Introduction:

There is no doubt that 0day vulnerabilities are destructive to traditional network security. However, in the current Web3 field, traditional network security vulnerabilities have not received enough attention.

There are two reasons for this. First, the Web3 industry is in its infancy, and technical personnel and security facilities are in the process of exploration and improvement. Second, network security-related regulations have forced Web2 companies to focus on their own security construction to minimize the possibility of security incidents.

These reasons have led the current Web3 field to pay more attention to on-chain security and the security of the blockchain ecosystem itself, and lack sufficient awareness of lower-level vulnerabilities, such as system-level vulnerabilities, browser vulnerabilities, mobile security, hardware security and other fields (hereinafter referred to as Web2 0day vulnerabilities in traditional network security).

How can a fragile underlying security paradigm support the Web3 ecosystem? Web2 is the infrastructure of Web3

It cannot be ignored that Web3 is built on the infrastructure of Web2. If there is a security vulnerability in the Web2 foundation, it will be the end of the Web3 ecosystem and will pose a great threat to the security of user assets.

For example, browser vulnerabilities and mobile vulnerabilities (iOS/Android) can steal user assets without the user being aware of the vulnerability.

How hackers steal your personal digital assets through Chrome 0day (icons are for illustration only)

Here are some real cases of using Web2 0day or vulnerabilities to steal digital assets:

1.Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug

https://www.bleepingcomputer.com/news/security/hackers-steal-crypto-from-bitcoin-atms-by-exploiting-zero-day-bug/

2.North Korean hackers exploited Chrome zero-day for 6 week

https://www.techtarget.com/searchsecurity/news/252515092/North-Korean-hackers-exploited-Chrome-zero-day-bug-for-six-weeks

3.Microsoft Word Vulnerability Could Steal Your Cryptocurrencies

https://thenationview.com/cryptocurrency/43279.html

4.Report: Android Vulnerability Allows Hackers to Steal Crypto Wallet Info

https://cointelegraph.com/news/report-android-vulnerability-allows-hackers-to-steal-crypto-wallet-info

From the above cases, we can see that the harm of Web2 vulnerabilities to digital assets is real, and the harm and impact are also very large.

Web2 vulnerabilities can not only affect personal assets, but also pose serious threats to exchanges, asset custody companies, and the mining industry.

Why Numen studies underlying security

As we can see from the previous article, Web2 currently has a huge influence on Web3. Without the underlying security of Web2, there will be no security in the Web3 field.

The Numen team happens to be composed of top security experts from around the world, with technical capabilities that cover the entire Web2+Web3 ecosystem. The Numen team has discovered high-risk Web2 vulnerabilities in Microsoft, Google, and Apple products, as well as security vulnerabilities in well-known Web3 ecosystems such as Aptos, Sui, EoS, Ripple, and Tron.

In addition, Numen believes that security measures in the Web3 field are not sufficient through single code audits and other methods. The Web3 field needs more security facilities, such as real-time detection and response to malicious transactions.

Security technology is a serious matter that directly concerns user assets. Security research capabilities also reflect the level of a security company. This is why Numen has been conducting Web2 vulnerability research since its inception, because "if you don't know the attack, how can you know the defense?"

https://www.leiphone.com/category/gbsecurity/CT5us5IC3Fpdu4SX.html

Here are the technical details of some of the security vulnerabilities discovered by Numen:

1. "Analysis and PoC of HTTP Privilege Escalation Vulnerability CVE-2023-23410"

2. "Analysis and PoC of DHCP Service Remote Code Execution Vulnerability CVE-2023-28231"

3. "Exclusive disclosure of bypassing Chrome v8 HardenProtect by leaking Sentinel Value"

4. "Javaweb framework ZK CVE-2022-36537 vulnerability analysis with exploit"

5.《From Leak TheHole to Chrome Render RCE》

6. "0day vulnerability: Analysis of the latest UAF code execution vulnerability in Chromium v8 engine"

Numen will continue to adhere to and expand its research on underlying security technologies, and with an inclusive attitude, welcomes communication and exchanges with friendly peers and technical colleagues. Web3 institutions, exchanges, and wallet manufacturers are welcome to communicate and cooperate with us to make the Web3 field more secure.

END