EthSecurity

- From PowerShell to Payload: Darktrace’s Detection of a Novel Cryptomining Malware - link - How to secure $70 billion in DeFi: Aave's approach to Web3 security - link - The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades. - link @EthSecurity1

Aztec Router exploit for $2.1M Rootcause: deposit transactions were committed to the rollup state root, while the corresponding fund-transfer obligation could be bypassed. https://etherscan.io/tx/0x074ec9317d8336db37e8c348fbdd7515573ff4088239c77ab429f522509aeeb1 @EthSecurity1

Aztec Router exploit root cause: deposit transactions were committed to the rollup state root, while the corresponding fund-transfer obligation could be bypassed. @EthSecurity1

- Coinbase thinks vibe-coding 50% of its platform is a good idea. - link - Paradigm’s Reth Client Bug Briefly Freezes Ethereum Mainnet Nodes. - link - Phished Founder, Liquidated Thief by Rekt. A rollercoaster of a $13M theft and recovery through a swift governance action by Venus Protocol. - link @EthSecurity1

- A Developer’s Guide to Building Safe Noir Circuits - link - How to Recover Your Browser Wallet Extension from a Sudden Failure? - link @EthSecurity1

https://www.youtube.com/watch?v=_T4OyfUoJ1I @EthSecurity1

https://www.reddit.com/r/Monero/comments/1u1tt1p/psa_critical_p2pool_security_update @EthSecurity1

- A theory of Lending Protocols in DeFi - link - LLM-Augmented Explanations for Graph-Based Crypto Anomaly Detection -link - Unexpected security footguns in Go's parsers - link @EthSecurity1

OpenMonero hacked again! 200 XMR stolen @EthSecurity1

How a hacker stole $1.34M from Raydium: - finds a bug inside Raydium's old 2021 code - targets 5 forgotten liquidity pools that were no longer being used. - generates fake ownership receipts to trick the system. - convinces the old program/code that he has liquidity that he never deposited. - withdraws real funds from the pools walks away with: > 150,177 $RAY > 5,603 $SOL > 893,700 $USDC @EthSecurity1

Raydium’s Legacy AMM V3 Exploited for $1.34 Million via LP Mint Validation Flaw @EthSecurity1

flash-loan exploit on mainnet for ~0.3225 ETH from the $SHIP Rootcause: $SHIP (Shina Printer) is an auto-reward token: it accrues an ETH "tax" and pays holders dividends in $SHI. To fund payouts, its distributor (0xa4EcC3c0…) market-buys $SHI on a Uniswap pool , with ZERO slippage protection. Attack TX: https://etherscan.io/tx/0x9868536a8c5b0414a5b6ef8fc534cb9cb8d7b6aa748d6a038f03228c529e8b2f @EthSecurity1

$TOP hacked for $1.59M Rootcuases: The attacker acquired more than 50% of TOP voting power, due to the token’s low market value, execute a governance proposal that minted a large amount of TOP to themselves @EthSecurity1

- What Are BLS Signatures and How Do They Work? - link - Pairing-Based Cryptography Demystified: A Deep Dive into Elliptic Curves - link @EthSecurity1

Syscoin hacked FOR 5B SYSCOIN An attacker exploited a validation issue in the bridge flow that resulted in an unauthorized SYS output being created on the UTXO side. The affected funds were moved and split after reaching the UTXO chain. We are actively tracing those funds and coordinating with exchanges and ecosystem partners to prevent the tainted outputs from being deposited, traded, or further distributed. @EthSecurity1

seems fixedfloat lock assets and never take back to users. do you verify it? @EthSecurity1

Why ZKTLS to TEE-TLS? - link - zcash exploit breakdown @EthSecurity1

Gravity Bridge did not offer a white-hat bounty. It did not send an on-chain message to the attacker. Hacker have money without legal problems @EthSecurity1

- ZK Math 101: Rings and Fields - link - Introducing sol-azy: A CLI Toolkit for Solana Program Static Analysis & Reverse Engineering - link - Move Bytecode Symbolic Execution Engine. -link @EthSecurity1

seems ZEC exploited to Mint unlimited supply and some influencers try pump to offload tokens @EthSecurity1