SlowMist

SlowMist

By Medium September 10, 2023 In Blockchain

The Hidden Risks of Hash Functions: Length Extension Attacks and Server-Side Security Vulnerabilities

Introduction A Length Extension Attack is a specific vulnerability associated with certain types of hash functions like MD5, SHA-1, and SHA-2. Simply put, this type of attack exploits the fact that given ( H(text{message}) ) and the length of the message, one can easily calculate ( H(text{message} mathbin{Vert} text{padding} mathbin{Vert} text{extension})…

Advertisement

SlowMist Weekly Security Report August 28th to September 3rd

Weekly Update: Approximately $830,000 Lost in Web3 Security Incidents Overview According to statistics from SlowMist’s Blockchain Hacking Archive (https://hacked.slowmist.io), from August 28 to September 3, 2023, there were a total of 7 security incidents, resulting in an estimated loss of approximately $830,000. Specific Incidents Ivan Bianco On August 29, 2023, Ivan Bianco, a Brazilian YouTube…

Advertisement

SlowMist Weekly Security Report August 21 to 27

Weekly Update: Web3 Security Incidents Result in Approximately $10.61 Million in Losses Overview According to data from SlowMist’s Hacked Archive, between August 21 and August 27, 2023, there were 8 recorded security incidents, resulting in an estimated total loss of $10.61 million. Incidents Details Fake LayerZero Token On August 21, 2023, a fraudulent…

SlowMist Weekly Security Report August 14 to 20

Weekly Web3 Security Update | Approximately $19.963 Million in Losses — Overview According to data from the SlowMist Blockchain Hacked Archive, from August 14 to August 20, 2023, there were a total of 10 security incidents with an estimated loss of about $19.963 million. Incident Details: MEV Bot On August 14, 2023, Hexagate tweeted that in the past few days, a single MEV…

SlowMist Weekly Security Report August 7 to 13

Weekly Recap: Web3 Security Incidents Result in Approximately $122 Million in Losses — According to the data from SlowMist’s Hacked Archive , from August 7th to 13th, 2023, there were seven security incidents involving platforms like Cypher, Steadefi, STA, Blockchain Capital, Earning.Farm, certain MPC wallets, and Fetch.ai. …

Establishing On-Chain Communication After an Incident

Background: According to the “2023 H1 Blockchain Security and Anti-Money Laundering Report” published by SlowMist, there were 10 instances in the first half of 2023 where losses from attacks were either fully or partially recovered. The total stolen amounted was approximately $232 million from these 10 cases, of which $219…

SlowMist Weekly Security Update July 24 to 30

Weekly Update | Approximately $59.63 Million Lost to Web3 Security Incidents Overview According to statistics from the Slowmist Blockchain Black Archives (https://hacked.slowmist.io), from July 24 to 30, 2023, there were seven security incidents involving Palmswap, MetaLabz, Eralend, Carson, DefiLabs, Kannagi Finance, and Curve Finance. The total estimated loss stands at…

Analysis of Palmswap incident

On July 25, 2023, the Palmswap project on the Binance Smart Chain (BSC) fell victim to an attack, resulting in the attacker gaining profits exceeding $900,000. Following the intervention and analysis by the SlowMist security team, the results are now being shared as follows: Background Information: Palmswap v2 offers a…

How does the False Top-up attack break through the defense of the exchange?

Fake deposit attacks refer to the tactics where attackers exploit vulnerabilities or system errors in the exchange’s processing of deposit operations. They send counterfeit transaction data to the exchange wallet addresses, which the exchange mistakenly identifies as legitimate deposit requests, and subsequently credits the corresponding digital assets or currencies into…

Beware of Covert Rug Pulls, Exit Scams Driven by Contract Storage Manipulation

Background From the summer of DeFi to the present day, we’ve weathered a storm of vulnerabilities, backdoors, exit scams, and other underhanded tactics. We’ve learned the hard way to be vigilant, scrutinizing token contract permissions, checking token distributions, and reviewing contract codes to protect our assets when we participate in…

SlowMist Weekly Security Report

Weekly Report | Web3 Security Incidents Result in Estimated Losses of $30.6 Million Overview According to statistics from the SlowMist blockchain hack archive (https://hacked.slowmist.io), between July 17 and 23, 2023, there were seven security incidents, including breaches affecting BNO, GMETA, Shell Protocol, PleasrDAO, Uniswap founder Hayden Adams’ Twitter account, two…

Intro to Smart Contract Security Audit — Signature Replay

In the previous article, we discussed front running attacks within Ethereum and the various stages a transaction undergoes from initiation and signing by the sender to being included in a block by the miners. This time, we’ll focus on a classic vulnerability in smart contracts known as Signature Replay. Background Logically…

SlowMist: 2023 Mid-Year Blockchain Security and Anti-Money Laundering Report

This report delves into blockchain ecosystem security, summarizing key security incidents and funds recovery status in the first half of 2023. It aims to help readers identify suspicious transaction patterns and behaviors by analyzing typical cases, and explore the anti-money laundering landscape within the blockchain ecosystem. Due to space constraints…

SlowMist: The Ultimate Guide to Supply Chain Security in the Web3 Industry

Background Overview As the Web3 industry continues to evolve, there is growing focus on supply chain security from both the industry itself and the global community. In modern software development, reliance on diverse third-party components and external services has made software supply chains increasingly intricate and expansive. …

SlowMist: Web3 Wallet Security Audit Upgrade

On June 3, multiple Atomic Wallet users posted on social media that their wallet assets had been stolen. According to analysis, the total loss of Atomic Wallet users who had their assets stolen is now approximately $35 million. As the key to opening the Web3 world, Web3 wallets are responsible…

SlowMist: A Brief Analysis on the Cellframe Hack

On June 1, 2023 Cellframe experienced a flash loan attack, resulting in a 41.2% decline in the price of Cellframe ERC20 v2. We promptly carried out an investigation and uncovered the following information: Relevant Information: Attacker’s address: 0x2525c811EcF22Fc5fcdE03c67112D34E97DA6079 Attacker’s contract address: 0x1e2a251b29e84e1d6d762c78a9db5113f5ce7c48 Attack transaction: 0x943c2a5f89bc0c17f3fe1520ec6215ed8c6b897ce7f22f1b207fea3f79ae09a6

Navigating Hong Kong’s Latest Anti-Money Laundering Regulations

On May 23, 2023, the Hong Kong Securities and Futures Commission (SFC) announced the “Summary of Consultation on Proposed Regulatory Provisions Applicable to Licensed Operators of Virtual Asset Trading Platforms.” It was noted that the consultation period ended on March 31, during which the SFC received 152 feedback submissions from…

SlowMist: Understanding the Principles and Scalability Issues of Ed25519

Ed25519 is an elliptic curve-based digital signature algorithm that is efficient, secure, and widely adopted. This algorithm is utilized in a myriad of applications, including but not limited to, TLS 1.3, SSH, Tor, ZCash, WhatsApp, and Signal. This article aims to shed light on the following aspects: 1. Introduction to…

Published on

Medium

View the full article

You may also like