According to SlowMist, on June 27, 2022, hackers exploited a critical flaw in the XCarnival project and made off with 3,087 ETH (about $3.8 million). XCarnival is a decentralized NFT lending platform that was built on the Ethereum network. The team working on the project has been made aware of…

Storytime User A received a text message from their exchange asking them to download the latest wallet. This prompted him to search for “xx wallet official”, and clicking the first link displayed. They then proceeded to download the application, create a wallet, and transfer some funds over to the newly…

On June 15, 2022, MetaMask announced that white hat hackers have discovered a security vulnerability codename “demonic”. The vulnerability is known to affect only versions before 10.11.3. Given MetaMask’s popularity and the prevalence of derivatives that utilize it as a wallet’s foundation, MetaMask kindly offered a white hat prize of…

On June 3rd, 2022, MetaMask discolosed a serious clickjacking vulnerability discovered by the white hat group, United Global Whitehat Security Team(UGWST). This was a browser extension-only vulnerability, it allowed attackers to deceive users into giving sensitive information or sending crypto-assets without them realizing it. This was made possible since the…

We’re working with Go+ Security to help secure the future of web3. The primary goal of this cooperation is to exchange data. …

The NFT project Verb Lab recently launched their project to the public. However, their official discord channel was already filled with malicious bots. These bots target new users by pretending to be from the official team and sending them private chats with phishing links to mint. We discovered three links…

Background In the last article, we learned how the data in contracts are stored and how to read different types of data in contracts. One function in a smart contract, delegatecall, is what we’ll be going over in this article. Prior-Knowledge Let’s first go over the two common external function…

Background On May 25th, Twitter user @0xLosingMoney stated a user, @Dvincent_ stole 29 Moonbirds NFTs, worth approximately $700,000 through the use of a phishing website: p2peers.io. The website has now been shut down. The user stated that this domain, along with another, sarek.fi, was used in previous hacking incidents.

Hi, there! The MistTrack anti-money laundering tracking system was officially launched on April 27th. Following a month of community feedback, we have updated and added the following features. May 23rd updates 1. We have added a sharing function on MistTrack. Not only can you share your work with your friends…