Hacks in the Web3 space are one the rise and up 15% compared to this time last year, with 85% of them happening in the Ethereum ecosystem. Therefore, we've been busy here at Rivanorth and created a comprehensive research article on how to securely implement the ERC-4626 standard.
Check out the full article here -> ERC-4626 Vulnerabilities and How to Avoid Them in Your Project
Earlier in the month, we got to present at the Australian DeFi Association meetup in Melbourne, discussing operational security (OpSec) and how to stay safe on X. A great starting point if you don't want to get hacked like the SEC did... https://youtu.be/r607BXUdjS4?si=rDJElKaU0-DKiZc2&t=745
February 2024 Hacks
Seneca Protocol - $6.4M - A vulnerability in the transferFrom function allowed the attacker to transfer funds that were approved for the contract to their own address. Additionally, timelocks were in place but were set as internal functions which made them impossible to call externally to stop the hack. In a recent development the protocol managed to negotiate an 80% return of the stolen funds in exchange of a 20% bounty.
PlayDapp - $290M - Once again a hack due to compromised private keys. The attacker minted $36.5M worth of PLA tokens during the first attack and another $253.9M on the second. Assets remain tracked and frozen which will make it unlikely that the attacker will be able to cash out the stolen funds.
Fixed Float - $26M - The team indicated that a third party exploited vulnerabilities in their infrastructure, possibly involving the theft of private keys, rather than exploiting the protocol's smart contracts directly.
More Blockchain Security
Secure Proxy Models: Understanding Beacon Proxies
Rug Pulls and How to Avoid Them
Real-time hack alerts: https://twitter.com/rivanorthSec
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.
You build the future. We help you secure it.