Introduction Date of Hack: September 4th, 2023Entities Involved: Stake.com, Potential North Korea-affiliated HackersAmount Lost: $41 MillionKey Vulnerability: Suspected Compromise of Stake’s Hot Wallet Private Keys The following report provides an …
-
-
Crypto Hacks & ExploitsWeb3 Security
Mixin Network Security Breach—Sep 23, 2023—Detailed Analysis
by ImmuneBytesby ImmuneBytesOverview Mixin Network, a blockchain-based peer-to-peer network for digital assets, experienced a significant security breach on September 23, 2023. The hack resulted in a loss of approximately $200 million, with …
-
Crypto Hacks DirectoryWeb3 Security
List of Crypto Hacks in the Month of September
by ImmuneBytesby ImmuneBytesSep 1 On 1 Sept 2022, @KyberNetwork faced a breach, compromising UI due to an ex-employee’s compromised Cloudflare account. Attackers exploited this to display deceptive “Increase Allowance” prompts, affecting two …
-
Crypto Hacks & ExploitsNFTWeb3 Security
API Exploits: A Common Attack in NFT Marketplaces
by ImmuneBytesby ImmuneBytesOverview In the context of NFTs, an API is defined as a set of rules and protocols that allow software applications, including websites and mobile apps, to interact with and …
-
CryptoCrypto Hacks & ExploitsNFTWeb3 Security
Token ID Spoofing Attack on NFTs
by ImmuneBytesby ImmuneBytesIntroduction Non-fungible tokens (NFTs) have exploded in popularity, offering unique digital ownership on blockchain platforms. While NFTs introduce a revolutionary way of ascertaining digital ownership, they also bring in potential …
-
Smart Contract AuditWeb3 Security
Zero-Value Token Transfer Phishing Attack
by ImmuneBytesby ImmuneBytesIntroduction In the evolving landscape of blockchain and cryptocurrency, new attack vectors and scams continue to emerge, targeting unaware users. One of the recent scams is the “Zero-Value Token Transfer …
-
BlockchainSmart Contract AuditWeb3 Security
DoS with Unexpected Revert
by ImmuneBytesby ImmuneBytesIntroduction Denial of Service (DoS) attacks are not just limited to conventional web servers; they can also be executed against blockchain smart contracts. One such attack vector in the Solidity …
-
Smart Contract AuditWeb3 Security
Time-Dependent Function Manipulation in Solidity Smart Contracts
by ImmuneBytesby ImmuneBytesThe Vulnerability Smart contracts on Ethereum often have time-sensitive logic, whether it’s for auctions, lotteries, or token vesting. These time-sensitive functionalities commonly depend on the block.timestamp for execution. The problem …
-
Overview Time jacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a time-jacking attack, a hacker alters the network time counter of a node on the blockchain network and …
-
Smart Contract AuditWeb3 Security
Arithmetic Issues in Solidity Smart Contracts
by ImmuneBytesby ImmuneBytesIntroduction Arithmetic issues, specifically integer overflow and underflow, are common vulnerabilities in Solidity smart contracts. These issues occur when unsigned integers exceed their maximum value or go below their minimum …