Security Roundup: March 2024 Edition

RivanorthRivanorth
2 min read

Hacks in the Web3 space are one the rise and up 15% compared to this time last year, with 85% of them happening in the Ethereum ecosystem. Therefore, we've been busy here at Rivanorth and created a comprehensive research article on how to securely implement the ERC-4626 standard.

Check out the full article here -> ERC-4626 Vulnerabilities and How to Avoid Them in Your Project

Earlier in the month, we got to present at the Australian DeFi Association meetup in Melbourne, discussing operational security (OpSec) and how to stay safe on X. A great starting point if you don't want to get hacked like the SEC did... https://youtu.be/r607BXUdjS4?si=rDJElKaU0-DKiZc2&t=745

February 2024 Hacks

Seneca Protocol - $6.4M - A vulnerability in the transferFrom function allowed the attacker to transfer funds that were approved for the contract to their own address. Additionally, timelocks were in place but were set as internal functions which made them impossible to call externally to stop the hack. In a recent development the protocol managed to negotiate an 80% return of the stolen funds in exchange of a 20% bounty.

PlayDapp - $290M - Once again a hack due to compromised private keys. The attacker minted $36.5M worth of PLA tokens during the first attack and another $253.9M on the second. Assets remain tracked and frozen which will make it unlikely that the attacker will be able to cash out the stolen funds.

Fixed Float - $26M - The team indicated that a third party exploited vulnerabilities in their infrastructure, possibly involving the theft of private keys, rather than exploiting the protocol's smart contracts directly.

More Blockchain Security

Secure Proxy Models: Understanding Beacon Proxies

Rug Pulls and How to Avoid Them

Real-time hack alerts: https://twitter.com/rivanorthSec

Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit https://rivanorth.com/ to find out more.

You build the future. We help you secure it.

0
Subscribe to my newsletter

Read articles from Rivanorth directly inside your inbox. Subscribe to the newsletter, and don't miss out.

BlockchainCryptocurrencyEthereum#cybersecuritySmart Contractssmart contract security audithacks

Written by

Rivanorth
Rivanorth

State of the art Cybersecurity services, always a step ahead. You build the future. We help you secure it.