Parcl Front-End and Twitter Compromised Phishing

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Malicious Transactions From the Parcl DApp

Parcl is a decentralized smart contract service which allows investment/speculation on real estate prices. On August 19th, an attacker was able to gain access to the official Twitter account and domain management portal for Parcl. The attacker rerouted the Parcl website to their own server and posted a malicious website, which tricked users into signing undesirable transactions. Transactions would receive assets and claim to refund them back, however when actually executed, the transaction would not perform the refund due to a variable value which was changed. Due to the compromise of both the Twitter and main domain, users were tricked out of assets up to 0.25% of the TVL.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22]

About Parcl

"Speculate on Rising & Falling Real Estate Markets. Liquid exposure to real estate, for everyone. Earn a portion of trading fees by providing liquidity."

"Driven by Parcl Labs, Parcl price indexes are meticulously crafted from vast real estate data reservoirs, encompassing millions of data points from cities across the globe. As leaders in real estate analytics, Parcl Labs continually refines and recalibrates to ensure each index mirrors real-time, city-specific real estate values down to the median price per square foot. At Parcl, our commitment goes beyond numbers; it's about offering a transparent, authentic, and tradable view of the global urban landscape's evolving pulse."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"Monday at approx. 10 pm UTC, Parcl experienced a Front End & Social Account compromise. Specifically, a compromised account with access to the parcl (dot) co domain registrar repointed the nameserver records to an external provider."

Key Event Timeline - Parcl Front-End and Twitter Compromised Phishing
Date Event Description
August 19th, 2024 4:00:00 PM MDT Reported Exploit Time The approximate time of the exploit, according to the Parcl team's security update.
August 19th, 2024 4:05:00 PM MDT PocketUniverse Tweet Pocket Universe, a browser extension that helps keep assets safe, reports on the compromise of the parcl website. They've blocked the site. At the time, the Twitter/X account is also appearing to be compromised.
August 19th, 2024 4:17:00 PM MDT Parcl Help Tweet Parcl tweets from their help account to report that they are investigating a breach of their official website and Twitter account.
August 19th, 2024 4:22:00 PM MDT Parcl Intern Tweet Parcl tweets from their Parcl_Intern account to also notify of the breached accounts.
August 19th, 2024 8:20:00 PM MDT Parcl Help Update The Parcl team posts an update.

Technical Details

"That element of the exploit appears to have been the most sophisticated & managed to circumvent multiple layers of account recovery methods, including 2fa."

"The smart contracts & exchange are secure and any exploits that occurred were limited to affected users clicking a compromised link and signing malicious transactions."

"it's common on solana drainers atm they use a technique called bitflipping

basically the original scam is - transfer 100 USDC out - then if A=1 transfer 100 USDC back

so the simulation shows 0 USDC moved

but when it's executed, they change A=0 so you don't get the USDC back"

Total Amount Lost

"Preliminary analysis suggests the impact is contained to approx. 0.25% (25 basis points) or less of TVL equivalent. There was no known impact to any @ParclLimited or @ParclFoundation related systems or services."

According to DefiLlama, the TVL of Parcl is $23.9m. According to Parcl, up to 0.25% was potentially compromised, which is $59,750 or $60k.

The total amount lost has been estimated at $60,000 USD.

Immediate Reactions

"The website frontend of Solana ecosystem real estate trading protocol Parcl has been hacked, extracting tokens from users' Solana wallets and displaying fake transaction results in Phantom. Parcl’s official X account also appears to have been compromised, posting information related to PARCL rewards."

"Odaily Planet Daily reports that the Web3 security company Pocket Universe posted on X (formerly Twitter) indicating that they detected a hack on the front-end of the Parcl official website. The attackers are extracting tokens from users' Solana wallets and displaying false transaction results in Phantom."

"We've detected a frontend hack on @Parcl's official website. It drains tokens from your Solana wallet And displays fake tx results in Phantom. Let your friends know."

"The development team recognized this issue within 30 minutes of the incident, immediately initiated a freeze of the exchange, & took the required action to remediate DNS services."

"If your wallet was impacted, please submit a support ticket in the Parcl Discord; the moderators & community team are standing by to assist."

"The development team is working as fast as possible to secure and restore the Domain, re-open the exchange, and regain access to critical channels, namely the @Parcl twitter account.

We appreciate your patience & continued support"

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Accessed Aug 20, 2024)
  2. 安全公司:Parcl官网前端疑遭攻击_快讯-odaily (Accessed Aug 20, 2024)
  3. @PocketUniverseZ Twitter (Accessed Aug 20, 2024)
  4. @_degenXBT Twitter (Accessed Aug 20, 2024)
  5. @nishthenomad Twitter (Accessed Aug 20, 2024)
  6. @Le___Belge Twitter (Accessed Aug 20, 2024)
  7. @CryptoTaxSucks Twitter (Accessed Aug 20, 2024)
  8. @CryptoCoBean Twitter (Accessed Aug 20, 2024)
  9. @Ikh011 Twitter (Accessed Aug 20, 2024)
  10. @EKingofgam Twitter (Accessed Aug 20, 2024)
  11. @LieThesa Twitter (Accessed Aug 20, 2024)
  12. @FoxFortyTwo Twitter (Accessed Aug 20, 2024)
  13. @Parcl_Intern Twitter (Accessed Aug 20, 2024)
  14. @codeglitch Twitter (Accessed Aug 20, 2024)
  15. @Bernardo2740 Twitter (Accessed Aug 20, 2024)
  16. @Parcl_Intern Twitter (Accessed Aug 20, 2024)
  17. @miladybrain Twitter (Accessed Aug 20, 2024)
  18. @parclhelp Twitter (Accessed Aug 20, 2024)
  19. @parclhelp Twitter (Accessed Aug 20, 2024)
  20. @parclhelp Twitter (Accessed Aug 20, 2024)
  21. Parcl - Speculate on Rising & Falling Real Estate Markets (Accessed Aug 20, 2024)
  22. https://defillama.com/protocol/parcl#information (Accessed Aug 20, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Parcl_Front-End_and_Twitter_Compromised_Phishing&oldid=6275"