We have released our dataset on Web3 phishing website detection, containing 26,333 phishing URLs. Feel free to use the dataset for further research and development of better anti-phishing solutions.

https://github.com/blocksecteam/TxPhishScope

.@OnyxDAO was attacked, resulting in a loss of nearly $4M. The root cause was unverified user input during the liquidation process. Specifically, key parameters of the liquidateWithSingleRepay function in the NFTLiquidation contract were controllable by the attacker, allowing manipulation of the extraRepayAmount variable through the repayAmount parameter. By exploiting this, the attacker was able to liquidate all collateral with just one token.

The key attack steps are summarized as follows:
1. The attacker first deposited oETH and borrowed various assets to reach the liquidation threshold. Simultaneously, they created a new contract that, through a donation attack and precision loss (inherent from the Compound V2 fork), reduced the oETH exchange rate, making the attacker's position eligible for liquidation.
2. The attacker then performed the liquidation. Due to insufficient parameter validation, the attacker manipulated the extraRepayAmount variable, which was added to the calculation of how many tokens needed to be liquidated. This allowed the attacker to obtain more oETH through liquidation, leading to a profit.

Attack Tx:

Address poisoning is on BTC now. The following is one concrete case. The phishing address (address 1) is disguising address 2 to send a small amount of BTC to address 3. Since addresses 2 and 3 have historic transactions, the attacker hopes to trick the owner into copying the wrong address.

很高兴看到在 Solana Breakpoint 上有许多专注的项目👏 @SolanaConf。他们以令人难以置信的创新和热情在 Solana 上构建。BlockSec 通过增强安全性和支持项目成功，积极为 Solana 生态系统做出贡献。随着生态系统的不断扩展，我们提供高效且强大的链上支持工具。@solana @SolanaFndn

👉 https://blocksec.com/blog/phalcon-explorer-now-fully-supports-solana
Phalcon Explorer 是为 DeFi 社区设计的强大交易浏览器，现在完全支持 Solana！与其他 Solana 浏览器相比，Phalcon Explorer 帮助普通用户轻松理解 Solana 交易，并帮助开发者清晰全面地了解函数调用关系。@Phalcon_xyz

👉 https://blocksec.com/blog/best-solana-transaction-visualization-tool
MetaSleuth 是一个加密追踪和调查平台，提供 Solana 资金交易的实时追踪。用户可以快速便捷地查看 Solana 上的资金流动，并进行明智的分析和决策。@MetaSleuth

👉 https://blocksec.com/blog/meta-suites-5-0-extends-full-support-to-solana-scans
MetaSuites 是一个免费且开源的区块链浏览器扩展，显著提升了区块链交易分析的用户体验。它现在完全支持主要的 Solana 扫描工具，包括 Solana Explorer、Solscan 和 SolanaFM。用户可以查看资金流动图或在查看交易时添加本地标签。@MetaDockTeam

期待看到 Solana 的繁荣发展，BlockSec 将继续致力于其发展。未来正在到来，而 Solana 正在引领潮流。🎉
#Solana #Breakpoint #BlockSec #Web3

Token 2049 无与伦比的热闹！🔥 BlockSec在 @token2049 感受区块链的精彩！
👀 欢迎在新加坡与BlockSec相聚！
#Token2049 #新加坡 #BlockSec

BlockSec助力数码港元新势能

随着港府对加密行业的支持不断增强，各大机构致力于提供创新解决方案，积极推动数码港元的发展，助力香港成为全球Web3中心。

2024年京东集团旗下京东币链科技（香港），圆币创新科技，以及联合申请的渣打银行（香港）、安拟集团（Animoca Brands）、香港电讯（HKT）5家公司作为首批在金管局的沙盒框架下发行稳定币的实体，对各自专有的港元稳定币进行多种用例测试。

在此契机下，BlockSec作为一家兼具强大区块链安全行业和顶尖安全学术背景的公司，期待为香港Web3生态的整体提升贡献力量。助力香港成为全球首个允许银行发行稳定币的地区，帮助企业和用户更安全地进入加密货币市场，见证这一里程碑时刻。

此次，BlockSec CEO周亚金教授将于2024年9月4日-9月6日，分别在香港理工大学、AIFT人工智能金融科技实验室、香港中文大学针对稳定币的内容研究为大家带来脱水干货。👨🏻‍💻

🔥 DeFi Security Landscape 🔥

Got a vendor/product that should be on our radar? Drop it in the comments!

@OpenZeppelin @chain_security @SpearbitDAO @osec_io @sigp_io @zellic_io @HalbornSecurit @ABDKconsulting @CertiK @MixBytes @ConsensysAudits @SlowMist_Team @dedaub @trailofbits @peckshield @Quantstamp @hackenclub @code4rena @sherlockdefi @cantinaxyz @secure3io @CertoraInc @verilog_audit @NethermindEth @rv_inc @verilog_audit @HardhatHQ @TenderlyApp @Hacker0x01 @immunefi @Phalcon_xyz @Cyvers_ @hexagate_ @HypernativeLabs @FortaNetwork @OpenZeppelin @MetaSleuth @ArkhamIntel @MistTrack_io @trmlabs @elliptic @TheSecureum @RektHQ @RugDocIO @DeFiHackLabs @SoloditOfficial

#DeFiSecurity #BlockchainSecurity #ProtocolSecurity #AttackPrevention #CodeAuditing

A phishing transaction profited more than 54M Dai! The attacker lures the victim into signing a TX to change the vault owner and then executes a TX to drain the vault!

Be cautious when signing a transaction.

https://app.blocksec.com/explorer/tx/eth/0xf70042bf3ae7c22f0680f8afa078c38989ed475dfbe5c8d8f30a50d4d2f45dc4

In our latest talk at @BlackHatEvents, Prof. Yajin Zhou @yajinzhou shares how to reuse opcode trace to prevent smart contract exploits, a technique that has already rescued over $20 million and been productized into our Phalcon @Phalcon_xyz.

#BlackHat2024 #BlockchainSecurity

BlockSec Awaits You at Black Hat USA 2024!

The #BlockSec team is excited to attend Black Hat @BlackHatEvents and thrilled to join top security experts in LAS VEGAS, sharing groundbreaking security research and tech innovations. Our CEO, Prof. Yajin Zhou @yajinzhou, will share blockchain security insights.

🎙️ "Use Your Spell Against You: Threat Prevention of Smart Contract Exploit By Reusing Opcode Trace"
🗓️ August 8, 2024, 14:30-15:00
📍 Mandalay Bay H, Level 2
🔗https://t.co/U5gB1vWNEI

The core technical capabilities mentioned have saved over $20 million in losses through more than 20 white hat rescues by BlockSec. This technology has been productized into a standard SaaS platform, Phalcon @Phalcon_xyz.

#BlockSec #BlackHat #Blockchain

Catch Up with BlockSec at SBC '24!

The #BlockSec team is excited to attend the Science of Blockchain Conference 2024 (#SBC24) co-hosted by @initc3org, @CBRStanford, and @BerkeleyRDI at Columbia University @Columbia 📚🌐

This is where the BRIGHTEST minds in the field come together. Meet us at this premier event, and let's dive deep into the latest technical innovations in the blockchain ecosystem.

A warm welcome! 🤝
Info Here🔗 https://t.co/LXCmfPx61f

#BlockSec #SBC24 #Blockchain

🚀 We're thrilled to announce that BlockSec has completed the security audit for Neo X, an EVM-compatible and MEV-resistant sidechain of @Neo_Blockchain!

https://t.co/dFZfkxTiOj

Our thorough audit establishes a strong first line of defense for the Neo X ecosystem. Learn more in the full article 👇🏻

#BlockchainSecurity #NeoX #Audit

Thrilled to announce that Phalcon now supports Mantle Network @0xMantle, providing unbreakable post-launch security for Mantle Ecosystem. Say goodbye to hacks! 🚀🚀🚀
https://t.co/gJRrFNc9jH

Protocols and LPs on Mantle Network, discover how the collab will secure your contracts and funds 👇
#BlockchainSecurity #MantleNetwork #Phalcon

Pick up ur gifts at 625 boost! 😎
#BlockSec #Bitcoin2024 #Nashvilllle

BlockSec is heading to Bitcoin2024 Nashville! 🎉

We're thrilled to announce that BlockSec will be showcasing at the world's largest Bitcoin event, #Bitcoin2024 Nashville, from July 25 to 27. Join us at Booth 625 with @exSatNetwork for great conversations, networking opportunities, and exclusive swag gifts!

Let's power the future of #Bitcoin, together!

BlockSec is heading to Bitcoin2024 Nashville! 🎉

We're thrilled to announce that BlockSec will be showcasing at the world's largest Bitcoin event, #Bitcoin2024 Nashville, from July 25 to 27. Join us at Booth 625 with @exSatNetwork for great conversations, networking opportunities, and exclusive swag gifts!

Let's power the future of #Bitcoin, together!
#Bitcoin2024 #BlockSec #web3 #trump #bitcoin #BlockSec

GM, even at the weekend cannot stop learning Web3 security right? We have a dashboard for every security incident, including tx hash, loss, PoC, and other related information.

https://app.blocksec.com/explorer/security-incidents

Happy learning.

Anyone can help connect @WazirXIndia, something suspicious happened.

https://app.blocksec.com/explorer/tx/eth/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185d

👏We're thrilled to announce our partnership with @Pumpbtcxyz!

💡BlockSec is committed to advancing the #BTC ecosystem with top-tier audits, ensuring robust and secure blockchain solutions. This partnership highlights our dedication to the highest standards of safety, trust, and transparency.

🔗Check out more details about the audit report:

https://t.co/11CSNFF6Mw

#BlockchainSecurity #Audit #BlockSec #PumpBTC

Here at #EthCC, we introduced how our lightweight architecture addresses the enormous storage requirements and poor performance suffered by current Ethereum clients.

1/ This architecture is backed by our paper published in the proceedings of the USENIX ATC 2024, read more at https://t.co/2p23LkClFU.

Our prototype system SLIMARCHIVE speeds up transaction execution by an average of 1112.5×, compared to vanilla Geth. 🧵

#Ethereum #BlockchainTech #Research