Security in WEB3 - Issue 2 : 13-June-2022
Weekly roundup on Security, Developer, Research and resources in WEB3
Hey Everyone!
Welcome to my Second issue on Security in WEB3.
If this is the first time you are visiting this newsletter please consider subscribing if you like to read any of the following.
Weekly news roundup on security perspective in WEB3
Hacks and Scams info
**The total amount of loss shown are approximations and cannot guarantee that those are actual numbers/losses incurred to people/protocol or profit made by the exploiter.**
Developer resources
Research in WEB3 Security
News:
Ropsten Merge summary and AllCoreDevs call summary happened on Friday
(Web 2), (Web 3) -> (Web 5): Web5: An extra decentralized web platform by Jack Dorsey
This Vigilante Keeps Crypto Safe From Thieves by Hacking It First
Do Kwon cashed out $2.7B over 33 times $80M each before Luna crash and he denies it
Mastercard to allow direct NFT purchases in partnership with marketplaces
Cross-chain swap by DiverseFi
Move to Earn app STEPN suffered multiple DDoS attacks
Hacks:-
Optimism 20M OP tokens exploit - Hacker sold 1M tokens and sent 18M back.
Osmos DEX on cosmos network exploited for $5M was first warned by a Reddit user
The Maiar Exchange a DEX on the Elrond blockchain was exploited for $113M was first reported by Foudres_
GymNet flash loan exploit worth $716k at the time of exploit
TreasureSwap exploit resulting in $1M
ApolloX Exchange exploit of approximately $2.1M
Bounties:-
Aurora DELEGATECALL vulnerability disclosed, $200 million was at risk, $6 million bounty paid
OpenSea Wyvern vulnerability disclosed, $3 million bounty paid
Sense oracle manipulation vulnerability disclosed, $50k bounty paid
Scams:-
Discord Compromises:-
06-June-2022:
07-June-2022:
08-June-2022:
09-June-2022 :
10-June-2022 :
11-June-2022 :
12-June-2022 :
Developer resources:
Ethereum Developer tools list by Consensys
Ethereum Developer Tooling Landscape by Dappcamp
Awesome WEB3 Security repo by AnugrahSR
Awesome ZKProofs resources by Matter Labs(ZKSync)
Awesome ZK by Ventali Tan
Library of Ethereum by ArpitIngle
Token cheatsheet by EatTheBlocks
Paradigm updated the testnet faucet (100 ETH per wallet per day and multiple test NFTs)
Research/Reading:
Blockchain Learning path by Rudra Singh
Rust For Web3 Hacking by Timur Guvenkaya
Consider following @0xViking and @securityinweb3
Weekly Spotlight :
This is a section where every week I will highlight one must-follow Twitter account.
“Adrian ⛩️ Hetman 🐺⚔️“ Security Researcher @Immunefi.