Welcome to the latest edition of our monthly security roundup where you find the most relevant Web3 security news all in one place. Get key insights into what happened and stay ahead of the curve!
Rivanorth News
First things first, our research got featured on Rekt News!!! Getting recognised by arguably one of the most prominent security news outlets is something that makes us super proud.
Everyone recommends it but what should you do in case MFA fails? Following the compromise of Twilio's Authy multi factor authentication (MFA) application available for iOS and Android, we've investigated the lesser explored aspects of MFA and what to do to recover ๐ https://blog.rivanorth.com/twilio-authy-hack-mfa-disaster-recovery
July 2024 Hacks
Bittensor - $8M - The attack on Bittensor occurred through a compromised version of the PyPi Package Manager
LiFi Protocol - $10M - The exploit targeted accounts with infinite approval settings, enabling the attacker to execute arbitrary transactions and transfer funds out of users' wallets.
Minterest - $1.4M - The hack occurred due to an exchange rate manipulation attack.
WazirX - $235M - The breach was primarily due to the compromise of their Safe multisig wallet, which attackers exploited via phishing.
CrowdStrike - Technology monopolies like CrowdStrike and Windows are posing one of the biggest IT challenges to date, if one goes down, all goes down. In our latest hack explained series we explore why this is not only an IT issue but also a Cybersecurity one -> https://blog.rivanorth.com/crowdstrike-causes-historic-it-outage
KnowBe4 - Prominent phishing prevention company KnowBe4 was recently infiltrated by a North Korean hacker posing as Principal Software Engineer. The hacker infiltrated the company as a new employee, once they received their laptop they started installing malware.
Rho Market - 7.5M - The hack occurred when an MEV bot exploited a misconfiguration in Rho Markets' price oracle. This misconfiguration allowed the attacker to manipulate the oracle's price feeds, leading to incorrect asset valuations and creating an opportunity for arbitrage.
Squarespace's Google Domain acquisition gone wrong leads to domain hijacking of Compound finance.
Actively Exploited
Check out the latest actively exploited vulnerabilities that could affect your project here -> https://blog.rivanorth.com/vulnerability-report-august-2024
Rivanorth Security Research
Cyber Insurance Costs Rise 40%
Top 3 Multi-Chain Security Issues
TheUltimate Guide to Securing Your X/Twitter Account
ERC-4626 Vulnerabilities and How to Avoid Them in Your Project
Secure Proxy Models: Understanding Beacon Proxies
Rug Pulls and How to Avoid Them
Real-time hack alerts: https://twitter.com/rivanorthSec
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.
You build the future. We help you secure it.