethereum:0x250e76987d838a75310c34bf422ea9f1ac4cc906, BSC:0x05f0fDD0E49A5225011fff92aD85cC68e1D1F08e, Polygon:0x28FF66a1B95d7CAcf8eDED2e658f768F44841212 | |
| Visor Finance | 2021-12-21T00:00:00.000Z | 8200000 | Ethereum | Access Control Bug | DeFi | | |
| DODO | 2021-03-09T00:00:00.000Z | 3800000 | | Access Control Bug | DeFi | | |
| Wild Credit | 2021-05-27T00:00:00.000Z | 650000 | Ethereum | Access Control Bug | DeFi | | |
+--------------------------+--------------------------+--------------------+-------------------+--------------------+------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------+

These bugs can manifest in various ways, potentially leading to security breaches or unauthorized access to sensitive information. Here are some examples:

  1. Key Management Issues: Improper management of cryptographic keys can lead to access control vulnerabilities. For example, if keys are not securely stored or if access to them is not properly restricted, unauthorized parties may be able to obtain and misuse them.
  2. Inadequate Authentication: Cryptographic systems often rely on authentication mechanisms to verify the identities of users or entities. If these mechanisms are not robust enough or if they can be bypassed or tampered with, it can lead to unauthorized access.
  3. Weak Authorization Policies: Access control bugs can also arise from weak or flawed authorization policies. For example, if a system improperly grants access to certain cryptographic operations or resources without proper verification of permissions, it can lead to security breaches.
  4. Insecure Defaults: Cryptographic systems may have default settings or configurations that are insecure or overly permissive. Attackers can exploit these defaults to gain unauthorized access if they are not properly configured or hardened.
  5. Side-channel Attacks: In some cases, access control vulnerabilities may stem from side-channel attacks that exploit unintended channels of information leakage, such as timing or power consumption, to gain unauthorized access to cryptographic operations or keys.
  6. Insufficient Auditing and Logging: Without adequate auditing and logging mechanisms in place, it can be difficult to detect and respond to unauthorized access attempts or security breaches in a timely manner, allowing attackers to exploit vulnerabilities more easily.
  7. Unchecked External Calls: Smart contracts often interact with other contracts. If the access controls on the external contract aren’t properly checked, an attacker could exploit a vulnerability in the first contract to manipulate the second one.
  8. Inappropriate Access Control: Sometimes, developers mess up by making functions public that should be private. For instance, a function meant for burning tokens (removing them from circulation) might be public by mistake, allowing anyone to burn tokens and manipulate the token supply.

Overall, addressing access control bugs in cryptographic systems requires careful design, implementation, and ongoing monitoring to ensure that proper access controls are in place and that they are effective at preventing unauthorized access and protecting sensitive information.

💡 Read More About Access Control Vulnerabilities Here

Originally published at https://www.immunebytes.com on May 20, 2024.

--

--

ImmuneBytes

Build a hack-proof solution with the industry’s leading blockchain security company.