This article is the second in a four-part series discussing the differences between traditional IT security / cybersecurity and blockchain security. Check out the first article in the series discussing the differences for node operators. This article focuses on the differences between application security (AppSec) for traditional applications and smart contracts. While the first blockchains,...
Recent events like the FTX meltdown have sparked interest and conversations about how the incident could have been prevented. In the case of FTX, the primary problem was that the platform did not hold sufficient assets to cover its user deposits and liabilities. What are Merkle Trees and Proofs? Proof of Reserves and Proof of...
Blockchain is a rapidly-evolving technology with a great deal of interest and investment. Decentralized Finance (DeFi), in particular, has a great deal of money invested in it as well as a growing number of high-profile and expensive hacks. Beyond DeFi, many companies, both large and small, are investing heavily in blockchain technology. As blockchain increasingly...
The most comprehensive ranked list of the biggest DeFi and crypto hacks in history (Up until November 1, 2022. We suspect an even larger crypto hack is just behind the corner) It wasn’t easy digging through the entire history of cybercrime involving cryptocurrencies, but we wanted to get to the bottom of which crypto hacks...
$566M worth of BNB was stolen from Binance’s cross-chain bridge BSC Token Hub, but how they responded to the attack will be the most memorable part. Decentralization is a hot button topic in web3, and Binance is (at the time of writing) the biggest crypto exchange by trading volume in the world. The recent Binance...
Understanding how flash loans and governance work in DeFi to demystify the Beanstalk Farms Hack The only way to understand how the Beanstalk Farms decentralized credit-based stablecoin protocol exploit happened is to first understand flash loans, which are a little known financial tool unique to the DeFi (decentralized finance) space, as well as governance. Beanstalk...
Code reuse is considered best practice in software engineering. Reusing high-quality, secure code can speed development processes and often results in higher-quality code than software developed entirely from scratch. Additionally, the reuse of high-quality, audited libraries reduces security risks by decreasing the probability that new vulnerabilities will creep into the code base. In open source...
One attacker and hundreds of copycats looted the Nomad bridge for over $190 million; few did the right thing. Decentralization is a hot-button topic in 2022. To some, it seems like the solution to a variety of issues plaguing the so-called web2 ecosystem, such as the monopolization of social media, the centralized control over the...
Proving knowledge of a secret is the basis of password-based authentication systems. The assumption is that only you know your password. If this is the case, entering your password into a system proves your identity and grants you access to your account. However, this approach doesn’t work as well on the blockchain, where everything stored...
The $611M Poly Network hack is the largest crypto and DeFi hacks to date in terms of mark-to-market value and all the stolen funds were returned, but the identity of the hacker is still unknown. Dubbed “Mr. White Hat” by the Poly Network security team, the anonymous perpetrator of the biggest crypto hack to date...