ChainLight

Parasitizing Akash In May 2024, we discovered and reported a critical bug in Overclock Labs, creators of Akash Network that allowed an attacker to impersonate any owner on the network, granting unauthorized access to execute commands, access logs, and other sensitive information. The vulnerability was in the authentication process used to verify ownership of instances on the Akash Network. This process relied solely on the common name and serial number in the TLS certificates, rather than the certificate fingerprints. If executed properly, an attacker could bypass the 'requireOwner' check and execute arbitrary commands on any instance, as well as access logs and other sensitive information. For discovering this critical bug, Akash Network proactively awarded us $20k worth of AKT tokens. A big thank you to Upbit Korea, the leading Korean CEX, for providing great support in communicating with Akash Network, and to the Akash team for quickly reacting to the issue and making this space safer than before. For a technical analysis, head over to our blog for a deep dive: https://lnkd.in/g99Ka2cC

We are thrilled to partner with Upbit Korea to launch UPSide Academy, a blockchain cybersecurity talent development program. Following the inauguration ceremony, the 19 selected trainees from the first cohort will begin a 4-month program focused on blockchain cybersecurity. View full article (Korean): https://lnkd.in/gjNkrRcn

🎧 Don't miss this week's episode of Public Key! Ian Andrews hosts Brian Pak, Co-Founder and CEO of ChainLight, as they dive into the early days of Chainlight, critical web3 and DeFi exploits, the ethics of white hat hacking, and the dynamic landscape of South Korean crypto politics. Tune in: https://bit.ly/3WahXzq

Introducing Lumos Macro Stats Since the release of Lumos, we've received numerous requests from hacked victims, security researchers, projects, and students for charts showing statistics of hacking incidents by category. Now, anyone, regardless of their engineering background, can access a customizable chart containing the following information: → Total exploited value and incident count → Attack vector → Destination of exploited funds → Estimated value of DPRK-linked hacks Our goal is simple: to shed light on the shadows of Web3 hacks by providing transparent information on prevalent security incidents involving both smart contracts and project teams. $1.7B was lost to hacks in 2023. They can't keep getting away with this. Access Lumos: https://lnkd.in/gYUe2GFx

Which rug pulls, exploits, and security breaches happened this week? Read this 2-minute weekly summary to stay in the loop 🧵👇 1️⃣ - 4️⃣ A Controversy Between Kraken and CertiK 5️⃣ BTCTurk Loses $55M 6️⃣ Farcana Wallet Exploited 7️⃣ Goal3's Controversial Sunset Full post: https://lnkd.in/gE2Pq6EX

Which rug pulls, exploits, and security breaches happened this week? Read this 2-minute weekly summary to stay in the loop 🧵👇 1️⃣ - 2️⃣ UwU Lend Exploited for $23M 3️⃣ Holograph Loses $14.4M 4️⃣ Loopring Loses $5M 5️⃣ Gemholic Rugged $3.4M 6️⃣ YOLO Games Exploited for $1.5M 7️⃣ NFTPerp Exploited for $720K 8️⃣ An OKX User Loses $11M Due to Deepfake KYC 9️⃣ CoinGecko Leaks 2M User Data Full post: https://lnkd.in/gy-vQegj

Which rug pulls, exploits, and security breaches happened this week? Read this 2-minute weekly summary to stay in the loop 🧵👇 1️⃣ - ️3️⃣ Velocore Exploited for $6.85M 4️⃣ DMMBitcoin Loses $340M BTC 5️⃣ Orion Protocol Faces Second Exploit by Second Exploit 6️⃣ MetaDragon DAO Loses $180K Full post: https://lnkd.in/gxg2975H

Which rug pulls, exploits, and security breaches happened this week? Read this 2-minute weekly summary to stay in the loop 🧵👇 1️⃣ - 2️⃣ Gala Exploited for $212M 3️⃣ Normie Token Loses $490K 4️⃣ TonUP Exploited for $107K Full post: https://lnkd.in/g2ca63DA

Which rug pulls, exploits, and security breaches happened this week? Read this 2-minute weekly summary to stay in the loop 🧵👇 1️⃣ - 2️⃣ Alex and XLink Bridge Loses $31.7M 3️⃣ Sonne Finance Exploited for $20M 4️⃣ Pump[.]fun Exploited for $2M by Ex-employee 5️⃣ Predy Finance Loses $464K 6️⃣ BlockTower Capital's Hedge Fund Partially Drained Full post: https://lnkd.in/gs8yN6NF

Just how important is smart contract security? Well, thanks to ChainLight we have an answer to this question measured in $$$. https://lnkd.in/dC_HtPQr - An excellent way to find out about just how often exploits happen.