EthSecurity

- Unphishable - a series of educational challenges to help you understand and identify common Web3 phishing attacks - - Catching Phishing Ethereum Smart Contracts leveraging EVM Opcodes - link @EthSecurity1

Michael Kong, Andre Cronje, and David Richardson are resigning from the Sonic Labs board . Note: sonic funded hundred millions @EthSecurity1

seems @namada MASP hacked ~$600K ATOM, USDC, OSMO, TIA, NYM all swept from the shielded pool (over IBC) - Privacy chain + stale indexer = invisible hack @EthSecurity1

@mySwapxyz (Starknet) Hacked ~$305K Rootcause : Attacker deployed a fake "EVIL" token to manipulate the pool accounting and drain the shared vault: 137.96 ETH, 45K USDC, 19.9K USDT, 230K STRK voyager.online/contract/0x029f9de5cafb30f55e4a6f4f032e8774958520c1649b3a0441f1354c0b330518 https://starkscan.co/contract/0x29f9de5cafb30f55e4a6f4f032e8774958520c1649b3a0441f1354c0b330518 @EthSecurity1

Axelar bridge hacked for $4.67M https://x.com/suplabsyi/status/2068085352343220519 @EthSecurity1

Axelar bridge hacked for $4.67M https://x.com/suplabsyi/status/2068085352343220519?s=61 @EthSecurity1

- Advanced Foundry Cheatcodes Series Part 1 Part 2 Part 3 Part 4 - OpenSense - Starknet Cairo's Security - link - DPRK Civil Engineer Fake Profile Process. Actual DPRK instructional video on how to create their civil engineering profile(s). And here is a sample session with a DPRK Licensed Civil Engineer. @EthSecurity1

seems Aztec hacked twice $2.1M @EthSecurity1

- Blockchain Forensics: Attribution Techniques and the Role of OSINT. -link - Abusing Developer Trust in Cursor and VS Code Remote Development - link - Safer cold storage on Ethereum - link @EthSecurity1

- Blockchain Forensics: Attribution Techniques and the Role of OSINT. -link - Abusing Developer Trust in Cursor and VS Code Remote Development -link

- From PowerShell to Payload: Darktrace’s Detection of a Novel Cryptomining Malware - link - How to secure $70 billion in DeFi: Aave's approach to Web3 security - link - The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades. - link @EthSecurity1

Aztec Router exploit for $2.1M Rootcause: deposit transactions were committed to the rollup state root, while the corresponding fund-transfer obligation could be bypassed. https://etherscan.io/tx/0x074ec9317d8336db37e8c348fbdd7515573ff4088239c77ab429f522509aeeb1 @EthSecurity1

Aztec Router exploit root cause: deposit transactions were committed to the rollup state root, while the corresponding fund-transfer obligation could be bypassed. @EthSecurity1

- Coinbase thinks vibe-coding 50% of its platform is a good idea. - link - Paradigm’s Reth Client Bug Briefly Freezes Ethereum Mainnet Nodes. - link - Phished Founder, Liquidated Thief by Rekt. A rollercoaster of a $13M theft and recovery through a swift governance action by Venus Protocol. - link @EthSecurity1

- A Developer’s Guide to Building Safe Noir Circuits - link - How to Recover Your Browser Wallet Extension from a Sudden Failure? - link @EthSecurity1

https://www.youtube.com/watch?v=_T4OyfUoJ1I @EthSecurity1

https://www.reddit.com/r/Monero/comments/1u1tt1p/psa_critical_p2pool_security_update @EthSecurity1

- A theory of Lending Protocols in DeFi - link - LLM-Augmented Explanations for Graph-Based Crypto Anomaly Detection -link - Unexpected security footguns in Go's parsers - link @EthSecurity1

OpenMonero hacked again! 200 XMR stolen @EthSecurity1

How a hacker stole $1.34M from Raydium: - finds a bug inside Raydium's old 2021 code - targets 5 forgotten liquidity pools that were no longer being used. - generates fake ownership receipts to trick the system. - convinces the old program/code that he has liquidity that he never deposited. - withdraws real funds from the pools walks away with: > 150,177 $RAY > 5,603 $SOL > 893,700 $USDC @EthSecurity1