Whitehat
25 posts
@PrismaFi faced an $11.6M exploit, but white hat hackers returned the funds after negotiating a bounty through a rescue operation. Understanding the hack's root causes is crucial to prevent future incidents. Read more about the $11M hack breakdown techfund.jp/media/Prisma-F…
#Security Alert: Understanding the $8.5 Million WOOFi Exploit On Mar 5th, WOOFi encountered a devastating flash loan attack on the Arbitrum network, resulting in loss of $8.5 million. Here's a breakdown of what happened & how you can prevent it : techfund.jp/media/WOOFi-Ha…
A few hours ago, a @minerercx exploited a vulnerability resulting in a loss of $456k. The vulnerability lies in the `_update` function. If a user transfers tokens to themselves within the same transaction, there is indeed a potential for their balance to double. This scenario arises because the `_update` function utilizes cached balance values for the sender (`from`) and recipient (`to`). When a user transfers tokens to themselves, the balance update process might not accurately reflect the change. Here's how this scenario unfolds: 1. The `_update` function is called with `from` and `to` being the same address. 2. It retrieves the cached balance for that address before the transfer. 3. It subtracts the `value` from the cached balance for the sender (`from`) and adds the `value` to the cached balance for the recipient (`to`), which is the same address. 4. The balances are updated using the cached values, potentially resulting in a doubled balance for that address. The total fund loss for the miner is almost $456k. etherscan.io/tx/0x5cc93e9d5… is the breakdown of the transaction.
🌟 Exciting Announcement from PrismBlocks Community! 🌟 We're thrilled to share that we participated in the Future Crime Summit 2024 held in Delhi, India! ✨ It was an incredible opportunity to connect with the brightest minds from the Indian government, authorities, and leading blockchain companies. At PrismBlocks, we're dedicated to shaping a secure blockchain future. Our next-gen fraud detection engine is set to redefine blockchain security. The response we received was beyond amazing! Stay tuned with us as we embark on a journey to revolutionize blockchain security worldwide. Together, we're paving the way for a safer digital landscape. 💡 #PrismBlocks #BlockchainSecurity #FutureOfTech 🚀
🚀 Solidity 0.8.24 Release Announcement 🚀 🎉 Solidity v0.8.24 is out and it comes with some interesting features 👀 1. Prepared for the "Cancun" network upgrade 2. Support for transient storage (EIP-1153) 3. Introduction of shard blob transactions (EIP-4844) 4. Integration of BLOBBASEFEE opcode (EIP-7516) 5. Introduction of MCOPY - Memory copying instruction (EIP-5656) 6. Revised SELFDESTRUCT behavior (EIP-6780) 7. Compatibility with Apple silicon chips 8. Various bug fixes and enhancements Upgrade now to leverage these advancements in your Solidity development journey! #Solidity #Blockchain #Ethereum #blockchainsecurity #hack #Crypto 🛠️💻 soliditylang.org/blog/2024/01/2…
🚨 Security Alert 🚨 @GAMEEToken has experienced a security breach! Unauthorized deployer key access led to an attack using the recoverERC721s() function, bypassing $GMEE recovery protection. Approximately 600m $GMEE has been drained from the contract. 🔗 Attack transactions: 1️⃣ polygonscan.com/tx/0x70f7e0376… 2️⃣ polygonscan.com/tx/0x2340cfdec… ⚠️ Important: The $GMEE's _transferFrom() implementation skips the allowance check, allowing the attacker to use transferFrom() without pre-approval. Exercise caution with OpenZeppelin's ERC20.transferFrom() function. Stay vigilant and follow @GAMEEToken and @prism_blocks for updates on the ongoing investigation and steps being taken to secure the platform. join our telegram community -t.me/+kyzfNY_dRN9hN… #SecurityAlert #CryptoNews #GAMEEToken #BlockchainSecurity #prism_blocks
🚨 Ethereum Rug Pulls Research🚨 Over 1,300 rug pulls on the Ethereum Mainnet share a common pattern! 💸 $32M stolen (14,000 ETH) 🤯 42,000+ victims 🕵️♂️ Scammers utilize sophisticated tactics, making tracking challenging. 📝 In-depth Analysis 📝 Revealing how scammers execute rug pulls with deceptive techniques. Notably, funds flowed into Binance Exchange hot wallets. 🔍 TL;DR 🔍 Scammers exploit FOMO by mimicking upcoming crypto projects. Token names like Wisealth, RabbitRun, DreamFi, and... Blockfence! They ride the memecoin trend with tokens such as AIPEPE, Purple Pepe, Pepe Chain, Pepe Race, and Baby Pepe. 👀 Scam Overview 👀 Thousands of tokens created with red flags: - Fake max supply - Token owner can burn holders' tokens - Infinite minting for admins - LP tokens lock - "Verified" contracts - Hidden contracts - Renouncing ownership - Automatic creation of tokens with trending memecoin names 🕵️♂️ Example 🕵️♂️ Unpacking the scam: The scammers used a prominent brand name as a trigger, illustrating their extensive operation plan. This is just one of many fraudulent tokens. 🚫 Protect Yourself 🚫 Stay vigilant! Verify project authenticity and report suspicious activity. We're actively working to combat these scams. #CryptoSecurity #RugPulls #ScamAlert #BlockchainSecurity #StaySafeCryptoFam
🚨 SECURITY ALERT 🚨 @samudaixyz has fallen victim to a significant security breach, resulting in the loss of $1.2M worth of ETH from both the founder's and multisig wallets. 🔍 Investigation is underway, and the community is urged to report any suspicious activity related to this incident. 💰 A 10% bounty has been announced for the safe return of the stolen funds. Your cooperation is vital in bringing justice to the affected party. 🔒 Stay vigilant and consider adopting FailSafe, the ultimate solution to eliminate the risk of crypto theft from enterprise wallets. #blockchainsecurity #CryptoSecurity #ETH #FailSafe #StaySafeCryptoCommunity #hack #exploit #prismblocks
