In February 2022, OpenSea fell prey to a major phishing attack that resulted in over $1.7 million in nonfungible tokens (NFTs) being stolen from users. It wasn’t the only incident: Blockchain users reportedly lost $3.9 billion to fraudulent activity in 2022 alone. As we entered 2023, there was a chorus of promises to increase security within the crypto space. But, so far, things haven’t significantly changed. Companies that utilize blockchain still aren’t doing enough to prevent scams. If blockchain technology is going to see mass adoption, companies will have to change their approach from the bottom up. By focusing on …
The Uniswap DAO has approved a second non-binding proposal, called a “temperature check,” to make Wormhole the official bridge for cross-chain governance of the protocol between BNB Chain and Ethereum, according to the official proposal page. BREAKING: Wormhole has won the vote to be Uniswap's designated bridge to the Binance Chain! This is a major step forward in the development of the DeFi ecosystem. #DeFi #BNBChain #Uniswap #Wormhole — BitArchive (@ChainArchives) January 31, 2023 The proposal will now become part of a final plan to deploy Uniswap V3 to the BNB Chain, which will go up for a binding governance …
Summa founder James Prestwich has accused the $382 million LayerZero bridging protocol of hosting a “critical vulnerability.” According to a Jan. 30 post by Prestwich, this vulnerability “could result in theft of all user funds.” LayerZero CEO Bryan Pellegrino has called Prestwich’s accusation “absolutely shocking” and “wildly dishonest,” claiming that the vulnerability only applies to applications that don’t modify the default configuration. Absolutely shocking that a competitor would put out a wildly dishonest post about us. Happy to have @zellic_io @osec_io @ZOKYO_io or any other of the auditing firms come comment and dispel but let me summarize. If you set …
Solana Foundation, the non-profit organization of the Solana Network, disclosed on Jan. 14 a security incident involving its email service provider Mailchimp. According to an email sent to users and seen by Cointelegraph, the Foundation was informed by Mailchimp on Jan. 12 that "an unauthorized actor accessed and exported certain user data from the Solana Foundation’s Mailchimp instance." Among the information accessed and exported in the incident were user's names and Telegram usernames. The Solana Foundation stated: "Based on the information we have received from Mailchimp, the affected information may have included, inter alia, email addresses, names, and Telegram usernames, …
App-specific blockchains, or appchains, are specifically designed to support the creation and deployment of decentralized applications (DApps). In an appchain, each app runs on its separate blockchain, linked to the main chain. This allows for greater scalability and flexibility, as each app can be customized and optimized for its specific use case. Appchains are also an alternative solution for scalability to modular blockchains or layer-2 protocols. Appchains present similar characteristics to modular blockchains, as it is a type of blockchain architecture that separates the data, transaction processing and consensus processing elements into distinct modules that can be combined in various …
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
There is no excuse for not putting a few hours of research into how to properly custody your crypto, according to lead on-chain analyst James Check. Joining the latest debate around self-custody, the analyst pushed back against the notion that managing private keys is too complicated and risky for the average crypto user. “If you have gold in your vault, if you have cash in your wallet, it's the same concept: you need to exercise a level of responsibility,” said Check in our latest Cointelegraph interview. Check argued that, while third-party custody and semi-custodial solutions such as collaborative custody may …
It’s no secret that in 2022 the world of Web3 and decentralized finance (DeFi) experienced a slew of major exploits and attacks. From the Ronin bridge attack to the Nomad hack, the top 10 exploits alone saw over $2 billion lost. In the Beosin Global Web3 Security Report 2022, it revealed that of 167 major security incidents over the last year those rooted in DeFi were the most vulnerable. DeFi projects were attacked 113 times, which accounted for approx. 67.6% of recorded attacks. This is followed by attacks on exchanges, nonfungible token (NFT) projects, cross-chain bridges and wallets in that …
In a Jan. 6 tweet, Balancer warned certain liquidity providers to remove their LPs "ASAP" as there is an ongoing issue related to some of the protocol's pools. Other pools have had their fees set to zero by the balancer emergency multisig, which the team claims to have "mitigated" the issue. Not all pools could be mitigated in this way, however. Balancer listed the pools that need to be withdrawn include DOLA / bb-a-USD on Ethereum, It's MAI life and SmellsLike Spartan Spirit on Optimism, and Tenacious Dollar on Fantom. IMPORTANT: Because of a related issue, LPs of the following …
NFT Influencer CryptoNovo announced on Jan 4. that they have fallen victim to a cyberattack and lost two cryptopunks. The post on Twitter says “I just got hacked!!! Are you kidding me!?!” and includes a screenshot from OpenSea displaying two cryptopunks being transferred to another address. I just got hacked!!! Are you kidding me!?! pic.twitter.com/r1xS0mhD6P — CryptoNovo (@CryptoNovo311) January 4, 2023 The two cryptopunks were immediately sold by the attacker, one for 70 ETH (worth an equivalent $88,434 at time of publication) and the other for 199 ETH ($251,404). This implies that CryptoNovo lost over $300K worth of cryptopunks in …
Hackers have started the year with another exploit, with several million being taken from a whale holding large amounts of decentralized finance (DeFi) protocol GMX’s native token. On Jan. 3, various community members saw suspicious movements of GMX tokens. Following this, security firms CertiK and PeckShield flagged the transactions as an exploit that drained $3.4 million worth of GMX tokens from a GMX whale. According to data analysis platform Lookonchain, the hackers took control of 82,519 GMX tokens and exchanged the assets for 2,627 Ether (ETH). Then, the attackers cross-chained the assets to the Ethereum network using Hop Protocol and …