Security in WEB3 - Issue 3 : 20-June-2022
Weekly roundup on Security, Developer, Research and resources in WEB3
Hey Everyone!
Welcome to my third issue on Security in WEB3.
If this is the first time you are visiting this newsletter please consider subscribing if you like to read any of the following.
Weekly news roundup on security perspective in WEB3
Hacks and Scams info
**The total amount of loss shown are approximations and cannot guarantee that those are actual numbers/losses incurred to people/protocol or profit made by the exploiter.**
Developer resources
Research in WEB3 Security
News:
Circle to launch EUROC on June 30th
Crypto lending platform Celsius announced it was pausing all withdrawals, swaps, and transfers between user accounts indefinitely, citing "extreme market conditions"
Three Arrow capital story!
Coinbase first rescinded 300 accepted offers and then lays off 18% of employees then many companies followed.
Jay-Z and Jack’s The Bitcoin Academy
Tether claiming a coordinated conspiracy on Tether to bring it down
chain.com flash crash due to market maker configuration error and API error
Audit of US Marshall Service’s Management of Seized Cryptocurrency
Blockchain in non-financial applications and ZKSnarks for Privacy by Vitalik
The wallet that helped trigger the UST implosion was linked to Terra Developer by an analysis firm in Korea. But FatManTerra opposes it.
Tron’s stable coin USDD depegging
SeaFlower installs a backdoor to your mobile wallets to steal your seed phrase
Lido-Staked ETH stETH depeg
Hacks:-
Inverse Finance $1.2M flash loan exploit summary in which the Hacker got assisted by an MEV Bot!
Opensea shared storefront contract issue allowed users to sell NFTs that they don’t own
Bounties:-
Halborn disclosed a critical browser-based Crypto wallet extensions vulnerability, and Metamask paid a $50K bounty. Also, affects other wallet providers’ extensions.
Scams:-
Serial scammer → approximately profited 1656 BNB(~$430K)
Retreeb deployer sold approximately 40%
HUH Token - The contract owner sent 79,920,000,000 HUH tokens to a wallet 6 months ago. Today, the wallet sold ~38 Billion via @PancakeSwap for ~$50k
Discord Compromises:-
Nansen launches its Messaging app to make WEB3 communities’ communication safer and fight Discord scams
13-June-2022:
14-June-2022:
15-June-2022:
16-June-2022 :
17-June-2022 :
ApeXClubNFT, MonoApesNFT, DBDegenSOL, YukoclanNFT, TastiesNFT(2nd time in 10 days)
18-June-2022 :
19-June-2022 :
Developer resources:
NEAR becomes the first non-EVM chain with MetaMask compatibility
DeFi Hacks Reproduce - Foundry by @1nf0s3cpt
Wrap2.0 by Nethermind
Cryptographic algorithms from 2002 to now
web3swift is an iOS toolbelt for interaction with the Ethereum network by @skywinder
Fuzzing-Like-a-Degen - A 4-hr smart contract fuzzer speed run by @0xalpharush
Chief Proxy Operator - Helps manage and create gas-efficient Proxies by @libevm
ChainWalker - extracting (crawling) smart contracts (with speed) from the blockchain by @0xSha
EVM-TRACE - EVM transaction tracing tool by @ApeFramework
Best Solidity resources by @officer_cia
Research/Reading:
WEB3 Actions - A Serverless Backend for Development Efficiency by @TenderlyApp
Machine Learning Guided Cross-Contract Fuzzing by @SCRForum
What’s New in ETH2 17th June Edition
Events this week:-
Jun 20-23 – NFT.NYC
Jun 23 – Gitcoin Grants Round 14 ends
Jun 24-26 – ETH NYC (ETH Global)
Consider following @0xViking and @securityinweb3
Weekly Spotlight :
This is a section where every week I will highlight one must-follow Twitter account.
“Joran Honig“ - Security Researcher | Bug Bounty Hunter | Security Tools | Building things @ConsensysAudits