Cyber Incident Victim: Shido
Date:
Feb 2024
Location:
—
Summary
A blockchain project suffered a security breach when attackers exploited a contract upgrade vulnerability in its Ethereum layer-2 blockchain, transferring control to a malicious contract and draining staked ETH. The incident led to approximately $35 million in losses and a significant decline in the platform's token value. Despite attempted negotiations, the perpetrators retained the stolen funds. The team paused the blockchain network and launched an investigation, identifying a proxy contract flaw that allowed unauthorized bypass of admin privileges to execute the theft.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber incident occurred at British Judo, which was affected by a cyber attack, as reported by The Register. The attack compromised the organization's security, and the spokesperson declined to specify how many members may be affected, stating that it was a small number. The incident involved the use of cookies, including necessary, functional, targeting, and performance cookies, which may have been used to steal user data or disrupt the website's operation. The attack highlights the need for robust cybersecurity measures to protect against such threats and ensure user privacy.
The incident was also mentioned in a report showcasing in-depth case studies of two significant incidents, Shido and ALI. The report highlighted the swift response and collaboration within the Web3 community, emphasizing the efficacy of proactive measures in mitigating the impact of security breaches. However, the report did not provide detailed information about the Shido incident.
Another article discussed the volatility of the crypto market and the need for robust security frameworks. The article mentioned the Shido incident as an example of the importance of community fears and the need for vigilance in the crypto market. The SlowMist security team also reported on the incident, recommending that project operators remain vigilant and regularly conduct security audits to identify and address new security threats and vulnerabilities.
The incident was not included in the list of cyber incidents with a political dimension initiated against Sweden. The list included incidents such as the disruption of access to several websites of Swedish governmental institutions by a pro-Russian hacktivist group. However, the Shido incident was not mentioned as one of the incidents.
The attack compromised the confidentiality, integrity, and availability of the British Judo website. The use of cookies, including targeting and performance cookies, may have compromised the confidentiality of user data. The incident may have also compromised the integrity of the website, as the attack may have involved the manipulation or destruction of data. The availability of the website may have been affected, as the attack may have disrupted the website's operation.
The motives behind the attack are not clear, but it may have been driven by a desire for personal gain or notoriety. The attack may have been carried out by an individual or a group seeking to exploit vulnerabilities in the website's security. The use of cookies and other tracking technologies may have been used to steal user data or disrupt the website's operation.
The tactics, techniques, and procedures used in the attack are not well-documented, but it may have involved the use of phishing or other social engineering tactics. The attack may have also involved the exploitation of vulnerabilities in the website's software or hardware. The use of cookies and other tracking technologies may have been used to gain unauthorized access to user data.
The threat actors behind the attack were not identified, and it is not clear whether they were individuals or groups. The attack may have been carried out by a single individual or a group of individuals working together. The use of cookies and other tracking technologies may have been used to conceal the identity of the threat actors.
The incident highlights the importance of robust cybersecurity measures to protect against such threats and ensure user privacy. The use of cookies and other tracking technologies can be used to steal user data or disrupt a website's operation. The incident also emphasizes the need for vigilance and proactive measures to mitigate the impact of security breaches.
The British Judo organization responded to the incident by notifying its members and advising them to report any unauthorized or suspicious activity. The organization also recommended that members contact their credit or debit card suppliers with any inquiries. The incident highlights the need for organizations to have robust cybersecurity measures in place to protect against such threats and ensure user privacy.
The incident also raises questions about the use of cookies and other tracking technologies on websites. The use of these technologies can be used to steal user data or disrupt a website's operation. The incident highlights the need for organizations to be transparent about their use of cookies and other tracking technologies and to provide users with clear information about how their data is being used.
The incident is a reminder of the importance of cybersecurity and the need for organizations to have robust measures in place to protect against such threats. The use of cookies and other tracking technologies can be used to steal user data or disrupt a website's operation. The incident highlights the need for organizations to be vigilant and proactive in mitigating the impact of security breaches.
The incident also emphasizes the need for users to be aware of the risks associated with using websites and to take steps to protect themselves. The use of cookies and other tracking technologies can be used to steal user data or disrupt a website's operation. The incident highlights the need for users to be cautious when using websites and to take steps to protect their personal data.