Security in WEB3 - Issue 5 : 04-July-2022
Weekly roundup on Security, Developer, Research and resources in WEB3
Hey Everyone!
Welcome to my fifth issue on Security in WEB3.
If this is the first time you are visiting this newsletter please consider subscribing if you like to read any of the following.
**The total amount of loss shown are approximations and cannot guarantee that those are actual numbers/losses incurred to people/protocol or profit made by the exploiter.**
Permalink for this Issue powered by @OrbisClub
Hacks🤫
go-opera code bug that allows the user to unlock the local account with HTTP/WS enabled
Twitter and YouTube accounts of the British Army were simultaneously hacked and used to promote NFT and crypto scams @web3isgreat
Another serial Twitter accounts hacker - Recently hacked @JRNYclub and @nounsdao
Solana liquidity protocol Crema Finance was exploited for around 69,500 SOL (~$2.3 million) and around $6.5 million worth of stablecoins for a total loss of around $8.8 million in notional value.
Optimism NFT marketplace Quixotic suffers exploit following contract update. The attacker was able to hack the offer feature to drain more than $100,000 in Optimism and USDC.
Public RPC gateway provided by Ankr for Polygon and Fantom were comprised via DNS hijack. Also a report and resources on how to be safe by @officer_cia
Leading NFT marketplace OpenSea has warned customers of possible phishing attacks after reporting a data breach through its email vendor
@cz_binance warns all the platforms that do user data verification amid a likely data breach caused due to a bug in an Elastic Search deployment by a gov agency from now of the ASIAN country
Infamous North Korean hacker group identified as a suspect for $100M Harmony attack
Scams😩
CFTC Charges South African Pool Operator and CEO with $1.7 Billion Fraud Involving Bitcoin
The U.S Department of Justice Announces Enforcement Action Charging Six Individuals with Cryptocurrency Fraud Offenses in Cases Involving Over $100 Million in Intended Losses. Including David Saffron(the owner of the Circle Society cryptocurrency investment platform); Michael Alan Stollery(founder and CEO of Titanium Blockchain Infrastructure Services); Emerson Pires, Flavio Goncalves, and Joshua David Nicholas, the two founders and the "head trader" of the EmpiresX cryptocurrency investment platform; Le Anh Tuan, who was one of the individuals behind the "Baller Ape" NFT rug pull in October 2021;
Fake Mining scams observed by @sniko_ and others at Consensys
News 📰
FOIA request reveals that COINBASE PROVIDING “GEO TRACKING DATA” TO ICE but Coinbase denies reports of selling customer data to the US government
Crypto Exchange CoinFLEX Claims 'Bitcoin Jesus' Roger Ver Owes It $47 Million
A couple of weeks back Coinbase announced Layoffs and Pulled Job Offers, Now they Announced their European Expansion Plan
META(Facebook) Begins Testing Ethereum and Polygon NFTs on Profiles
Meta to Shutter Novi Crypto Payments Wallet in September, Ending Libra Saga
The HTC Desire 22 Pro comes preloaded with "Viverse" apps to navigate the metaverse and manage your crypto and NFTs
Polkadot Chief Gavin Wood Announces Blockchain Governance Upgrade
EU agrees on “MiCA” regulation to crack down on crypto and stablecoins
The Ronin bridge tied to Axie Infinity is back up with a new design
Uncertainties🙆♂️
Banxa(Australian Crypto Firm) is slashing its headcount from 230 to 160 as the crypto industry’s ongoing bear market continues to weigh heavy.
Voyager Digital plans to pursue recovery through the legal system after Three Arrows Capital failed to repay two loans by the deadline.
Discord Compromises💩
03-July-2022:
02-July-2022:
01-July-2022:
30-June-2022 :
29-June-2022 :
28-June-2022 :
27-June-2022 :
Developer resources💻
Rust 1.62.0 released by @rustlang
@ConsenSys announced a partnership with @StarkWareLtd, bringing ZK-rollups to @MetaMask and @infura_io to give devs more network options for a multi-chain future → blog post by Consensys
Consider following @0xViking and @securityinweb3
Weekly Spotlight :
This is a section where every week I will highlight one must-follow Twitter account.
“@wallet_guard“ - Web3 security advocates. Also, check out their Free anti-phishing extension for Chrome & Brave