Security Roundup: August 2024 Edition

Security Roundup: August 2024 Edition

ยท

2 min read

Welcome to the latest edition of our monthly security roundup where you find the most relevant Web3 security news all in one place. Get key insights into what happened and stay ahead of the curve!

Rivanorth News

First things first, our research got featured on Rekt News!!! Getting recognised by arguably one of the most prominent security news outlets is something that makes us super proud.

Everyone recommends it but what should you do in case MFA fails? Following the compromise of Twilio's Authy multi factor authentication (MFA) application available for iOS and Android, we've investigated the lesser explored aspects of MFA and what to do to recover ๐Ÿ‘‰ https://blog.rivanorth.com/twilio-authy-hack-mfa-disaster-recovery

July 2024 Hacks

Bittensor - $8M - The attack on Bittensor occurred through a compromised version of the PyPi Package Manager

LiFi Protocol - $10M - The exploit targeted accounts with infinite approval settings, enabling the attacker to execute arbitrary transactions and transfer funds out of users' wallets.

Minterest - $1.4M - The hack occurred due to an exchange rate manipulation attack.

WazirX - $235M - The breach was primarily due to the compromise of their Safe multisig wallet, which attackers exploited via phishing.

CrowdStrike - Technology monopolies like CrowdStrike and Windows are posing one of the biggest IT challenges to date, if one goes down, all goes down. In our latest hack explained series we explore why this is not only an IT issue but also a Cybersecurity one -> https://blog.rivanorth.com/crowdstrike-causes-historic-it-outage

KnowBe4 - Prominent phishing prevention company KnowBe4 was recently infiltrated by a North Korean hacker posing as Principal Software Engineer. The hacker infiltrated the company as a new employee, once they received their laptop they started installing malware.

Rho Market - 7.5M - The hack occurred when an MEV bot exploited a misconfiguration in Rho Markets' price oracle. This misconfiguration allowed the attacker to manipulate the oracle's price feeds, leading to incorrect asset valuations and creating an opportunity for arbitrage.

Squarespace's Google Domain acquisition gone wrong leads to domain hijacking of Compound finance.

Actively Exploited

Check out the latest actively exploited vulnerabilities that could affect your project here -> https://blog.rivanorth.com/vulnerability-report-august-2024

Rivanorth Security Research

Cyber Insurance Costs Rise 40%

Top 3 Multi-Chain Security Issues

TheUltimate Guide to Securing Your X/Twitter Account

ERC-4626 Vulnerabilities and How to Avoid Them in Your Project

Secure Proxy Models: Understanding Beacon Proxies

Rug Pulls and How to Avoid Them

Real-time hack alerts: https://twitter.com/rivanorthSec


Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.

ย