Security Roundup: March 2024 Edition

Security Roundup: March 2024 Edition


2 min read

Hacks in the Web3 space are one the rise and up 15% compared to this time last year, with 85% of them happening in the Ethereum ecosystem. Therefore, we've been busy here at Rivanorth and created a comprehensive research article on how to securely implement the ERC-4626 standard.

Check out the full article here -> ERC-4626 Vulnerabilities and How to Avoid Them in Your Project

Earlier in the month, we got to present at the Australian DeFi Association meetup in Melbourne, discussing operational security (OpSec) and how to stay safe on X. A great starting point if you don't want to get hacked like the SEC did...

February 2024 Hacks

Seneca Protocol - $6.4M - A vulnerability in the transferFrom function allowed the attacker to transfer funds that were approved for the contract to their own address. Additionally, timelocks were in place but were set as internal functions which made them impossible to call externally to stop the hack. In a recent development the protocol managed to negotiate an 80% return of the stolen funds in exchange of a 20% bounty.

PlayDapp - $290M - Once again a hack due to compromised private keys. The attacker minted $36.5M worth of PLA tokens during the first attack and another $253.9M on the second. Assets remain tracked and frozen which will make it unlikely that the attacker will be able to cash out the stolen funds.

Fixed Float - $26M - The team indicated that a third party exploited vulnerabilities in their infrastructure, possibly involving the theft of private keys, rather than exploiting the protocol's smart contracts directly.

More Blockchain Security

Secure Proxy Models: Understanding Beacon Proxies

Rug Pulls and How to Avoid Them

Real-time hack alerts:

Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit to find out more.

You build the future. We help you secure it.