- A hacker, pretending to be a Forbes reporter, deceived a CertiK staff member, gaining unauthorized access to their Twitter account.
- Using the compromised account, the attackers promoted a fraudulent Revoke.cash website, aiming to siphon funds from Uniswap users via a deceptive link.
- CertiK swiftly regained control of their account in just 37 minutes, highlighting the crucial role of rapid incident response in cybersecurity.
- This incident is believed to be part of a larger scheme targeting Twitter accounts associated with the crypto sphere, indicating a coordinated and widespread attack.
- The attack underscores the surge in social engineering scams within the crypto community, posing risks to both individuals and organizations.

Absolutely, here's an alternative version in paragraphs:
The crypto market is an enticing target for various hacks and exploits, more susceptible than conventional financial markets. Security firms consistently release reports exposing these vulnerabilities, aiming to educate and safeguard the community against diverse attack methodologies.
However, when even a security firm falls victim to an attack, it's a stark reminder of the pervasive risks in the industry. This week saw such an incident unfold.
Blockchain security provider CertiK disclosed on January 5, 2024, that an imposter, posing as a Forbes reporter, infiltrated their X account (previously Twitter). Leveraging a compromised but verified Forbes-associated account, the attacker orchestrated a fake interview with a CertiK employee, gaining unauthorized access to the security firm's X account.
The intrusion escalated as the attacker utilized CertiK's platform to promote a deceitful Web3 app. Falsely claiming Uniswap's router had been compromised, the attacker directed users to renounce permissions via renounce.cash. This scam involved a phishing link redirecting users to a counterfeit Revoke.cash website, prompting them to connect their wallets, setting the stage for potential theft.
Swift action from CertiK ensued. Within minutes, their team initiated recovery measures, revoking the attacker's access and removing the fraudulent posts within 37 minutes. Support from Cyvers, another blockchain security platform, proved crucial in identifying and notifying CertiK about the phishing scam.
CertiK observed a surge in crypto-related X account attacks over recent weeks, signaling a potentially larger-scale assault. The attackers masquerade as high-profile journalists, arranging meetings via the Calendly app. However, these turn out to be fake, granting the scammer access to post on victims' X accounts.
The recent incidents involving CertiK and ZachXBT reflect a trend of social engineering and phishing attacks plaguing the crypto space in recent years. Notable past attacks, such as the compromise of Ethereum co-founder Vitalik Buterin's Twitter account in 2020 and the high-profile 2020 Twitter breach affecting prominent figures, underscore the persistent vulnerability and sophistication of such assaults.
While these incidents highlight ongoing threats, it's crucial for individuals to exercise vigilance and caution in navigating the dynamic landscape of cryptocurrencies due to their inherent volatility and associated risks.
#Certik #Crypto2024 #cryptocurrency #SocialHack

-CertiK discovered a major vulnerability in Aptos' Wormhole bridge, potentially leading to a $5 million hack.
-The bug stemmed from flaws in the MOVE programming language implementation, making it easy for hackers to steal funds.
-The Wormhole team patched the vulnerability within three hours and added safeguards to prevent future hacks.
-Wormhole has been exploited before, with a previous hack causing a $320 million loss in 2022.
Major Bug Caught in Wormhole Bridge, Preventing Potential Disaster
A blockchain security company recently averted a potential catastrophe by catching a significant bug in the Wormhole bridge on the Aptos network. This flaw, if discovered by malicious actors, could have led to a crash and thousands of devastated investors.
The $5 Million Threat
Had this vulnerability been found by the wrong person, Aptos investors could have faced unauthorized transfers totaling $5 million. This would have added to the growing list of hacks plaguing the crypto world in 2024.
The MOVE Programming Advantage
Aptos, a relatively new blockchain, is built on Facebook's Libra initiative and uses the MOVE programming language. MOVE is known for its advanced security features, offering more robust options for smart contract creation compared to Ethereum's Solidity.
The Critical Discovery
CertiK, the blockchain security firm, discovered that the vulnerability stemmed from errors in the 'public(friend)' and 'entry' modifiers in MOVE. These modifiers control access to functions and prevent unauthorized users from accessing them. However, they were found to be exposed to any caller, posing a significant risk.
Potential Consequences
This flaw could have allowed hackers to simulate token transfers between accounts without actually moving any tokens. This would have tricked the Ethereum-based parts of the Wormhole bridge into releasing actual tokens, enabling the attacker to drain funds.
Swift Response and Fix
CertiK reported the flaw to the Wormhole team, who immediately started working on a fix. In just three hours, the vulnerability was patched, and the protocol was tested to ensure security.
Enhanced Security Measures
Following the fix, the Wormhole team implemented additional safeguards, such as reducing the 'governor rate limits' to allow only $1 million in withdrawals per day. This measure ensures that in case of future hacks, the maximum potential loss is minimized to $1 million, making it easier to track down the hackers.
Ensuring User Safety
Wormhole confirmed that no user funds were lost and reiterated their commitment to keeping user assets safe. This incident recalls a similar event in February 2022, when a vulnerability between Ethereum and Solana smart contracts led to the theft of 120,000 wrapped Ether (wETH) tokens worth around $320 million at the time. In February 2023, Web3 firms Jump Crypto and Oasis.app managed to recover $225 million from the Wormhole protocol hacker.
Commitment to Security
The proactive efforts by Wormhole and CertiK highlight the importance of vigilance in the blockchain ecosystem. Their commitment to identifying and addressing flaws helps maintain trust and security in the rapidly evolving world of cryptocurrency.
---
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information but will not be responsible for any missing facts or inaccuracies. Cryptocurrencies are highly volatile financial assets, so conduct thorough research and make your own financial decisions.

#Aptos #Certik #Crypto2024 #cryptocurrency
$APT

Solana Labs dismisses CertiK's report alleging a "critical vulnerability" in the Saga phone, asserting its security parity with other Android devices.CertiK contends that it successfully implanted a root backdoor via custom firmware onto the Saga phone, raising security concerns.The Saga phone, operating on the Solana blockchain, debuted in April 2022 as an Android-based device.Despite its Solana association, the Saga phone faced market disappointment, prompting a 50% price reduction due to lackluster performance.

CertiK's Allegation and Saga Phone Vulnerability CertiK, a blockchain security firm, issued a report alleging a critical "bootloader unlock" vulnerability in Solana Labs' Saga phone, suggesting potential access to user private keys.
Understanding the Bootloader Unlock Attack The bootloader, initiating a device before the operating system, can be manipulated when unlocked, enabling the installation of custom software. CertiK claimed the Saga phone arrives with an unlocked bootloader, vulnerable to exploitation.
CertiK's Demo and Saga Phone Security CertiK's demonstration exhibited a custom firmware with a root backdoor, purportedly accessing user data and implying insecurity in storing cryptocurrencies on the Saga phone.
Solana Labs' Rebuttal and Security Claims Solana Labs promptly refuted CertiK's assertions, citing the responsibility of the device owner in unlocking the bootloader and installing custom firmware. They emphasized the security measures and user consent required, negating the claims made by CertiK.
The Saga Phone's Market Journey Launched amidst the 2022 bear market, the Saga phone aimed to provide a secure crypto experience but faced market challenges. Despite initial features like built-in wallets and decentralized identity protocols, market reception remained lukewarm.
Performance Amid Market Conditions The Saga phone's launch coincided with a crypto market downturn, leading to a substantial price reduction from $1,099 to $599 due to decreased interest in crypto during the bear market.
Disclaimer: Voice of Crypto endeavors for accuracy but does not take responsibility for any missing or inaccurate information. Cryptocurrencies are volatile assets; conduct thorough research before making financial decisions.

#solana #SOL #Certik #crypto2023
$SOL