-
[Aug 5, 2022] How Unchecked Mapping Makes $200M Losses of Nomad Bridge
[Nomad Bridge | Ethereum] -
[Jun 16, 2022] Our Take on the Inverse Finance Security Incident: Price Manipulation Attack
[Inverse Finance | Ethereum | Oracle vulnerability] -
[Jun 7, 2022] How a Critical Bug in Solana Network was Detected and Timely Patched
[Solana Network | Solana | CWE-682] -
[May 31, 2022] How the Mirror Protocol got Exploited
[Mirror Protocol | Ethereum | Double Claiming Attack] -
[May 18, 2022] The Analysis of FEGtoken Security Incident: Devil’s in the Details
[FEGtoken | Ethereum | Access Control, Untrusted External Call] -
[May 16, 2022] Revisiting the CashioApp Security Incident [CashioApp | Solana | Access Control]
-
[May 6, 2022] How to exploit the same vulnerability of MetaPool in two different ways (Nerve Bridge / Saddle Finance) — What you see is not what you get
[MetaPool | Near | Pricing Mechanism] -
[Apr 23, 2022] How Akutar NFT loses 34M USD
[Akutar NFT | Ethereum | DoS Attack] -
[Apr 21, 2022] How to verify a signature in a wrong way — the AssociationNFT case
[The Association NFT | Ethereum | Double Claiming Attack, Signature Verification] -
[Apr 4, 2022] The Race Against Time and Strategy: About the AnySwap Rescue and Things We Have Learnt
[Anyswap | Fantom | Access Control] -
[Mar 31, 2022] Tracing the Stolen Fund of the Ronin Bridge [Ronin Bridge | Ronin | Private Key Leakage]
-
[Mar 31, 2022] Revest Finance Vulnerabilities: More than Re-entrancy
[Revest Finance | Ethereum | Reentrancy, Access Control] -
[Mar 13, 2022] [Not All Tokens Are Good] The quick analysis of the Paraluni attack
[Paraluni | Ethereum | Reentrancy, Unchecked Input Token] -
[Mar 22, 2022] Revisiting the Wormhole Attacks [Wormhole Network | Solana | Access Control]
-
[Mar 21, 2022] LI.FI Attack: a Cross-chain Bridge Vulnerability? No, It’s Due to Unchecked External Call!
[LI.FI | Ethereum | Unchecked External Call] -
[Mar 17, 2022] The short analysis of the flashloan attack to the APE AirDrop
[BAYC | Ethereum] -
[Feb 3, 2022] When “SafeMint” Becomes Unsafe: Lessons from the HypeBears Security Incident
[HyperBears NFT | Ethereum | Untrusted External Call, Reentrancy] -
[Jan 28, 2022] When “SafeTransfer” Becomes Unsafe: lessons from the QBridge security incident
[Qubit Finance | Ethereum] -
[Jan 16, 2022] How a vulnerability is silently fixed by Coin98
[Coin98 | BSC | Unchecked Input Parameters] -
[Dec 30, 2021] New Integer Overflow Bug Discovered in Solana rBPF [Solana Network | Solana | Interger Overflow]
-
[Nov 18, 2021] The analysis of Nerve Bridge Security Incident
[Nerve Network | BSC] -
[Nov 6, 2021] The Initial Analysis of the bZx Security Incident
[bZx Protocol | Ethereum | Possible Private Key leakage] -
[Oct 22, 2021] The analysis of Indexed Finance Security Incident
[Indexed Finance | Ethereum | Price Manipulation] -
[Oct 10, 2021] [The Butterfly Effect] The Compound Security Incident Caused by a Bugfix
[Compound Finance | Ethereum] -
[Sep 22, 2021] The Real Root Cause of the Vee Finance Security Incident
[Vee Finance | Ethereum | Unchecked Input Parameters] -
[Aug 28, 2021] A short analysis of the wild exploitation of CVE-2021–39137
[Ethereum Network | Ethereum | CVE-2021–39137] -
[Aug 15, 2021] The Retrospection of the Poly Network Hack from a Security Researcher perspective
[Poly Network] -
[Aug 12, 2021] The Further Analysis of the Poly Network Attack
[Poly Network] -
[Aug 11, 2021] The initial analysis of the PolyNetwork Hack
[Poly Network] -
[Aug 9, 2021] The analysis of the Zerogoki attack
[Zerogoki | Ethereum | Price Manipulation] -
[Aug 4, 2021] The Analysis of the Popsicle Finance Security Incident [Popsicle Finance | Ethereum | Double Claim Attack]
-
[Jul 21, 2021] The Analysis of the Sanshu Inu Security Incident [Sanshuinu | Ethereum | Deflation Token]
-
[Jul 19, 2021]The Analysis of the Array Finance Security Incident [Array Finance | Ethereum | Price Manipulation]
-
[May 9, 2021]Price manipulation attack in reality (again): RariCapital incident [RariCapital | Ethereum | Price Manipulation]
-
[Jan 3, 2021]Security incident on Seal Finance
[Seal Finance | Ethereum | Reentrancy] -
[Jan 3, 2021]Deposit Less, Get More: yCREDIT Attack Details [YCredit | Ethereum]
-
[Dec 18, 2020]Flash Loan Attack on Plouto Vault
[Plouto| Ethereum] -
[Dec 3, 2020]Loopring(LRC) Protocol Incident
[LRC Protocol| Ethereum | Price Manipulation]
-
[Mar 18, 2022]Secure the Solana Ecosystem (2) — Calling Between Programs
-
[Mar 27, 2022]Secure the Solana Ecosystem (3) — Program Upgrade
-
[Apr 6, 2022]Secure the Solana Ecosystem (4) — Account Validation
-
[Apr 29, 2022]Secure the Solana Ecosystem (7) — Type Confusion
-
[Aug 31, 2022] No-Open Source Contract Attack
[0x40c994299fb4449ddf471d0634738ea79c734919 | BSC | Logic Vulnerability] -
[Aug 24, 2022] KaoyaSwap Attack Analysis
[KaoyaSwap | BSC | Logic Vulnerability] -
[Aug 17, 2022] Where is the $190M? --An Initial Analysis of the Nomad Bridge Attack Lost Funds [Nomad Bridge | Ethereum | Logic Vulnerability]
-
[Aug 16, 2022] Do not directly sell NFT airdrop after ETH merge
-
[Aug 10, 2022] ANCH Attack [ANCHStake Protocol | BSC | Logic Vulnerability]
-
[Aug 10, 2022] XSTABLE.PROTOCOL Attack [XSTABLE.PROTOCOL | BSC | Logic Vulnerability]
-
[Aug 8, 2022] EGD_Finance Attack [EGD_Finance | BSC | Price Manipulation]
-
[Aug 4, 2022] Freedom Protocol Rug&Pull [Freedom Protocol | BSC | Rug]
-
[Aug 2, 2022] Nomad Bridge Exploit [Nomad Bridge | Ethereum | Logic Vulnerability]
-
[Jul 14, 2022] SpaceGodzilla Attack
[SpaceGodzilla NFT | Ethereum | Price Manipulation] -
[Jul 13, 2022] Wash trading to arbitrage on LooksRare
[LooksRare | Ethereum | Wash trading] -
[Jul 10, 2022] ParallelFi Attack
[Parallel Finance | Ethereum | Reentrancy] -
[Jul 1, 2022] How to sell an NFT to a buyer with a high price without the buyer's consent
[Quixotic | Ethereum | Access Control, Signature Verification] -
[Jun 26, 2022] XCarnival_Lab Attack
[XCarnival_Lab | Ethereum | Access Control] -
[Jun 2, 2022] CoFiXProtocol Exploit
[CoFiX Protocol | Ethereum | Access Control] -
[May 26, 2022] How is a honeypot contract trapped by an MEV bot
[Honeypot] -
[May 21, 2022] bDollarFi Attack
[bDollar Finance | BSC | Price Manipulation] -
[May 9, 2022] Fortress Protocol Attack
[Fortress Protocol | BSC | Price Oracle Manipulation] -
[Apr 27, 2022] BnBBrokers Attack
[BnBBrokers | BSC | Reentrancy] -
[Apr 23, 2022] AkuDreams Exploit
[Akutars | Ethereum] -
[Apr 21, 2022] Zeed Protocol Exploit
[Zeed Protocol | BSC | Reward Distribution Vulnerability] -
[Apr 18, 2022] BeanstalkFarms Attack
[Beanstalk Farms | Ethereum] -
[Apr 13, 2022] ElephantStatus Attack
[Elephant Money | BSC | Price Manipulaiton, Reentrancy] -
[Apr 10, 2022] Gym Network Attack
[Gym Network | BSC | Price Manipulaiton] -
[Apr 2, 2022] Inverse Finance Attack
[Inverse Finance | Ethereum | Price Manipulaiton] -
[Mar 31, 2022] Ola Finance Attack
[Ola Finance | Ethereum | Reentrancy] -
[Mar 27, 2022] Classic Single-contract Re-entrancy Attack [Rena | Ethereum | Reentrancy]
-
[Mar 24, 2022] CashioApp Attack
[Cashio App | Solana | Access Control] -
[Mar 20, 2022] Scam token BmDoge
[BmDoge | BSC | Backdoor Function] -
[Mar 15, 2022] Agave Lending Attack
[Agave Fiannce | Gnosis Chain | Untrusted external call] -
[Mar 15, 2022] Deus Finance Exploit
[Deus Finance | Fantom | Price Manipulation] -
[Mar 9, 2022] PXPNFTsGame Attack
[PiratexPirate | Ethereum | Private Key Leakage] -
[Mar 4, 2022] The rough analysis on the BTC donation to Ukraine
-
[Jan 18, 2022] Crosswise Finance Attack
[Crosswise Finance | Ethereum | Access Control] -
[Dec 30, 2021] SashimiSwap Attack
[SashimiSwap | Ethereum] -
[Nov 30, 2021] MonoXFinance Attack
[MonoX Finance | Ethereum] -
[Nov 21, 2021] FormationFi Attack
[Formation Finance | Ethereum] -
[Oct 28, 2021] CreamFinance Attack
[Cream Finance | BSC | Oracle Vulnerability] -
[Sep 15, 2021] NowSwap Attack
[NowSwap Protocol | Ethereum | Semantic Inconsistenty] -
[Sep 14, 2021] KlondikeFinance Attack
[Klondike Finance | Ethereum] -
[Sep 3, 2021] Siren Protocol Attack
[Siren Protocol | Ethereum | Reentrancy] -
[Aug 17, 2021] XSURGEDEFI Attack [Xsurge | Ethereum | Reentrancy, Price Manipulation]
-
[JULY 10, 2022]Hacker drains $1.4 million worth of ETH from NFT lender Omni
-
[JUN 17, 2022]Inverse Finance exploited again for $1.2M in flash loan oracle attack
-
[MAY 13, 2022]How to protect yourself from the recent spate of ‘crypto muggings’
-
[May 1, 2022]Fei Protocol Offers $10M Bounty After $80M Rari Capital Exploit
-
[APR 22, 2022]Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct