Fun

News Feed - 2023-11-16 04:11:22

Tom Blackstone4 hours ago46% of crypto lost from exploits is due to traditional Web2 flaws — ImmunefiThe security platform released a report categorizing Web3 exploits in 2022, concluding that nearly half came from “infrastructure” or centralized elements.1403 Total views9 Total sharesListen to article 0:00NewsJoin us on social networksA new report from blockchain security platform Immunefi suggests that nearly half of all crypto lost from Web3 exploits is due to Web2 security issues such as leaked private keys. The report, released on Nov. 15, looked back at the history of crypto exploits in 2022, categorizing them into different types of vulnerabilities. It concluded that a full 46.48% of the crypto lost from exploits in 2022 was not from smart contract flaws but rather from “infrastructure weaknesses” or issues with the developing firm’s computer systems.Categories of Web3 vulnerabilities. Source: Immunefi


When considering the number of incidents instead of the value of crypto lost, Web2 vulnerabilities were a smaller portion of the total at 26.56%, although they were still the second-largest category.


Immunefi’s report excluded exit scams or other frauds, as well as exploits that occurred solely because of market manipulations. It only considered attacks that occurred because of a security vulnerability. Of these, it found that attacks fall into three broad categories. First, some attacks occur because the smart contract contains a design flaw. Immunefi cited the BNB Chain bridge hack as an example of this type of vulnerability. Second, some attacks occur because, even though the smart contract is designed well, the code implementing the design is flawed. Immunefi cited the Qbit hack as an example of this category.


Finally, a third category of vulnerability is “infrastructure weaknesses,” which Immunefi defined as “the IT-infrastructure on which a smart contract operates—for example virtual machines, private keys, etc.” As an example of this type of vulnerability, Immunefi listed the Ronin bridge hack, which was caused by an attacker gaining control of five out of nine Ronin nodes validator signatures.


Related:Uniswap DAO debate shows devs still struggle to secure cross-chain bridges


Immunefi broke down these categories further into subcategories. When it comes to infrastructure weaknesses, these can be caused by an employee leaking a private key (for example, by transmitting it across an insecure channel), using a weak passphrase for a key vault, problems with tw-factor authentication, DNS hijacking, BGP hijacking, a hot wallet compromise, or using weak encryption methods and storing them in plaintext.


While these infrastructure vulnerabilities caused the greatest amount of losses compared to other categories, the second-largest cause of losses was “cryptographic issues” such as Merkle tree errors, signature replayability and predictable random number generation. Cryptographic issues resulted in 20.58% of the total value of losses in 2022.


Another common vulnerability was “weak/missing access control and/or input validation,” the report stated. This type of flaw resulted in only 4.62% of the losses in terms of value, but it was the largest contributor in terms of the number of incidents, as 30.47% of all incidents were caused by it.# Ethereum# Cybersecurity# DeFiAdd reactionAdd reactionRead moreWSJ debacle fueled US lawmakers’ ill-informed crusade against crypto3 things we might see from crypto as 2023 winds to an endVC Roundup: Private accounts, tokenization and healthcare infrastructure grab investor attention

News Feed

Sentient AI Does Not Equal Intelligent AI – Tau Uses Logic to Make Machines Truly Understand People
Sentient AI Does Not Equal Intelligent AI - Tau Uses Logic to Make Machines Truly Understand People sponsored You’ve probably heard about Google’s LaMDA and the viral
Kosovo Renews Crypto Mining Ban Amid Rising Energy Prices
Kosovo Renews Crypto Mining Ban Amid Rising Energy Prices The government of Kosovo has adopted measures tailored to maintain energy supply in the coming months, including a ban on
Bitcoin․com Announces ‘CEX Education Program’ to Reward Victims of Centralized Crypto Failures and Bolster DeFi
Bitcoin․com Announces ‘CEX Education Program’ to Reward Victims of Centralized Crypto Failures and Bolster DeFi press release Bitcoin.com announced the creation of a program t
CertiK migrates blockchain applications to Alibaba Cloud
Arijit Sarkar36 minutes agoCertiK migrates blockchain applications to Alibaba CloudCertiK"s migration to Alibaba Cloud aims to enhance blockchain development security and resource efficiency in Asia.192 Total views1 Tota
Gareth Jenkinson13 hours agoBinance, CZ paid for defying financial, political status quo — Arthur HayesAccording to Arthur Hayes, global cryptocurrency exchange Binance paid one of the largest corporate fines in histor
In 2 Months the Top Smart Contract Tokens Gained 44% Against the Greenback Ahead of Ethereum’s Merge
In 2 Months the Top Smart Contract Tokens Gained 44% Against the Greenback Ahead of Ethereum"s Merge With The Merge coming next week and Cardano’s Vasil hard fork commencing
David Attlee4 hours agoSEC accuses Binance of noncooperation, court unseals case documents: Law DecodedThe legal struggle between the SEC and Binance.US continues, with the company hitting new lows in trading volume.1018
Hashing It Out: How can Web3 create a sustainable world?
Elisha Owusu Akyaw12 hours agoHashing It Out: How can Web3 create a sustainable world?Jake Campton, communications lead and community advocate at VeChain, argues that providing incentives through gamification and Web3 is
Bitcoin stagnates as bearish headwinds continue to blow
Marcel Pechman1 hour agoBitcoin stagnates as bearish headwinds continue to blowBitcoin price falls as demand for leveraged long BTC futures and stablecoins drops.2147 Total views3 Total sharesListen to article 0:00Market
XRP Set For Big Rally – Analyst Says ‘Double Digits’ This Year
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Fantom Launches NFT Marketplace Artion – Platform Aims to ‘Unburden Creators of High Fees’
Fantom Launches NFT Marketplace Artion - Platform Aims to "Unburden Creators of High Fees" On September 24, 2021, the Fantom Foundation announced the launch of a new non-fungible t
LBank Exchange Will List Apollo Inu (APOLLO) on March 9, 2022
LBank Exchange Will List Apollo Inu (APOLLO) on March 9, 2022 press release PRESS RELEASE. INTERNET CITY, DUBAI, March. 5, 2022 – LBank Exchange, a global digital asset tradi