We have released our dataset on Web3 phishing website detection, containing 26,333 phishing URLs. Feel free to use the dataset for further research and development of better anti-phishing solutions.

https://github.com/blocksecteam/TxPhishScope

.@OnyxDAO was attacked, resulting in a loss of nearly $4M. The root cause was unverified user input during the liquidation process. Specifically, key parameters of the liquidateWithSingleRepay function in the NFTLiquidation contract were controllable by the attacker, allowing manipulation of the extraRepayAmount variable through the repayAmount parameter. By exploiting this, the attacker was able to liquidate all collateral with just one token.

The key attack steps are summarized as follows:
1. The attacker first deposited oETH and borrowed various assets to reach the liquidation threshold. Simultaneously, they created a new contract that, through a donation attack and precision loss (inherent from the Compound V2 fork), reduced the oETH exchange rate, making the attacker's position eligible for liquidation.
2. The attacker then performed the liquidation. Due to insufficient parameter validation, the attacker manipulated the extraRepayAmount variable, which was added to the calculation of how many tokens needed to be liquidated. This allowed the attacker to obtain more oETH through liquidation, leading to a profit.

Attack Tx:

Address poisoning is on BTC now. The following is one concrete case. The phishing address (address 1) is disguising address 2 to send a small amount of BTC to address 3. Since addresses 2 and 3 have historic transactions, the attacker hopes to trick the owner into copying the wrong address.

Great to see so many dedicated projects on Solana Breakpoint 👏 @SolanaConf. They are building on Solana with incredible innovation and passion. BlockSec actively contributes to the Solana ecosystem by enhancing security and supporting project success. As the ecosystem continues to expand, we provide efficient and powerful on-chain support tools. @solana @SolanaFndn

👉 https://blocksec.com/blog/phalcon-explorer-now-fully-supports-solana
Phalcon Explorer is a powerful transaction explorer designed for the DeFi community, now fully supports Solana! Compared with other Solana explorers, Phalcon Explorer helps ordinary users easily understand Solana transactions and helps developers clearly and comprehensively understand function call relationships. @Phalcon_xyz

👉 https://blocksec.com/blog/best-solana-transaction-visualization-tool
MetaSleuth is a crypto tracing and investigation platform that provides real-time tracing of Solana funding transactions. Users can quickly and easily view the flow of funds on Solana and make informed analysis and decisions. @MetaSleuth

👉 https://blocksec.com/blog/meta-suites-5-0-extends-full-support-to-solana-scans
MetaSuites is a free and open source blockchain browser extension that significantly improves the user experience of blockchain transaction analysis. It now fully supports major Solana scanning tools, including Solana Explorer, Solscan, and SolanaFM. Users can view fund flow graphs or add local tags when viewing transactions. @MetaDockTeam

Looking forward to watching Solana flourish, BlockSec will continue to be committed to its development. The future is coming, and Solana is leading the way. 🎉#Solana#Breakpoint#BlockSec#Web3

Token 2049 is so exciting! 🔥 BlockSec is at @token2049, let’s experience the excitement of blockchain!
👀 Welcome to meet BlockSec in Singapore!#Token2049#Singapore #BlockSec

BlockSec helps digital Hong Kong dollar to gain new momentum

As the Hong Kong government's support for the crypto industry continues to increase, major institutions are committed to providing innovative solutions, actively promoting the development of digital Hong Kong dollars, and helping Hong Kong become a global Web3 center.

In 2024, JD Group's JD Coin Chain Technology (Hong Kong), Yuanbi Innovation Technology, and the five companies that jointly applied for Standard Chartered Bank (Hong Kong), Animoca Brands, and Hong Kong Telecom (HKT) will be the first entities to issue stablecoins under the HKMA's sandbox framework, and conduct multiple use case tests on their respective proprietary Hong Kong dollar stablecoins.

Taking this opportunity, BlockSec, as a company with both a strong blockchain security industry and top security academic background, looks forward to contributing to the overall improvement of Hong Kong's Web3 ecosystem. Help Hong Kong become the first region in the world to allow banks to issue stablecoins, help enterprises and users enter the cryptocurrency market more safely, and witness this milestone moment.

This time, BlockSec CEO Professor Zhou Yajin will bring you dry goods on the content research of stablecoins at the Hong Kong Polytechnic University, AIFT Artificial Intelligence Financial Technology Laboratory, and the Chinese University of Hong Kong from September 4 to September 6, 2024. 👨🏻‍💻

🔥 DeFi Security Landscape 🔥

Got a vendor/product that should be on our radar? Drop it in the comments!

@OpenZeppelin @chain_security @SpearbitDAO @osec_io @sigp_io @zellic_io @HalbornSecurit @ABDKconsulting @CertiK @MixBytes @ConsensysAudits @SlowMist_Team @dedaub @trailofbits @peckshield @Quantstamp @hackenclub @code4rena @sherlockdefi @cantinaxyz @secure3io @CertoraInc @verilog_audit @NethermindEth @rv_inc @verilog_audit @HardhatHQ @TenderlyApp @Hacker0x01 @immunefi @Phalcon_xyz @Cyvers_ @hexagate_ @HypernativeLabs @FortaNetwork @OpenZeppelin @MetaSleuth @ArkhamIntel @MistTrack_io @trmlabs @elliptic @TheSecureum @RektHQ @RugDocIO @DeFiHackLabs @SoloditOfficial

#DeFiSecurity #BlockchainSecurity #ProtocolSecurity #AttackPrevention #CodeAuditing

A phishing transaction profited more than 54M Dai! The attacker lures the victim into signing a TX to change the vault owner and then executes a TX to drain the vault!

Be cautious when signing a transaction.

https://app.blocksec.com/explorer/tx/eth/0xf70042bf3ae7c22f0680f8afa078c38989ed475dfbe5c8d8f30a50d4d2f45dc4

In our latest talk at @BlackHatEvents, Prof. Yajin Zhou @yajinzhou shares how to reuse opcode trace to prevent smart contract exploits, a technique that has already rescued over $20 million and been productized into our Phalcon @Phalcon_xyz.

#BlackHat2024 #BlockchainSecurity

BlockSec Awaits You at Black Hat USA 2024!

The #BlockSec team is excited to attend Black Hat @BlackHatEvents and thrilled to join top security experts in LAS VEGAS, sharing groundbreaking security research and tech innovations. Our CEO, Prof. Yajin Zhou @yajinzhou, will share blockchain security insights.

🎙️ "Use Your Spell Against You: Threat Prevention of Smart Contract Exploit By Reusing Opcode Trace"
🗓️ August 8, 2024, 14:30-15:00
📍 Mandalay Bay H, Level 2
🔗https://t.co/U5gB1vWNEI

The core technical capabilities mentioned have saved over $20 million in losses through more than 20 white hat rescues by BlockSec. This technology has been productized into a standard SaaS platform, Phalcon @Phalcon_xyz.

#BlockSec #BlackHat #Blockchain

Catch Up with BlockSec at SBC '24!

The #BlockSec team is excited to attend the Science of Blockchain Conference 2024 (#SBC24) co-hosted by @initc3org, @CBRStanford, and @BerkeleyRDI at Columbia University @Columbia 📚🌐

This is where the BRIGHTEST minds in the field come together. Meet us at this premier event, and let's dive deep into the latest technical innovations in the blockchain ecosystem.

A warm welcome! 🤝
Info Here🔗 https://t.co/LXCmfPx61f

#BlockSec #SBC24 #Blockchain

🚀 We're thrilled to announce that BlockSec has completed the security audit for Neo X, an EVM-compatible and MEV-resistant sidechain of @Neo_Blockchain!

https://t.co/dFZfkxTiOj

Our thorough audit establishes a strong first line of defense for the Neo X ecosystem. Learn more in the full article 👇🏻

#BlockchainSecurity #NeoX #Audit

Thrilled to announce that Phalcon now supports Mantle Network @0xMantle, providing unbreakable post-launch security for Mantle Ecosystem. Say goodbye to hacks! 🚀🚀🚀
https://t.co/gJRrFNc9jH

Protocols and LPs on Mantle Network, discover how the collab will secure your contracts and funds 👇
#BlockchainSecurity #MantleNetwork #Phalcon

Pick up ur gifts at 625 boost! 😎
#BlockSec #Bitcoin2024 #Nashvilllle

BlockSec is heading to Bitcoin2024 Nashville! 🎉

We're thrilled to announce that BlockSec will be showcasing at the world's largest Bitcoin event, #Bitcoin2024 Nashville, from July 25 to 27. Join us at Booth 625 with @exSatNetwork for great conversations, networking opportunities, and exclusive swag gifts!

Let's power the future of #Bitcoin, together!

BlockSec is heading to Bitcoin2024 Nashville! 🎉

We're thrilled to announce that BlockSec will be showcasing at the world's largest Bitcoin event, #Bitcoin2024 Nashville, from July 25 to 27. Join us at Booth 625 with @exSatNetwork for great conversations, networking opportunities, and exclusive swag gifts!

Let's power the future of #Bitcoin, together!
#Bitcoin2024 #BlockSec #web3 #trump #bitcoin #BlockSec

GM, even at the weekend cannot stop learning Web3 security right? We have a dashboard for every security incident, including tx hash, loss, PoC, and other related information.

https://app.blocksec.com/explorer/security-incidents

Happy learning.

Anyone can help connect @WazirXIndia, something suspicious happened.

https://app.blocksec.com/explorer/tx/eth/0x48164d3adbab78c2cb9876f6e17f88e321097fcd14cadd57556866e4ef3e185d

👏We're thrilled to announce our partnership with @Pumpbtcxyz!

💡BlockSec is committed to advancing the #BTC ecosystem with top-tier audits, ensuring robust and secure blockchain solutions. This partnership highlights our dedication to the highest standards of safety, trust, and transparency.

🔗Check out more details about the audit report:

https://t.co/11CSNFF6Mw

#BlockchainSecurity #Audit #BlockSec #PumpBTC

Here at #EthCC, we introduced how our lightweight architecture addresses the enormous storage requirements and poor performance suffered by current Ethereum clients.

1/ This architecture is backed by our paper published in the proceedings of the USENIX ATC 2024, read more at https://t.co/2p23LkClFU.

Our prototype system SLIMARCHIVE speeds up transaction execution by an average of 1112.5×, compared to vanilla Geth. 🧵

#Ethereum #BlockchainTech #Research