Security in WEB3 - Issue 4 : 27-June-2022
Weekly roundup on Security, Developer, Research and resources in WEB3
GM Everyone!
Welcome to my third issue on Security in WEB3.
If this is the first time you are visiting this newsletter please consider subscribing if you like to read any of the following.
Weekly news roundup on security perspective in WEB3
Hacks and Scams info
**The total amount of loss shown are approximations and cannot guarantee that those are actual numbers/losses incurred to people/protocol or profit made by the exploiter.**
Developer resources
News:
Chainalysis launched Crypto Crime Incident Response Program
Tether to launch Stablecoin Pegged to British Pound Sterling in early July
Solana is Going Big on Mobile(Solana Mobile Stack)—and Making a Smartphone called Saga(pre-orders for $100USDC, Planned to ship Q1 2023)
Yuga Labs Lawsuit Accuses Ryder Ripps of 'Scamming Consumers' With Fake Bored Apes
Snoop Dogg and Eminem Become Bored Apes in New Music Video
dYdX V4 will be developed as a standalone blockchain based on the Cosmos SDK and Tendermint Proof-of-stake consensus protocol
Tech Giants(Meta, Microsoft, Nvidia, Unity, Sony, and 32 other companies) Create Metaverse Standards Forum for Software and Terminology Standards
Cardano Developers Delay Vasil Upgrade, Citing Bugs
Hoskinson pitches software-enabled crypto self-regulation to Congress
Cloudfare outage on 21st June which effected multiple crypto exchanges
Acquisitions:-
Layoffs:-
Bitcoin Trading Platform Bitpanda Cuts Staff from 1000 to 730
Bybit also to layoff 20-30% according to @WuBlockchain
Uncertainties:-
CoinFlex stops withdrawals due to extreme market conditions last week & continued uncertainty involving a counterparty
Voyager Digital Cuts Daily Withdrawal Limit to $10K Amid 3AC Exposure
Invictus Capital suspends withdrawals by @web3isgreat
South Korea Bans Terraform Staff From Leaving Country Amid Probe
Ontario Securities Commission Slaps Bybit and KuCoin With Penalties
Hacks:-
XCarnival(A Metaverse Asset Bank) exploited for approximately $3.8M
Harmony Horizon bridge exploited for approximately $100M, incident summary by Stephen(Founder of harmony protocol), Harmony also announced a $1M bounty for the return of funds with no criminal charges.
White hat hacker attempts to recover 'millions' in lost Bitcoin, finds only $105
Whaleloans experienced two separate exploits on the project's stablecoin AMM contracts which has led to ~$12k in losses
Flashloan attack on pandorachainDAO ~$128K
Convexfinance DNS hijacking and 3 other crypto projects using NameCheap were also part of this attack
Scams:-
Discord Compromises:-
Chatsight Pivots Its Content Moderation A.I. to Battling Discord Scammers
20-June-2022:
21-June-2022:
23-June-2022 :
25-June-2022 :
26-June-2022 :
Developer resources:
Smart Contract Development with Foundry 🪐✨ by @dabit3 also open sourced Foundry cheatsheet
Damn Vulnerable DeFi are now implemented in the new Foundry version🚀 by @ngp2311
@developer_dao in collaboration with @0xMarcoDAO launched Contract Book Club to help become a security focused smart contract developer
Questbook Zapier Integration - A crashcourse in composability by @questbookapp
A Tool for Detecting Metamorphic Smart Contracts by @blauyourmind
Ethereum Smart contract auditor roadmap by @razzorsec and notes by @officer_cia
Free platform for learning modern cryptography by @cryptohack__
NFT gas optimization game : put data into token id by @w1nt3r_eth
Research/Reading:
The Crypto Crash is Sinking GPU Prices as Mining Profitability Plummets
How blockchain can open up energy markets: EU DLT expert explains
Tornado Cash Is Crypto Hackers’ Favorite Way to Cash Out, But Experts Say It Can Be Traced
The L2 Landscape by @neworderDAO
In-depth analysis of the mechanics behind the crypto giveaway scams & Early waning framework for Ethereum ponzi schemes
Are blockchains decentralized report by @trailofbits
Consider following @0xViking and @securityinweb3