BlockSec Launches Phalcon Fork for Private Chain Collaborative Testing

In a bid to improve collaborative testing on private chains, blockchain security technology firm BlockSec has launched the Phalcon Fork toolkit. This new toolkit provides more control to developers and security researchers who are working on testnets, ensuring that testing, analysis, and debugging of transactions can be done more efficiently.

The Phalcon Fork allows for the forking of arbitrary transaction positions and block numbers on the Ethereum mainnet, giving users greater control over the work being done on testnets. This allows developers to easily test, analyze, and debug transactions, providing a more streamlined testing process. Additionally, Phalcon Fork provides developers with more control over block information such as Timestamp, BaseFee, and MixDigest, while also retaining services and states from the Ethereum mainnet.

One of the key features of the Phalcon Fork is the integrated faucet, which provides free fork network Ether (ETH) to execute transactions on private chains. This makes it easier for developers to test their DeFi contracts on private chains, without having to worry about transaction fees. Additionally, Phalcon Fork provides Fork RPC, a remote procedure call node that can be integrated with Ethereum Virtual Machine-compatible development frameworks such as Hardhat, Foundry, and Remix or added to MetaMask.

At present, users can only fork from the Ethereum mainnet. However, BlockSec has hinted at future support for additional blockchains such as the BNB Smart Chain and Arbitrum. This will allow developers to test their DeFi contracts on a wider range of blockchains, providing more flexibility in their testing processes.

The launch of Phalcon Fork follows the successful deployment of the Shapella hard fork on the Ethereum mainnet, which went live on April 12. This upgrade has enabled Ethereum validators to withdraw staked ETH from the Beacon Chain, resulting in a positive price action for Ether (ETH). Since April 12, Ether has gained roughly 12% and is currently sitting at $2,092 at the time of writing.

In conclusion, the Phalcon Fork provides developers and security researchers with more control over testing, analysis, and debugging of transactions on private chains forked from the Ethereum mainnet. It offers an integrated faucet for free fork network Ether (ETH) and Fork RPC for integration with Ethereum Virtual Machine-compatible development frameworks. With future support for additional blockchains on the horizon, the Phalcon Fork provides greater flexibility in the testing process for developers of DeFi contracts.


Tagged : / / / / /

Allbridge Recovers $465,000 Stolen in Crypto Exploit

According to a tweet that was published on April 3, a multichain token bridge known as Allbridge has successfully recovered bitcoin valued at $465,000 that was stolen in a recent exploit. A message was sent to the project by an individual who returned 1,500 BNB, which is equal to $465,000. The remaining money were deemed a white hat reward for the individual, as Allbridge had promised. After that, the project changed all of the Binance Coins (BNB) it had received into Binance Dollars (BUSD) so that they could be utilized as compensation.

Peckshield, a blockchain security company, was the first to discover the vulnerability. On April 1, the company sent a tweet to Allbridge in which it alerted the company that a person was manipulating the BNB Chain pools swap price by serving as both a liquidity provider and a swapper. As the vulnerability was discovered, Allbridge offered the attacker a reward as well as the opportunity to avoid legal repercussions.

Blockchain security companies CertiK and PeckShield calculated that the entire amount taken was very close to $550,000 despite the fact that the project has not publicly stated the complete amount that was stolen. According to PeckShield, the attack generated around $573,000 in total, comprised of $282,889 in Bitcoin USD and $290,868 worth of Tether (USDT).

Allbridge also disclosed that a second address made advantage of the same vulnerability and provided a link to a wallet that at the moment has 0.97 BNB, which has a value of around $300 at the time of this writing. The project requested that the second exploiter make contact and explore the possibility of the monies being returned.

After the original breach, Allbridge made it very obvious that it was collaborating with a number of different groups to recover the missing monies. BNB Chain was one of those firms, and on April 2, it tweeted that it had found at least one of the perpetrators engaged using on-chain analysis. This information was shared with the public. AvengerDAO was recognized by BNB Chain for its contributions to the money recovery effort, and BNB Chain is providing active assistance to the Allbridge team as they work to recover the funds.

The rapid reaction of Allbridge to the vulnerability as well as their offer of a white hat incentive for uncovering vulnerabilities highlight how important it is for the cryptocurrency sector to prioritize security. Projects may strengthen their security and stave off future assaults if hackers are offered financial incentives to disclose flaws rather than use them for their own gain. On the other hand, it is essential for organizations to collaborate in order to track down missing cash and hold those responsible for the thefts accountable for their actions.


Tagged : / / / / /

Rogue Validator Outsmarts MEV Bots, Resulting in a $25 Million Loss

In a recent incident, MEV bots attempting sandwich trades suffered a massive loss of $25 million in digital assets due to a rogue validator. The bots were trying to execute sandwich transactions, which involves intercepting a trader’s transaction to profit from it. However, as the bots began to swap millions, the reverse transactions were replaced by a validator who went rogue, resulting in significant losses.

The losses included $1.8 million in Wrapped Bitcoin (WBTC), $5.2 million in USD Coin (USDC), $3 million in Tether (USDT), $1.7 million in Dai (DAI), and $13.5 million in Wrapped Ether (WETH). At the time of writing, most of the funds had been transferred to three different wallets.

In a Twitter thread, blockchain security firm CertiK explained that the vulnerability was due to the centralization of power with validators. As the MEV bots tried to perform front-run and back-run transactions for profit, the rogue validator swooped in to back-run the MEV’s transaction, resulting in significant losses.

The attack highlights the risks associated with MEV bots, despite their potential to earn vast amounts of digital assets. MEV bots have become increasingly popular in the crypto market, as they can execute complex trading strategies with speed and accuracy. However, they are also vulnerable to hacks and exploits, as seen in previous incidents.

CertiK warned that this attack could affect other MEV searchers conducting strategies such as sandwich trading. The team noted that there is a possibility that MEV searchers may become wary of non-atomical strategies due to this exploit.

The CertiK team emphasized the need for greater decentralization to reduce the vulnerability of validators to such attacks. This incident underscores the importance of blockchain security and the need for continuous monitoring and upgrading of security protocols to prevent such incidents.

In conclusion, the attack on MEV bots attempting sandwich trades by a rogue validator resulted in significant losses of $25 million worth of digital assets. The vulnerability was due to the centralization of power with validators, highlighting the need for greater decentralization to reduce the risks associated with such attacks. This incident underscores the importance of blockchain security and the need for continuous monitoring and upgrading of security protocols to prevent such incidents.


Tagged : / / / / / /

Euler Finance Audited 10 Times Before $196 Million Attack

Euler Finance, an Ethereum-based lending protocol, underwent 10 audits from six different blockchain security firms between May 2021 and September 2022. The audits ranked the risk assessment of the platform, measuring the “likelihood of a security incident” and the impact it may have. The risk level for Euler ranged from very low and informational to critical, with none deemed “nothing higher than low risk” with “no outstanding issues.” Despite the extensive audits, Euler suffered a $196 million flash loan attack on March 13, 2023.

In response to the attack, Euler Labs CEO Michael Bentley described it as the “hardest days” of his life in a series of tweets on March 17. He retweeted a user sharing information that Euler had undergone ten audits, commenting that the platform “has always been a security-minded project.” Euler had also issued a warning only 24 hours before launching a $1 million bounty for information leading to the hacker’s arrest, stating that it would launch a bounty “that leads to your arrest and the return of all funds” if 90% of the funds were not returned within 24 hours.

Despite the audits, Euler’s attacker began moving funds through crypto mixer Tornado Cash on March 16, only hours after the bounty was launched. In his Twitter thread, Bentley expressed his frustration at the attack and the sacrifices he had to make as a result, including time with his newborn son. However, he also thanked the security experts who are “working on leads” for the investigation.

While some blockchain security firms, such as Omnisica, found and addressed some “incorrect paradigms” in Euler’s base swapper implementation and how the swap mode was “handled by the codebase,” the audits concluded that Euler had “properly dealt” with these issues, with “no outstanding issues” remaining. Halborn’s audit summary in December 2022 also stated that it had found “an overall satisfactory result.”

In conclusion, Euler Finance’s 10 audits from six different blockchain security firms in two years did not prevent a $196 million flash loan attack. Despite the audits deeming the platform “nothing higher than low risk” with “no outstanding issues,” the attacker was able to move the funds through crypto mixer Tornado Cash only hours after Euler launched a $1 million bounty for their arrest. The investigation into the attack is ongoing.


Tagged : / / / / /

Crypto Industry Continues to Experience Hacks and Exploits: Can Increased Security Measures Help?

The crypto industry has been plagued with hacks, fraud, scams, and rug pulls in the past year, with losses totaling approximately $4 billion in 2022 alone. The largest crypto hack of 2022 was the Axie Infinity’s Ronin blockchain hack, which saw hackers make off with about $625 million worth of Ethereum and USDC. Despite the prevalence of hacks and exploits, some projects have been able to track down attackers and even recover some stolen funds with the help of on-chain sleuths.

Recent news of the successful retrieval of $140 million worth of tokens involved in the Wormhole cross-chain bridge hack is a positive development for the crypto industry. The coordinated effort between Jump Crypto and Oasis, which developed multi-signature wallet software, is a testament to the importance of collaboration and increased security measures. However, it is clear that more needs to be done to prevent such attacks in the future.

One way to increase security measures in the crypto industry is through the implementation of decentralized finance (DeFi) protocols. DeFi protocols offer an alternative to traditional financial systems by using blockchain technology to enable peer-to-peer transactions, without the need for intermediaries such as banks. This creates a more secure and transparent system that is less susceptible to hacks and exploits.

Another potential solution is to increase the use of multi-signature wallets, which require multiple parties to sign off on transactions before they are approved. This would add an additional layer of security and make it more difficult for attackers to gain access to funds.

In conclusion, while the successful retrieval of funds from the Wormhole cross-chain bridge hack is a positive development for the crypto industry, it is clear that increased security measures are needed to prevent future attacks. The implementation of DeFi protocols and multi-signature wallets are just two of the ways in which the industry can become more secure and protect the investments of its users.


Tagged : / / /

CertiK Raises $60m In New Funding in Two Weeks

CertiK, a web3 and blockchain security company based in New York, announced on Friday that it raised an additional $60 million just two weeks after it raised $88 million in a Series B3 funding round. The latest funding gives CertiK a valuation of $2 billion.

The new round is an extension of the Series B3 seed funding as there was demand from investors. Ronghui Gu, the CertiK co-founder, talked about the development and said: “Series B3 is oversubscribed. Considering the enthusiasm of investors, we managed to facilitate this extension.”

SoftBank Vision Fund and CertiK’s existing investor Tiger Global are the only two backers who participated in the extension round. The extension was SoftBank’s first investment in CertiK.

CertiK mentioned that it intends to use the latest funding to expand its team and product offerings. The company’s current headcount is about 200, and it has various open positions, including in its engineering and business development roles.

CertiK’s valuation has doubled in just three months because of an increase in cryptocurrency hacks that have led to increased demand for security infrastructure by blockchain firms and other financial institutions.

Just within this year, over $1 billion in cryptocurrency has been lost as a result of major DeFi hacks, including the Ronin Network and Wormhole. The attacks have happened even after projects have been audited by companies such as CertiK.

Gu defended the auditing review exercise by stating: “An audit by CertiK is not a ‘certificate’ or an ‘endorsement’ that a project is safe from hacks. It is just a report of vulnerability findings with recommendations.

The executive further elaborated: “CertiK or any other auditor provides audit scope around a particular contract, meaning the audit relates to a particular contract or version of code of a project. Projects can fork their code, update their code or decline to remediate issues in their code after an audit is complete. This results in a persistent or new risk, which in some cases results in a hack.”

Detecting And Preventing Crypto Attacks

CertiK raised $88 million in its Series B3 funding round early this month. The firm planned to use the funds to develop new products and “a one-stop security platform for the entire web3 world.”

The move by the firm comes as the demand for blockchain security has risen as the cryptocurrency industry faces extensive losses of funds due to exploits and fraud.

Founded in 2018 and based in New York, CertiK’s mission is to secure the web3 world. The firm is a major provider of blockchain security services. It leverages best-in-class AI technology to protect and monitor blockchain protocols and smart contracts.

To date, CertiK has protected more than $300 billion worth of crypto assets for 2,500 enterprise clients through its fraud investigation and auditing services, including other offerings. The company’s revenue increased 12x, and profits rose 3,000 times in 2021.



Image source: Shutterstock


Tagged : / / /

YFI Comes Out with Report for Yearn Finance v1 yDAI Vault Hack

Yearn Finance recently tweeted that its v1 yDAI Vault got hacked. A part of the deposits, worth $11 million, got lost. The attack helped the hackers to acquire a total of $28 million.

A Detailed Look on the Yearn Finance Breach

The breach was stopped by the Yearn Finance security team 38 minutes from its onset. As investigations were going on, Yearn Finance put deposits on several vaults on hold.

One of Yearn Finance’s core developers, Banteg, reported that the method used to hack the system appears to be a flash loan attack. A flash loan happens when DeFi assets are loaned out and paid back almost immediately without collateral. 

According to Banteg’s report, the hackers manipulated the protocol by unbalancing exchange rates on Curve’s 3pool. They then proceeded to make deposits and withdrawals at mind-blowing rates from the 3pool eleven times.

A Sudden Blockchain Loophole Found

Andre Cronje, the Yearn Finance creator, noticed the attack was taking place on Thursday at around 2145hrs (UTC). He then mobilized Yearn Finance’s security team that neutralized the attack in a time of eleven minutes. 

Following how fast the team eradicated the attack, about 24m out of the 35m DAI got saved. The attacker made away with a profit of 2.7m DAI. The hack’s mitigation happened when the security team applied a command that disabled deposits on the DAI vault. Additionally, deposits on other vaults on the network, including USDC, USDT, and TUSD, were disrupted as a precaution.

For the past few weeks, Blockchain networks have seen several attacks that have seen many platforms count massive losses. According to blockchain security watch Slowmist, Yearn Finance’s attack becomes the second hacking incident this month. Slowmist has recorded a total of 374 hacks across several digital asset networks.

The blockchain security monitoring firm has recorded an eye-widening total of $14 billion worth of assets lost due to blockchain hacks. The figure could signal that there is a need to reconsider how blockchain security might be vulnerable.

The ‘Assurance’ of Blockchain Security

Once an unhackable technology, blockchain is now facing severe attacks that lead to losses worth billions of dollars. Flash loan attacks, 51% attacks are some of the blockchain security problems yet to be solved entirely. It proves that the use of blockchain does not mean one’s funds are safe.

Late last year, US federal authorities seized approximately $1 billion worth of stolen crypto. The amount was gotten from the previously shut down Silk Road black market. A massive number of stolen crypto is yet to be recovered, and probably hackers have already put the crypto into circulation.

Like BTCMANAGER? Send us a tip!

Our Bitcoin Address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4


Tagged : / / / / / / / / / / / / / /
Bitcoin (BTC) $ 26,573.12 0.22%
Ethereum (ETH) $ 1,592.09 0.26%
Litecoin (LTC) $ 64.83 0.30%
Bitcoin Cash (BCH) $ 209.07 0.48%