Security in WEB3 - Issue 1 : 06-June-2022

Weekly roundup on Security, Developer, Research and resources in WEB3

Security in WEB3

Jun 06, 2022

Hey Everyone!

Welcome to my first issue on Security in WEB3.

If this is the first time visiting this newsletter please consider subscribing if you like to read any of the following.

Weekly news roundup on security perspective in WEB3
Hacks and Scams info
**The total amount of loss shown are approximations and cannot guarantee that those are actual numbers/losses incurred to people/protocol or profit made by the exploiter.**
Developer resources
Research in WEB3 Security

WEB3 permanent link for this issue

News:

Former Opensea exec insider trading
Security Incidents in May 2022
Market Summary of May 2022
Follina a 0-day exploit ; Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability

Hacks:-

$90M Defi exploit went unnoticed on Terra(Mirror Protocol)
Luna Classic pricing error leads to another Mirror Protocol exploit and Anchor Protocol ~$2.8M

Scams:-

FlokiMoon ~$50k, LlamaCoin ~$53k, ArmadilloCoin ~$63K, AnonPay ~$60k, StarMan ~$52k, ADAF ~$153K, FomoDao ~$114k, BAYC Discord Compromise ~$255k

Discord Compromises:-

02-June-2022:
- GlitchGirlsNFT, killeryakuzanft, SwampverseNFT
03-June-2022:
- MarsCatsVoyage, HomelessFrenNFT
04-June-2022:
- WibinWolves, artofmob, NotBoredApes, Cardania_2021, CamoChameleonC, BoredApeYC
05-June-2022 :
- SpaceRiders_NFT

Developer resources:

Building EVM from scratch part1, part2, part3
Honeypot contract trapped by an MEV bot
Solidity Patterns
How to read private variables in Solidity smart contract from outside
Foundry New release “Solidity Scripting & Deployments“
Common Smart contract vulnerabilities
MEV attacks resources
Know Your Worth in WEB3
NFT Analyst Starter Pack by a16z
Community Intelligence tools by 2.5.dev

Research/Reading:

Education about stablecoins
DeFi toolkit
MEV explorer
ZK Research repository
WEB3 Tool Explorer
zk-Crush ❤️ - Tell your crush you like them with zero-knowledge

Videos to watch:

On-Chain Forensics: Why UST De-Pegged? by the Nansen team
Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript – 32-Hour Course by Patrick Collins
Why You Can't Afford to Ignore MEV | Hasu & Stephane, Flashbots
Web3 With a16z: Blockchains / crypto / web3 (Podcast)

If you like the compilation please consider following @0xViking and @securityinweb3

Weekly Spotlight :

This is a section where every week I will highlight one must-follow Twitter account.

“CIA Officer” - Independent Security Researcher; Lobster DAO Admin; Gitcoin & LidoGrants Grantee; ENSdomains Delegate; Former Immunefi.

CIA Officer is a security researcher who not only investigates crypto hacks but also openly shares his methodology

Follow CIA Officer on Twitter

Discussion about this post

No posts

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts