HackDig : Dig high-quality web security articles

Threat actors stole $100M in crypto assets from Harmony

Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. Today @HarmonyProtocol disclosed a breach which resulted in the theft of 85,837.252 Ethereum (approx. $99,334,302.58 USD as of this w
Publish At:2022-06-27 05:25 | Read:805 | Comments:0 | Tags:Breaking News Digital ID Hacking Blockchain hacking news Har

Managing risk in blockchain deployments

Do you need a blockchain? And if so, what kind? Trail of Bits has released an operational risk assessment report on blockchain technology. As more businesses consider the innovative advantages of blockchains and, more generally, distributed ledger technologies (DLT), executives must decide whether and how to adopt them. Organizations adopting these systems m
Publish At:2022-06-24 11:17 | Read:603 | Comments:0 | Tags:Blockchain DARPA Press Release

North Korean Lazarus APT group targets blockchain tech companies

A new advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the US Treasury Department (Treasury), highlights the cyberthreats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. The Laza
Publish At:2022-04-19 12:48 | Read:2103 | Comments:0 | Tags:Crypto Social engineering AppleJeus APT APT38 blockchain Laz

Threat actors stole at least $1.7M worth of NFTs from tens of OpenSea users

Threat actors have stolen and flipped high-valued NFTs from the users of the world’s largest NFT exchange, OpenSea. The world’s largest NFT exchange, OpenSea on Sunday confirmed that tens of some of its users have been hit by a phishing attack and had lost valuable NFTs worth $1.7 million. The phishing attack was confirmed by OpenSea Co-Fou
Publish At:2022-02-20 10:20 | Read:1642 | Comments:0 | Tags:Breaking News Digital ID Hacking Blockchain Cybercrime hacki

Cyber Awareness 2022: Consider Deepfakes, NFTs and More

From deepfakes to crypto crime to in-flight drone-based data theft, cyber awareness in 2022 will look a bit different. Good cyber awareness means knowing these risks, even if some of them sound stranger than science fiction.  Cyber Awareness and Deepfake Crime What if you got a phone call from a trusted friend or colleague to buy stocks or transfer mil
Publish At:2022-01-06 11:55 | Read:2917 | Comments:0 | Tags:Incident Response Risk Management Security Services Threat H

Customer support scammers take aim at NFT enthusiasts

Adidas has been making waves in the NFT space with a collection of footwear/bored ape crossover sales. WEN? EARLY ACCESS MINTING STARTS NOW
Publish At:2022-01-04 16:41 | Read:1107 | Comments:0 | Tags:Scams adidas blockchain crypto cryptocurrency etherium fee g

Treasury Crypto Security Sanction Blocks Exchange Favored by Ransomware Actors

The U.S. government sanctioned the cryptocurrency exchange SUEX for moving money for ransomware actors. In essence, that means U.S. citizens and corporate entities are banned from using it. The statement, released in September, is part of a wider effort to boost crypto security and “disrupt criminal networks and currency exchanges”. The First Cr
Publish At:2021-12-01 14:02 | Read:3152 | Comments:0 | Tags:News cryptojacking cryptominers blockchain security treasury

Do the Benefits of Bitcoin Outweigh the Risks?

What do Burger King and the popular “Doge” meme have in common? They both have cryptocurrencies named after their likeliness. WhopperCoin and Dogecoin are just two examples of the thousands of types of cryptocurrencies that have caught users’ attention over the past few years. Cryptocurrencies are digital tokens generated by a computer after solving complex
Publish At:2021-06-23 00:09 | Read:1418 | Comments:0 | Tags:Consumer Cyber Awareness Bitcoin cryptocurrency blockchain

Solar: Context-free, interactive analysis for Solidity

We’re hiring for our Research + Engineering team!  By Aaron Yoo, University of California, Los Angeles As an intern at Trail of Bits, I worked on Solar, a proof-of-concept static analysis framework. Solar is unique because it enables context-free interactive analysis of Solidity smart contracts. A user can direct Solar to explore program paths (e.g., t
Publish At:2021-04-02 02:45 | Read:2132 | Comments:0 | Tags:Blockchain Internship Projects

NFTs explained: daylight robbery on the blockchain

Did you hear about the JPG file that sold for $69 million? I’ll give you some more detail, the JPG file is a piece of digital art made by Mike Winkelmann, the artist known as Beeple. The file was sold on Thursday by Christie’s in an online auction for $69.3 million. This set a record for artwork that exists only digitally. Which for many people raised the
Publish At:2021-03-18 16:00 | Read:1779 | Comments:0 | Tags:Explained blockchain digital art ledger NFT NFTs non-fungibl

Confessions of a smart contract paper reviewer

If you’re thinking of writing a paper describing an exciting novel approach to smart contract analysis and want to know what reviewers will be looking for, you’ve come to the right place. Deadlines for many big conferences (ISSTA tool papers, ASE, FSE, etc.) are approaching, as is our own Workshop on Smart Contract Analysis, so we’d like to share a few
Publish At:2021-02-05 08:50 | Read:4309 | Comments:0 | Tags:Blockchain Fuzzing Research Practice

Breaking Aave Upgradeability

On December 3rd, Aave deployed version 2 of their codebase. While we were not hired to look at the code, we briefly reviewed it the following day. We quickly discovered a vulnerability that affected versions 1 and 2 of the live contracts and reported the issue. Within an hour of sending our analysis to Aave, their team mitigated the vulnerability in the depl
Publish At:2020-12-16 12:08 | Read:2721 | Comments:0 | Tags:Blockchain Exploits

Good idea, bad design: How the Diamond standard falls short

TL;DR: We audited an implementation of the Diamond standard proposal for contract upgradeability and can’t recommend it in its current form—but see our recommendations and upgrade strategy guidance. We recently audited an implementation of the Diamond standard code, a new upgradeability pattern. It’s a laudable undertaking, but the Diamond proposal and imple
Publish At:2020-10-30 16:55 | Read:2494 | Comments:0 | Tags:Blockchain

Using Echidna to test a smart contract library

In this post, we’ll show you how to test your smart contracts with the Echidna fuzzer. In particular, you’ll see how to: Find a bug we discovered during the Set Protocol audit using a variation of differential fuzzing, and Specify and check useful properties for your own smart contract libraries. And we’ll demonstrate how to do all of this using cryt
Publish At:2020-08-17 15:00 | Read:2770 | Comments:0 | Tags:Blockchain Fuzzing

Accidentally stepping on a DeFi lego

The initial release of yVault contained logic for computing the price of yUSDC that could be manipulated by an attacker to drain most (if not all) of the pool’s assets. Fortunately, Andre, the developer, reacted incredibly quickly and disabled the faulty code, securing the approximately 400,000 USD held at the time. However, this bug still highlights the ris
Publish At:2020-08-05 08:53 | Read:2737 | Comments:0 | Tags:Blockchain Exploits

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud