Welcome to the latest edition of our monthly security roundup where you find the most relevant Web3 security news all in one place. Get key insights into what happened and stay ahead of the curve!
Where are you hosting your applications? Explore how you can protect yourself against DNS hijacking attacks https://blog.rivanorth.com/dns-hijacking-protection-on-vercel
September 2024 Hacks
Penpie - $27M - The attacker leveraged a vulnerability in Penpie's reward distribution system, specifically targeting a function through a reentrancy attack.
DeltaPrime - $6M - Hack was caused due to a private key compromise, potentially linked to the Lazarus Group, which allowed attackers to exploit the platform's admin privileges and drain its Arbitrum-based liquidity pools.
Indodax - $25M - The breach targeted Indodax’s hot wallets, and the hack has been speculated to be linked to the North Korean Lazarus Group.
BingX - $44M - Hackers gained unauthorised access to BingX's hot wallets, exploiting a vulnerability that allowed them to drain assets across multiple chains.
Shezmu - $4.9M - A vulnerability in the vault allowed attackers to steal funds without providing sufficient collateral.
Bedrock - $2M - Hackers targeted the uniBTC contract, a synthetic Bitcoin token used within Bedrock's offering.
Web2 Security
Are you using Web2 infrastructure? Check out the latest Web2 vulnerabilities that could affect your project here -> https://blog.rivanorth.com/vulnerability-report-october-2024
Rivanorth Security Research
Top 3 Multi-Chain Security Issues
The Ultimate Guide to Securing Your X/Twitter Account
ERC-4626 Vulnerabilities and How to Avoid Them in Your Project
Secure Proxy Models: Understanding Beacon Proxies
Rug Pulls and How to Avoid Them
Real-time hack alerts: https://twitter.com/rivanorthSec
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.