Daily Security

Glad to see all of the newcomers here. New materials are being collected and soon I will start sharing cool stuff. In the meantime, I would like to invite all of you to our cosy chat where we exchange knowledge I would also like to wish all of you a Merry Christmas and a Happy New Year. Stay tuned 🥰🫡🎉

UniV4 Useful Stuff🙏✌️❤️ Bad Hook with Broken Access Control https://composable-security.com/blog/uniswap-v-4-bad-hook-with-broken-access-control/ Oracle Hook with Malicious Owner https://composable-security.com/blog/uniswap-v-4-oracle-hook-with-malicious-owner/ Liquidity Theft via Hook Fee https://composable-security.com/blog/uniswap-v-4-liquidity-theft-via-hook-fee/ Re-initialization Leading to Funds Locked https://composable-security.com/blog/uniswap-v-4-re-initialization-leading-to-funds-locked/ Threats for Uniswap v4 Hooks https://composable-security.com/blog/threats-for-uniswap-v-4-hooks/ Further Research to Improve Hooks Security https://composable-security.com/blog/uniswap-v-4-further-research-to-improve-hooks-security/ 🥳Follow for more @ethers_security Chat @ethers_club

Malware in the @solana/web3.js Seen some similar cases of npm takeover in the past. Be careful💫 https://x.com/anza_xyz/status/1864085236432134264?s=46 Linkedin post Additional research https://x.com/beeman_nl/status/1864068026120786169?s=46

Gm hackers, we have made the public real-time DeFi security feed: https://t.me/defimon_alerts For bug bounty hunters we also indexed all smart contracts in scope of Immunefi to notify about proxy upgrades, governance & access control activity. Enjoy!

Hey) A telegram chat where we share blockchain tools, security checklists, osint instruments and much more. Do not hesitate to join. Reposts and likes are highly appreciated 💜💙 https://t.me/ethers_club

Interesting 😲 https://x.com/arkhamintel/status/1859262204375159129?s=61

Cairo Security Unlocked: Zero Knowledge Security Course ( 9 parts) https://youtube.com/playlist?list=PLUa3vKGsV9PofmXCLrkodJ9GoCSlSEJmW&si=RRTT7rCDV1v4Z32H Follow for more @ethers_security

Looks like the crypto casino Metawin was exploited for $4M+ on Ethereum and Solana earlier today. See 115+ theft addresses tied to the exploiter here. So far stolen funds have been transferred to Kucoin and a HitBTC nested service. Source

1inch Front-End compromised DO NOT CONNECT WALLET

URGENT: Blockaid systems have detected a potential supply chain attack targeting dApps that use Lottie Player. A new version of this npm packaged was deployed a couple of minutes ago, with multiple legitimate dApps now issuing malicious transactions: link DO NOT CONNECT YOUR WALLETS TO POP-UPS COMING ON WEBSITES

🤔

Hi, everyone. A reminder that we have a chat where we share tools, researches and many other stuff. Do not hesitate to join 🔮❤️🫡 @ethers_club

A great article showcasing that even in case everything has been compromised - the hardware wallet still can safe you on the example of the Radiant key compromise exploit. I personally use SafePal S1 as it doesn't have WiFi, Bluetooth or any other connections to the world - a fully offline device. https://medium.com/@bazzanigianfranco/how-to-not-blind-signing-safe-multi-sign-transactions-with-our-hardware-wallet-abd0cee9226c