漏洞
10,541 views
10 Discussing
Hot
Latest
See original
One article to learn about Ledger connector library vulnerabilities and their impact on users
A security flaw in the Ledger connector library has alarmed the crypto community and raised serious questions about basic security.
Earlier today, crypto hardware wallet maker Ledger confirmed that its Connector library had been compromised, with attackers replacing the real version with a malicious file. After the incident, multiple decentralized applications (dApps) faced potential exploits, and attackers successfully stole more than $500,000 from multiple wallets.
In this report, we will bring you the details of the incident, key events and its impact.
What happened
Earlier today, crypto hardware wallet maker Ledger confirmed that its Connector library had been compromised, with attackers replacing the real version with a malicious file. After the incident, multiple decentralized applications (dApps) faced potential exploits, and attackers successfully stole more than $500,000 from multiple wallets.
In this report, we will bring you the details of the incident, key events and its impact.
What happened
See original
Bitcoin Devs: Lightning developers must “wake up” and fix security holes instead of pleasing VCs
Antoine Riard, who left the Lightning Network in October, believes the Lightning Network is also at risk of becoming increasingly centralized and vulnerable to single points of failure and censorship risks.
Developers working on Bitcoin’s Layer 2 Lightning Network have become less focused on security and more focused on generating cash flow for investors, a former Lightning Network developer believes.
Bitcoin Core developer and security researcher Antoine Riard made headlines last month after leaving the Lightning ecosystem over concerns about a new attack vector called "replacement loops," which attackers could potentially exploit. Steal funds by targeting payment channels.
Developers working on Bitcoin’s Layer 2 Lightning Network have become less focused on security and more focused on generating cash flow for investors, a former Lightning Network developer believes.
Bitcoin Core developer and security researcher Antoine Riard made headlines last month after leaving the Lightning ecosystem over concerns about a new attack vector called "replacement loops," which attackers could potentially exploit. Steal funds by targeting payment channels.
See original
KyberSwap promises to cover user losses caused by recent vulnerability
KyberSwap has announced a grant program to mitigate losses caused by a $48 million liquidity pool hack.
KyberSwap announced on December 1 that it would provide grants to compensate users affected by recent vulnerabilities.
The decentralized exchange admitted that a recent attack drained $48.8 million of user funds from its elastic liquidity pool, a feature that allows users to stake cryptocurrencies to earn interest or generate yield.
KyberSwap explains:
“Our current plan is for the KyberSwap Treasury to provide each user who lost funds in the exploit and has not yet recovered a grant up to the dollar value of those funds at the time the funds were siphoned off. Each of them liquidity pool.”
KyberSwap announced on December 1 that it would provide grants to compensate users affected by recent vulnerabilities.
The decentralized exchange admitted that a recent attack drained $48.8 million of user funds from its elastic liquidity pool, a feature that allows users to stake cryptocurrencies to earn interest or generate yield.
KyberSwap explains:
“Our current plan is for the KyberSwap Treasury to provide each user who lost funds in the exploit and has not yet recovered a grant up to the dollar value of those funds at the time the funds were siphoned off. Each of them liquidity pool.”
See original
Telegram denies reported vulnerability in desktop app, confirms mobile app is not affected by security issue
Web3 security firm CertiK said the purpose of its social media posts was to raise awareness of the issue.
Telegram has denied claims that a vulnerability existed on its platform that could have exposed its users to attacks.
The situation regarding the vulnerability
Blockchain security firm CertiK said on April 9 that Telegram’s desktop application has a potential high-risk remote code execution (RCE) vulnerability. The company stated:
“A possible RCE was detected in the media handling of the Telegram desktop application. This issue puts users at risk of malicious attacks via specially crafted media files, such as images or videos.”
Telegram has denied claims that a vulnerability existed on its platform that could have exposed its users to attacks.
The situation regarding the vulnerability
Blockchain security firm CertiK said on April 9 that Telegram’s desktop application has a potential high-risk remote code execution (RCE) vulnerability. The company stated:
“A possible RCE was detected in the media handling of the Telegram desktop application. This issue puts users at risk of malicious attacks via specially crafted media files, such as images or videos.”
See original
👉Wallet Guard: It is recommended that users update their Chrome browser in time to fix new zero-day vulnerabilities
On December 21, Web3 security agency Wallet Guard issued an article stating that users are advised to promptly update Chrome browsers (including Brave, Opera and Edge) to fix the new zero-day vulnerability (CVE-2023-7024).
#漏洞
#100X社区
On December 21, Web3 security agency Wallet Guard issued an article stating that users are advised to promptly update Chrome browsers (including Brave, Opera and Edge) to fix the new zero-day vulnerability (CVE-2023-7024).
#漏洞
#100X社区