Scammers have increasingly utilizing a phishing kit known as Monkey Drainer. This kit is sold by malicious vendors to prospective scammers who are looking to steal user funds. The Monkey Drainer kit and similar phishing tools utilize a technique known as “ice phishing” to trick users into giving the scammers unlimited power to spend their tokens.

DeFi lending protocols suffered a number of major attacks in 2022. In this article, we recap these incidents and offer a number of proactive security solutions.

On 17 January, 2023 the Yield Robot contract on the Binance Smart Chain (BSC) was drained of user deposits amounting to approximately $2.1 million. Initially, the Yield Robot team announced on social media channels that their project was exploited. However, clear on-chain evidence shows that this incident is an exit scam.

On 30 December, 2021 at 09:06 UTC Sashimi Swap was hacked for a total loss of approximately $210,000. Sashimi Swap suffered a flash loan attack by a threat actor targeting their UniswapV2Router02.

Contracts named CirculateBUSD, CirculateWBNB were drained of all assets due to a third party dependency that transferred all tokens to the contract deployer. The same actions took place on contracts named CirculateUSDC and CirculateWAVAX on Avalanche.

The security of private keys and mnemonic phrases is of paramount importance in the world of cryptocurrency, as they grant access to one's digital assets and their loss or theft can lead to financial ruin. With the rise of mobile wallet apps in the Web3 space, it's crucial to understand the various security mechanisms that are in place to protect these keys.

CertiK has recently identified an organized scammer group that is actively deploying fake wallets in order to fool users. This group, which we have named BombFlower, stands out due to the particular evasive anti-forensic feature used by the group.

The History of Ethereum & How It Works | Bite Size Blockchain | CertiK Vitalik Buterin, Ethereum’s co-founder envisioned a new use for blockchain after Bitcoin, one that went broader for a larger set of applications. Ethereum was built on a neutral, open-access infrastructure, controlled by no central entity. In 2013, Buterin released a white paper for Ethereum’s blockchain using the Turing complete programming language, based on Alan Turing’s concept of a Universal Turing machine, that allows any operation to be programmed within it. Ethereum uses smart contracts which are programs that permit users to transact with each other according to a set of predetermined rules, removing the need for third-party enforcement. These smart contracts allow developers to self-build and publish contracts onto the blockchain. Ethereum’s native currency, Ether, operates as a store of value for its users. Ethereum allows developers to build and distribute other cryptocurrencies using the same protocol as Ether. Ethereum consists of only one public blockchain. Developers must create a modified clone of Ethereum to use the technology on a private blockchain.

Listen as Threshold Network discusses Threshold cryptography, defi, TBTC, security & more Broadcasted January 19th, 2023

On 16 December, 2022 Raydium Protocol experienced a private key compromise due to a trojan virus. In total, approximately $5.5 million worth of customer assets were stolen.

CertiK is proud to announce a new partnership with Shima Capital, a leading venture capital firm founded by Yida Gao and focusing on crypto and blockchain technology.

Bitcoin works through a system in which it’s possible for a group of people to reach a consensus and agree on a single valid history of transactions by including them in the blockchain. Bitcoin miners are users who seek a business opportunity by purchasing powerful computers to solve complicated mathematical equations through what is known as proof of work. The miners are responsible for listening to and reporting all transactions that happen on the network. Miners record the transactions by adding them in batches called blocks. The mining analogy to gold is misleading. The purpose of mining is not to create Bitcoin but rather to process everyone’s transactions and update the database. Bitcoin is the first successful decentralized digital currency because it was the first to solve the double-spending problem of spending the same money twice. Double-spend attacks can happen through a 51% attack, where a hacker captures 51% of the hash power of the network. So far no such attack has occurred due to the difficulty of mining, cost of hardware, and electricity required.

The CV VC Top 50 Report, in collaboration with Bank Frick, is a periodical report that analyzes the top 50 best-performing blockchain projects in Crypto Valley, based on market valuation, funding, and the number of employees.

In this post, we briefly explain the difference between reentrancy and cross-function reentrancy, and how Turing incompleteness can prevent some such attacks. We then provide an example of a cross-function reentrancy exploit not prevented by Turing incompleteness using Pact, the programming language utilized on the Kadena blockchain.

Listen as Dexit Network discusses consensus mechanism, defi apps, nfts, gaming, security & more! Broadcasted January 13th, 2023

On 13 January, 2023 the multi-chain lending protocol LendHub announced on their Twitter account that they had suffered an exploit on 12 January resulting in the loss of approximately $6 million. The exploiter took advantage of a discrepancy between a retired IBSV cToken and a new token, where the former had not been removed from the protocol's old market despite no longer being in use.

The past year has been a painful one for many in crypto. Malicious actors drained over $3.7 billion worth of assets from Web3 protocols in 2022, representing a 189% increase over the $1.3 billion lost in 2021.

Staking is a process in which users provide their coins or tokens to a project or protocol in order to receive rewards for their participation.

On 4 January, 2023 we observed the first major exit scam of the year. The scam resulted in a loss of approximately $2.6 million.

Whilst cryptocurrency can be an exciting and rewarding investment, it is vital to have an understanding of web3 security and the measures needed to protect yourself and your fund. Transparency and Accountability. CertiK KYC provides identity verification for project teams- to help investors make shrewder decisions based on an awareness of web3 security. Smart Contract Audits. Check out the CertiK Security Leaderboard, which rates and ranks all onboarded projects in terms of their security. Authentication Methods. In securing your accounts you should set up 2 Factor authentication so that a hacker would need to have both your password and the device to be able to access your account. Hot and Cold Wallets. People will hold some of their funds on a cold wallet for security, and some on a hot wallet to allow for a smoother flow of funds.

Not all threats come from external sources. Some of the most devastating can come from inside a project team, from a trusted member of the group. A vital element in reducing the risk of insider threats in crypto projects is to thoroughly vet new team members.

Anonymity and pseudonymity refer to two different ways of obscuring or concealing a person’s identity. Within De-Fi, the terms mean a way of protecting their identity and concealing their transactions. In the context of blockchain security, pseudonymity means that whilst the identity of the person making transactions is unknown, all of the transactions that they make can be linked to the same pseudonymous identity. By contrast, anonymity means that none of the transactions or activity conducted on the blockchain or on exchanges can be linked to one user, pseudonymous or otherwise.

The main event of the fourth quarter of 2022 has been – by far – the almost-overnight collapse of FTX.

Governance is one of the primary features of decentralized blockchain networks. Users come to consensus, or at least majority agreement, on the management of decentralized protocols. The unique features of blockchain governance systems offer many benefits, and a number of risks.