BlockSec Academy

Attack/Vulnerability Analysis on Medium

• [Dec 15, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract [Sushi Swap | BSC]

• [Oct 10, 2022] How we recover the stolen funds for TransitSwap (and BabySwap)
  [Transit Swap | BSC]

• [Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project
  [wintermute | Ethereum]

• [Sep 21, 2022] Our short analysis of the Profanity tool vulnerability
  [Ethereum]

• [Sep 19, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW
  [EthereumPoW | EthereumPoW]

• [Sep 19, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol
  [OpenSea | Ethereum]

• [Aug 5, 2022] How Unchecked Mapping Makes $200M Losses of Nomad Bridge
  [Nomad Bridge | Ethereum]

• [Jun 16, 2022] Our Take on the Inverse Finance Security Incident: Price Manipulation Attack
  [Inverse Finance | Ethereum | Oracle vulnerability]

• [Jun 7, 2022] How a Critical Bug in Solana Network was Detected and Timely Patched
  [Solana Network | Solana | CWE-682]

• [May 31, 2022] How the Mirror Protocol got Exploited
  [Mirror Protocol | Ethereum | Double Claiming Attack]

• [May 18, 2022] The Analysis of FEGtoken Security Incident: Devil’s in the Details
  [FEGtoken | Ethereum | Access Control, Untrusted External Call]

• [May 16, 2022] Revisiting the CashioApp Security Incident [CashioApp | Solana | Access Control]

• [May 6, 2022] How to exploit the same vulnerability of MetaPool in two different ways (Nerve Bridge / Saddle Finance) — What you see is not what you get
  [MetaPool | Near | Pricing Mechanism]

• [Apr 23, 2022] How Akutar NFT loses 34M USD
  [Akutar NFT | Ethereum | DoS Attack]

• [Apr 21, 2022] How to verify a signature in a wrong way — the AssociationNFT case
  [The Association NFT | Ethereum | Double Claiming Attack, Signature Verification]

• [Apr 4, 2022] The Race Against Time and Strategy: About the AnySwap Rescue and Things We Have Learnt
  [Anyswap | Fantom | Access Control]

• [Mar 31， 2022] Tracing the Stolen Fund of the Ronin Bridge [Ronin Bridge | Ronin | Private Key Leakage]

• [Mar 31, 2022] Revest Finance Vulnerabilities: More than Re-entrancy
  [Revest Finance | Ethereum | Reentrancy, Access Control]

• [Mar 13, 2022] [Not All Tokens Are Good] The quick analysis of the Paraluni attack
  [Paraluni | Ethereum | Reentrancy, Unchecked Input Token]

• [Mar 22， 2022] Revisiting the Wormhole Attacks [Wormhole Network | Solana | Access Control]

• [Mar 21, 2022] LI.FI Attack: a Cross-chain Bridge Vulnerability? No, It’s Due to Unchecked External Call!
  [LI.FI | Ethereum | Unchecked External Call]

• [Mar 17, 2022] The short analysis of the flashloan attack to the APE AirDrop
  [BAYC | Ethereum]

• [Feb 3, 2022] When “SafeMint” Becomes Unsafe: Lessons from the HypeBears Security Incident
  [HyperBears NFT | Ethereum | Untrusted External Call, Reentrancy]

• [Jan 28, 2022] When “SafeTransfer” Becomes Unsafe: lessons from the QBridge security incident
  [Qubit Finance | Ethereum]

• [Jan 16, 2022] How a vulnerability is silently fixed by Coin98
  [Coin98 | BSC | Unchecked Input Parameters]

• [Dec 30, 2021] New Integer Overflow Bug Discovered in Solana rBPF [Solana Network | Solana | Interger Overflow]

• [Nov 18, 2021] The analysis of Nerve Bridge Security Incident
  [Nerve Network | BSC]

• [Nov 6, 2021] The Initial Analysis of the bZx Security Incident
  [bZx Protocol | Ethereum | Possible Private Key leakage]

• [Oct 22, 2021] The analysis of Indexed Finance Security Incident
  [Indexed Finance | Ethereum | Price Manipulation]

• [Oct 10, 2021] [The Butterfly Effect] The Compound Security Incident Caused by a Bugfix
  [Compound Finance | Ethereum]

• [Sep 22, 2021] The Real Root Cause of the Vee Finance Security Incident
  [Vee Finance | Ethereum | Unchecked Input Parameters]

• [Aug 28, 2021] A short analysis of the wild exploitation of CVE-2021–39137
  [Ethereum Network | Ethereum | CVE-2021–39137]

• [Aug 15, 2021] The Retrospection of the Poly Network Hack from a Security Researcher perspective
  [Poly Network]

• [Aug 12, 2021] The Further Analysis of the Poly Network Attack
  [Poly Network]

• [Aug 11, 2021] The initial analysis of the PolyNetwork Hack
  [Poly Network]

• [Aug 9, 2021] The analysis of the Zerogoki attack
  [Zerogoki | Ethereum | Price Manipulation]

• [Aug 4, 2021] The Analysis of the Popsicle Finance Security Incident [Popsicle Finance | Ethereum | Double Claim Attack]

• [Jul 21, 2021] The Analysis of the Sanshu Inu Security Incident [Sanshuinu | Ethereum | Deflation Token]

• [Jul 19, 2021] The Analysis of the Array Finance Security Incident [Array Finance | Ethereum | Price Manipulation]

• [May 9, 2021] Price manipulation attack in reality (again): RariCapital incident [RariCapital | Ethereum | Price Manipulation]

• [Jan 3, 2021] Security incident on Seal Finance
  [Seal Finance | Ethereum | Reentrancy]

• [Jan 3, 2021] Deposit Less, Get More: yCREDIT Attack Details [YCredit | Ethereum]

• [Dec 18, 2020] Flash Loan Attack on Plouto Vault
  [Plouto| Ethereum]

• [Dec 3, 2020] Loopring(LRC) Protocol Incident
  [LRC Protocol| Ethereum | Price Manipulation]

Secure Contract Development

Secure the Solana Ecosystem

• [Mar 9, 2022] Secure the Solana Ecosystem (1) — Hello Solana

• [Mar 18, 2022] Secure the Solana Ecosystem (2) — Calling Between Programs

• [Mar 27, 2022] Secure the Solana Ecosystem (3) — Program Upgrade

• [Apr 6, 2022] Secure the Solana Ecosystem (4) — Account Validation

• [Apr 10, 2022] Secure the Solana Ecosystem (5) — Multi-Sig

• [Apr 24, 2022] Secure the Solana Ecosystem (6) — Multi-Sig2

• [Apr 29, 2022] Secure the Solana Ecosystem (7) — Type Confusion

Rust

• [Oct 12, 2021] Rust智能合约养成日记（1）合约状态数据定义与方法实现

• [Oct 17, 2021] Rust智能合约养成日记（2）编写Rust智能合约单元测试

• [Oct 24, 2021] Rust智能合约养成日记 （3）Rust智能合约部署，函数调用及Explorer的使用

• [Oct 31, 2021] Rust智能合约养成日记（4）Rust 智能合约整数溢出

• [Nov 12, 2021] Rust 智能合约养成日记（5）合约安全之重入攻击

• [Nov 23, 2021] Rust 智能合约养成日记（6）拒绝服务攻击

• [Dec 9, 2021] Rust 智能合约养成日记（7）合约安全之计算精度

• [Jan 13, 2022] Rust 智能合约养成日记（8）合约安全之权限控制

• [Feb 25, 2022] Rust 智能合约养成日记（9）合约升级

• [Mar 25, 2022] Rust 智能合约养成日记（10-1）Spuntnik DAO

• [Apr 1, 2022] Rust 智能合约养成日记（10-2）Sputnik DAO::Factory合约解读

• [Apr 24, 2022] Rust 智能合约养成日记（10-3）Sputnik DAO::提案介绍

Move

• [Nov 7, 2022] Security Practices in Move Development (1): Hello World

• [Nov 21, 2022] Security Practices in Move Development (2): Aptos Coin

NFT

• [Aug 5, 2022] Secure Smart Contract Development — Code Reentrancy in NFT Contracts

• [Aug 12, 2022] Secure Smart Contract Development (2) — How to Use Digital Signature and Use It Right in NFT (Markets)

Misc

AML

• [Sept 13, 2021] 暴露出来的只是冰山一角：深度挖掘Colonial Pipeline事件背后隐藏的故事

• [Oct 02, 2021][BlockSec AML研究分析之二] Colonial Pipeline事件分析展示界面

Others

• [Dec 15, 2022] Getting Started with Phalcon 2.0

• [Dec 15, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract

• [Dec 1, 2022] BlockSec and Tokenlon Reached Strategy Partnership

• [Nov 18, 2022] Getting Started With MetaDock

• [Nov 1, 2022] Rustle: the First Automatic Auditor for NEAR Community

• [Oct 10, 2022] How we recover the stolen funds for TransitSwap (and BabySwap)

• [Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project

• [Sep 21, 2022] Our short analysis of the Profanity tool vulnerability [Profanity tool]

• [Sep 20, 2022] The Two Sides of the Private Tx Service (on Binance Smart Chain)

• [Sep 18, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW

• [Sep 8, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol

• [Aug 24, 2022] BlockSec and GoPlus Reached Strategy Partnership to Explore the Field of “Web 3.0 Security”

• [Mar 7, 2022] How to Make the BlockChain Attack “Blockable”

• [Aug 17, 2021] Tradeoff Between Convenience and Security: Unlimited Approval in ERC20

Twitter

• [Jan 18, 2023] UpSwing Finance attack [UpSwing Finance | Ethereum | Design flaw of the $UPStkn token ]

• [Jan 17, 2023] Reply to Forta

• [Jan 17, 2023] Omniestategroup attack [Omniestategroup | BSC | Insufficient check of the arguments ]

• [Jan 17, 2023] Voltage Finance Exploiter activity

• [Jan 17, 2023] Phalcon Update: Simulator on mobile

• [Jan 16, 2023] MidasCapitalXYZ attack [MidasCapital | BSC | Unexcepted external call ]

• [Jan 12, 2023] Maybe a Rugpull of 2M BUSD on Avalanche

• [Jan 12, 2023] UF Dao of XDAO attack [XDAO | BSC | Incorrect parameter setting ]

• [Jan 12, 2023] Maybe a Rugpull of 2M BUSD related to a SwapHelper contract

• [Jan 12, 2023] ThreeBodyOF attack [ThreeBody | BSC | Use of the rebasing token ]

• [Jan 12, 2023] RoeFinance attack [Roe Finance | Ethereum | Limited liquidity of the pool ]

• [Jan 11, 2023] Suspicious activities duting BRA attack

• [Jan 10, 2023] Phalcon supports Arbitrum

• [Jan 10, 2023] $BRA attack [$BRA | BSC | Logic Flaw ]

• [Jan 10, 2023] MetaDock recommendation on CryptoSlate

• [Jan 9, 2023] Reply to KeyStone

• [Jan 7, 2023] Reply to Lossless

• [Jan 7, 2023] Agree with @pcaversaccio about zero allowance

• [Jan 5, 2023] Phalcon biggest update yet: Source code view and fund flow chart

• [Jan 4, 2023] Getting started with Phalcon 2.0

• [Jan 4, 2023] Rustle got Honorable Mentions in the NEAR Hackathon

• [Jan 4, 2023] $FUT rugged 2M+

• [Jan 4, 2023] 0 value transfer phishing moves to Polygon

• [Jan 4, 2023] Recommend MetaDock

• [Jan 4, 2023] Phishing campaign towards TrustPad

• [Jan 3, 2023] Thanks Adrian Hetman

• [Jan 3, 2023] Phalcon update notice

• [Jan 3, 2023] Gas-token scam alert

• [Jan 3, 2023] $GDS attack [$GDS | BSC | LP Mining mechanism vulnerability ]

• [Dec 29, 2022] MetaDock's privacy policy

• [Dec 29, 2022] Jay attack [JAY | Ethereum | Contract-level reentrancy ]

• [Dec 28, 2022] MetaDock daily efficiency tip

• [Dec 27, 2022] MetaDock daily efficiency tip

• [Dec 25, 2022] CryptoRubic attack [Rubic exchange | Ethereum | Arbitrary function call ]

• [Dec 25, 2022] New Phishing scam using a fake MetaMask

• [Dec 24, 2022] Recommend MetaDock to users

• [Dec 19, 2022] Open source phishing urls

• [Dec 19, 2022] MetaDock update: integrates Deth.net

• [Dec 18, 2022] Recommend MetaDock to users

• [Dec 16, 2022] Recommend MetaDock to users

• [Dec 16, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract

• [Dec 16, 2022] Reply to MetaDock about CashioApp Exploiter

• [Dec 15, 2022] 0 value phishing

• [Dec 14, 2022] NimbusPlatform attack [NimbusPlatform | BSC | Price Manipulation]

• [Dec 13, 2022] ElasticSwap attack [ElasticSwap | Ethereum | Mix/misuse of two accounting systems]

• [Dec 12, 2022] Talk about MEV bot

• [Dec 13, 2022] $BGLD attack [$BGLD | BSC | Charge an extra fee on transferring]

• [Dec 12, 2022] Open source MetaDock

• [Dec 12, 2022] Phishing website alert

• [Dec 10, 2022] Phishing scam website alert

• [Dec 10, 2022] Recommend Mopsus based on Pocket Universe's thread

• [Dec 7, 2022] MetaDock update: shortcuts, productive widgets, Open-source notice

• [Dec 7, 2022] BNB-AES pool attack [BNB-AES pool | BSC | Deflation token]

• [Dec 7, 2022] BNB-AES pool attack

• [Dec 6, 2022] Phalcon update: horizontal scroll bar, bug fixed

• [Dec 6, 2022] Let ChatGPT expain pseudorandom number generation vulnerability

• [Dec 6, 2022] RoastFootball attack [Roast Football | BSC | Weak pseudorandom number generation vulnerability]

• [Dec 5, 2022] FTX whitehat/heist activity

• [Dec 2, 2022] Attacker's activity during Ankr exploit

• [Dec 2, 2022] Phalcon update: addresses highlighting, custom ABI parsing, custom label

• [Dec 2, 2022] Ankr exploite incident

• [Dec 2, 2022] Profit calculation of an Attacker related to Ankr exploit

• [Dec 2, 2022] Ariva Coin rugpull or private key compromised [Ariva Digital | BSC | Rug pull or Private Key Compromised]

• [Dec 2, 2022] Ankr private key compromised [Ankr | BSC | Private Key Compromised]

• [Dec 1, 2022] Contract hacked by price manipulation [Contract | BSC | Price Manipulation]

• [Dec 1, 2022] Reach a strategic partnership with TokenLon

• [Nov 30, 2022] $OCASH scam

• [Nov 30, 2022] Fake phishing on rarible [Rarible | Ethereum | exploiting the unlimited approval issue]

• [Nov 27, 2022] Reply to @ballsyalchemist

• [Nov 26, 2022] Boshen's Wallet investigation, abuse MEV

• [Nov 26, 2022] Reply to bertcmiller about MEV

• [Nov 24, 2022] MetaDock updated: integrates Tenderly, Transaction Viewer, DeBank, Dedaub

• [Nov 23, 2022] NUM attack [Numbers Protocol | Ethereum | incompatible with the Multichain Router]

• [Nov 23, 2022] NUM attack [Numbers Protocol | Ethereum | fake Multichain transfer]

• [Nov 23, 2022] Boshen asset tracking [Boshen | Ethereum]

• [Nov 22, 2022] MetaDock updated: smoother on BTC.com

• [Nov 22, 2022] Profanity vulnerability

• [Nov 22, 2022] AAVE is fine

• [Nov 21, 2022] FTX accounts drainer activity

• [Nov 21, 2022] Security Practices in Move Development (2): Aptos Coin

• [Nov 21, 2022] FTX whitehat created a multisig wallet

• [Nov 19, 2022] Glad to help manifoldfinance

• [Nov 18, 2022] Reply to amber's Security Researcher

• [Nov 18, 2022] MetaDock: a chrome extension aims to imporove the usability of blockchain explorers

• [Nov 17, 2022] ConvexFinance was not hacked

• [Nov 16, 2022] DFX Finance vulnerability [Sheep_Farm22 | BSC | incorrect implementation of register function]

• [Nov 14, 2022] Phalcon updates, faster and API

• [Nov 12, 2022] FTX heist

• [Nov 11, 2022] DFX Finance vulnerability [DFX Finance | Ethereum | deposits vulnerability]

• [Nov 11, 2022] DFX Finance attacker on the move

• [Nov 7, 2022] Security Practices in Move Development (1): Hello World

• [Nov 3, 2022] FMoney Finance Rescue [FMoney Finance | Ethereum]

• [Nov 3, 2022] Skyward Finance Attack [Skyward Finance | NEAR | 'redeem_skyward' vulnerability]

• [Nov 1, 2022] Rustle: the first automatic auditor for NEAR community

• [Oct 30, 2022] Phalcon's simulation on Ethdev contract[ETHDev contract | Ethereum]

• [Oct 30, 2022] DAppNode profanity rescue [DAppNode | Ethereum | the profanity vulnerability]

• [Oct 28, 2022] Mopsus: industry-leading transaction pre-execution service

• [Oct 28, 2022] friesDAO profanity rescue [friesDAO | Ethereum | the profanity vulnerability]

• [Oct 28, 2022] V8Token attack [V8Token | BSC | 'updateUserBalance' logic vulnerability]

• [Oct 27, 2022] Collaborate with losslessdefi [Losslessdefi]

• [Oct 27, 2022] Team Finance [Team Finance | Ethereum | Fake token]

• [Oct 27, 2022] UVT attack [UVToken | BSC | Lack of sanity check]

• [Oct 27, 2022] VTF attack [VTF token | BSC | 'updateUserBalance' logic vulnerability]

• [Oct 26, 2022] n00dleSwap attack [n00dleSwap | Ethereum | ERC777-based reentrncy]

• [Oct 25, 2022] ULME attack [ULME | BSC | Indirect price manipulation attack caused by unrestricted access control]

• [Oct 20, 2022] Health attack [Health | BSC | Price Manipulation]

• [Oct 19, 2022] MEV bot was attacked

• [Oct 18, 2022] BitKeepOS contract was hacked [Bitkeep | BSC | Looks like its function allows the attacker to execute an arbitrary call]

• [Oct 17, 2022] Phalcon Update: Transaction Simulation supports BSC

• [Oct 14, 2022] Phalcon Update: Simulate a transaction

• [Oct 14, 2022] MEV bot was exploited

• [Oct 13, 2022] Profanity Rescue

• [Oct 12, 2022] ATK attacfk [ATK | BSC ]

• [Oct 12, 2022] Carrot attack [Carrot | BSC | Public FunctionCall]

• [Oct 11, 2022] TempleDao attack [TempleDao | Ethereum | Insufficient Access Control]

• [Oct 11, 2022] QANplatform deployer address is vulnerable

• [Oct 11, 2022] Indexed Finance Exploiter's address is vulnerable

• [Oct 11, 2022] Profanity vulnerability

• [Oct 10, 2022] Phalcon supports Avalanche C-Chain

• [Oct 9, 2022] Phalcon Dark Mode Launched

• [Oct 7, 2022] Binance Cross-chain Bridge Attack

• [Oct 6, 2022] RES Attack Analysis [RES token | BSC | Price Manipulation]

• [Oct 4, 2022] Whitehat rescue of vulnerable addresses generated by the vanity tool

• [Oct 2, 2022] BabySwap Attack Analysis [BabySwap | BSC ]

• [Oct 2, 2022] Transit Swap Attack Analysis [Transit Swap | BSC | Unlimited Approval]

• [Sep 29, 2022] Announcement of Phalcon Launch

• [Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project

• [Sep 23, 2022] RADT-DAO Attacl Analysis [RADT-DAO | BSC | Price Manipulation]

• [Sep 21, 2022] Our short analysis of the Profanity tool vulnerability

• [Sep 20, 2022] The Two Sides of the Private Tx Service (on Binance Smart Chai)

• [Sep 20, 2022] Wintermute Attack Analysis [Wintermute | Ethereum | Leaked Private Key]

• [Sep 18, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW

• [Sep 16, 2022] BlockSec Academy | About 61.8% (67.1K / 108.5K) of the #NFT projects are suffering from the holder pooling risk

• [Sep 14, 2022] BlockSec Academy | NFT Assets Off-Chain Risk

• [Sep 9, 2022] DeFi Alert [0xEd850799CF22b66cb4911539425f8A41423D0933 | BSC]

• [Sep 9, 2022] NFT Security Report 2022

• [Sep 8, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol

• [Sep 8, 2022] $ROI(Ragnarok Online Invasion) Attack Analysis [Ragnarok Online Invasion | BSC | Access Control Vulnerability]

• [Sep 8, 2022] No-Open Source Contract Attack [0x8b068e22e9a4a9bca3c321e0ec428abf32691d1e | BSC]

• [Sep 6, 2022] DeFi Alert

• [Sep 5, 2022] DeFi Alert [0xea41bbd80ac69807289d0c4f6582ab73e96834d0 | BSC | Price Manipulation]

• [Aug 31, 2022] No-Open Source Contract Attack
  [0x40c994299fb4449ddf471d0634738ea79c734919 | BSC | Logic Vulnerability]

• [Aug 24, 2022] KaoyaSwap Attack Analysis
  [KaoyaSwap | BSC | Logic Vulnerability]

• [Aug 17, 2022] Where is the $190M? --An Initial Analysis of the Nomad Bridge Attack Lost Funds [Nomad Bridge | Ethereum | Logic Vulnerability]

• [Aug 16, 2022] Do not directly sell NFT airdrop after ETH merge

• [Aug 12, 2022] Secure Smart Contract Development (2) — How to Use Digital Signature and Use It Right in NFT (Markets)

• [Aug 10, 2022] ANCH Attack [ANCHStake Protocol | BSC | Logic Vulnerability]

• [Aug 10, 2022] XSTABLE.PROTOCOL Attack [XSTABLE.PROTOCOL | BSC | Logic Vulnerability]

• [Aug 8, 2022] EGD_Finance Attack [EGD_Finance | BSC | Price Manipulation]

• [Aug 4, 2022] Freedom Protocol Rug&Pull [Freedom Protocol | BSC | Rug]

• [Aug 2, 2022] Nomad Bridge Exploit [Nomad Bridge | Ethereum | Logic Vulnerability]

• [Jul 14, 2022] SpaceGodzilla Attack
  [SpaceGodzilla NFT | Ethereum | Price Manipulation]

• [Jul 13, 2022] Wash trading to arbitrage on LooksRare
  [LooksRare | Ethereum | Wash trading]

• [Jul 10, 2022] ParallelFi Attack
  [Parallel Finance | Ethereum | Reentrancy]

• [Jul 1, 2022] How to sell an NFT to a buyer with a high price without the buyer's consent
  [Quixotic | Ethereum | Access Control, Signature Verification]

• [Jun 26, 2022] XCarnival_Lab Attack
  [XCarnival_Lab | Ethereum | Access Control]

• [Jun 2, 2022] CoFiXProtocol Exploit
  [CoFiX Protocol | Ethereum | Access Control]

• [May 26, 2022] How is a honeypot contract trapped by an MEV bot
  [Honeypot]

• [May 24, 2022] Hackerdao Attack
  [Hackerdao | BSC]

• [May 21, 2022] bDollarFi Attack
  [bDollar Finance | BSC | Price Manipulation]

• [May 9, 2022] Fortress Protocol Attack
  [Fortress Protocol | BSC | Price Oracle Manipulation]

• [Apr 27, 2022] BnBBrokers Attack
  [BnBBrokers | BSC | Reentrancy]

• [Apr 23, 2022] AkuDreams Exploit
  [Akutars | Ethereum]

• [Apr 21, 2022] Zeed Protocol Exploit
  [Zeed Protocol | BSC | Reward Distribution Vulnerability]

• [Apr 18, 2022] BeanstalkFarms Attack
  [Beanstalk Farms | Ethereum]

• [Apr 13, 2022] ElephantStatus Attack
  [Elephant Money | BSC | Price Manipulaiton, Reentrancy]

• [Apr 10, 2022] Gym Network Attack
  [Gym Network | BSC | Price Manipulaiton]

• [Apr 2, 2022] Inverse Finance Attack
  [Inverse Finance | Ethereum | Price Manipulaiton]

• [Mar 31, 2022] Ola Finance Attack
  [Ola Finance | Ethereum | Reentrancy]

• [Mar 27, 2022] Classic Single-contract Re-entrancy Attack [Rena | Ethereum | Reentrancy]

• [Mar 24, 2022] CashioApp Attack
  [Cashio App | Solana | Access Control]

• [Mar 20, 2022] Scam token BmDoge
  [BmDoge | BSC | Backdoor Function]

• [Mar 15, 2022] Agave Lending Attack
  [Agave Fiannce | Gnosis Chain | Untrusted external call]

• [Mar 15, 2022] Deus Finance Exploit
  [Deus Finance | Fantom | Price Manipulation]

• [Mar 9, 2022] PXPNFTsGame Attack
  [PiratexPirate | Ethereum | Private Key Leakage]

• [Mar 4, 2022] The rough analysis on the BTC donation to Ukraine

• [Mar 3, 2022] How to shop free for NFT

• [Jan 18, 2022] Crosswise Finance Attack
  [Crosswise Finance | Ethereum | Access Control]

• [Dec 30, 2021] SashimiSwap Attack
  [SashimiSwap | Ethereum]

• [Nov 30, 2021] MonoXFinance Attack
  [MonoX Finance | Ethereum]

• [Nov 21, 2021] FormationFi Attack
  [Formation Finance | Ethereum]

• [Oct 28, 2021] CreamFinance Attack
  [Cream Finance | BSC | Oracle Vulnerability]

• [Sep 15, 2021] NowSwap Attack
  [NowSwap Protocol | Ethereum | Semantic Inconsistenty]

• [Sep 14, 2021] KlondikeFinance Attack
  [Klondike Finance | Ethereum]

• [Sep 3, 2021] Siren Protocol Attack
  [Siren Protocol | Ethereum | Reentrancy]

• [Aug 17, 2021] XSURGEDEFI Attack [Xsurge | Ethereum | Reentrancy, Price Manipulation]

Media Coverage

• [Jan 14, 2023] 디파이, NFT 온체인 리스크 쉽게 확인하기

• [Jan 12, 2023] First Mover Asia: The Next Avraham Eisenberg Isn’t Going to Be a ChatGPT-Powered ‘Script Kiddie’

• [Jan 9, 2023] Introducing MetaDock: A secure and efficient trove of Web3 tools and resources

• [Dec 6, 2022] Minted: How the DeFi Wallet NFT Marketplace Works in Detail

• [Dec 5, 2022] Attackers Net $20M through Ankr and Helio exploits

• [Dec 3, 2022] Hack Saldırısı Bu Altcoin’i Yerle Bir Etti: Fiyat Sıfıra Gidiyor!

• [Dec 2, 2022] Attackers pocket $20 million in exploits on Ankr and Helio

• [Dec 2, 2022] Hackers get away with $20 million in twin attacks on Ankr and Helio

• [Dec 2, 2022] Binance pausa saques em meio a hack ao protocolo Ankr

• [Nov 11, 2022] DeFi Platform DFX Finance Says it Has Been Hacked for $7.5M

• [Nov 11, 2022] Polychain-backed DFX Finance hacked for $7.5 million

• [Nov 9, 2022] Desenvolvimento Seguro de Contratos Inteligentes (1) - Reentrância de Código em Contratos NFT

• [Nov 7, 2022] Skyward Finance Reportedly Suffers $3M Exploit on Near Protocol

• [Nov 4, 2022] Crypto : Les escrocs du Merge d'Ethereum (ETH)

• [Nov 4, 2022] Skyward Finance Suffers $3M Lost From Finance Attack

• [Nov 4, 2022] Developers of pNetwork bridge drain $4.3 million from PancakeSwap in ‘white hat’ attack

• [Nov 4, 2022] Developers of pNetwork bridge drain $4.3 million from PancakeSwap in 'white hat' attack

• [Nov 3, 2022] Hacker Steals $3 Million Worth of Tokens From Skyward Finance

• [Nov 3, 2022] Skyward Finance Allegedly Suffers $3M Loss in Exploit

• [Oct 31, 2022] BlockSec Debunks Rumours of $532M Smart Contract Hack

• [Oct 30, 2022] Hackers nab $14.5M from DeFi platform Team Finance

• [Oct 27, 2022] DeFi platform robbed of nearly $15 million in hack

• [Oct 18, 2022] New Community-Based Security Mechanism Launched By BNB Chain To Protect Users

• [Oct 17, 2022] TempleDAO Hacked Funds Deposited to Tornado Cash

• [Oct 16, 2022] Wintermute repays $92M TrueFi loan on time despite suffering $160M hack

• [Oct 13, 2022] Someone abused FTX’s withdrawal fee subsidy to mint $70,000 of XEN

• [OCt 7, 2022] A $568 Million Hack of Binance Coin Roils Crypto Sector Anew

• [Sep 19, 2022] BlockSec detects replay exploit with ETHPoW tokens

• [JULY 10, 2022] Hacker drains $1.4 million worth of ETH from NFT lender Omni

• [JUN 17, 2022] Inverse Finance exploited again for $1.2M in flash loan oracle attack

• [MAY 13, 2022] How to protect yourself from the recent spate of ‘crypto muggings’

• [May 3, 2022] Spate of Exploits Snares Rari Capital and Saddle Finance for $90M Escalation of Malicious Attacks Shows No Sign of Abating

• [May 1, 2022] Fei Protocol Offers $10M Bounty After $80M Rari Capital Exploit

• [APR 22, 2022] Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct

• [APR 22, 2022] Finance Redefined: Hacker bungles DeFi exploit, dYdx's decentralization goals, and more