Connect with us

Security and Privacy

Everything you need to know about Smart Contracts’ Security Audits

mm

Published

on

Everything you need to know about Smart Contracts’ Security Audits

A smart contract security audit is an everyday activity that crypto projects focus on achieving before launching their products to the public. Smart contracts control the functioning of decentralized finance and NFT platforms. They need to be audited before they are made public to spot loopholes, bugs, and vulnerabilities that hackers can exploit. 

If a smart contract is exploited, it could lead to the platform losing funds. There are cases of smart contract exploitations where people lose millions of dollars to hackers. Transactions on the blockchain are final, and once they are done, they can’t be reversed. This is why smart contract audits are necessary.  

The job of smart contract auditors is to analyze the code, look for bugs, and create reports with feedback on what needs to be changed. 

Usually, a smart contract audit occurs in different stages. 

  • Smart contracts must be submitted to the audit team like Certik or PeckShield to be audited. The third-party audit team analyzes the code for issues. This is usually the initial analysis process. 
  • Once the analysis is done, the audit team then submits the first findings that they found to the team behind the project. 
  • Based on the initial findings, the team behind the project tries to make amends to their smart contract code.
  • The audit company then analyzes the code for the second time to see if their suggestions had to be followed. After that, they give their reports. 

Smart contract audits are done to improve the functionality of the platform. With the number of attacks that crypto platforms face, the codes must be analyzed for bugs to prevent the loss of money. An attack also reduces the brand image of a crypto platform. 

Rose Nnamdi Author
Crypto Writer

Rose Nnamdi is a crypto content writer that loves drafting content on cryptocurrencies and innovative platforms building on blockchain technology.

follow me

News

Here’s Why P2E Gaming Hacks Could Be the Next Major Security Issue in the Crypto Space

mm

Published

on

VOC, Voice of Crypto P2E Gaming

Play-to-earn (P2E) crypto games are unfolding as one of the popular blockchain applications. They would likely increase susceptibility to threats like scams and money laundering, especially when this situation of crypto winter melts.

There is no denying that recently, the P2E crypto tokens have crumbled in value just like several other aspects of the crypto ecosystem. However, the financial regulators must pay attention to P2E crypto (GameFi) because this gives us a brief idea about the several types of financial crime complexities.  

A cyber security auditing firm stated that the GameFi projects are working with their major focus on profits, amidst which they are neglecting the security aspect. This is posing a great risk to these GameFi projects and their gamers.

Hacken’s View on P2E Crypto Projects

In a report shared with Cointelegraph, Hacken, the cybersecurity auditor, mentioned that according to the data, the GameFi projects that cover the ambit of P2E games; pay more attention to profit than security. They often release products without adhering to adequate precautionary measures against hackers. 

In addition to crypto, P2E games often include NFTs in their ecosystems. Some of the largest projects like Axie Infinity (AXS) and StepN (GMT) tend to use several products crafted to enrich the gaming experience. These include token bridges, blockchain networks, or physical merchandise.

Based on the data crypto security ranking service CER.live., the Hacken researchers observed severe inadequacy, specifically in GameFi cybersecurity. As per the data, out of the 31 GameFi tokens that were considered, not a single one received the top security ranking AAA. Additionally, 16 received D, the worst score on the board. 

Details of the Report

The report ranked each project based on several cybersecurity aspects. For instance, in the case of token audits, the report considered aspects like the presence of bug bounty and insurance and if the team is public. The report states that these GameFi projects scored low precisely because of the lack of insurance coverage.

Dan Thomson, the chief marketing officer of InsurAce, a crypto insurance firm, partially confirmed it. Plus, only two projects, namely Axie Infinity and Aavegotchi, have bug bounties that provide monetary compensation to white hat hackers if they find bugs in the project’s code. 

Moreover, while 14 projects have received a token audit, merely 5 have undergone a platform audit that could perceive potential security holes in the ecosystem of the project. Those five projects are Aavegotchi, The Sandbox, Radio Caca, Alien Worlds, and DeFi Kingdoms.

According to the report, the Ronin token bridge of Axie Infinity positioned for one of the largest hacks of the crypto industry which cost a loss of $600 million in tokens. The token bridges like this are a vulnerability for P2E games.

mm

Samvida is a versatile writer/editor passionate about reaching out to people of different precincts by using words as an effective means. She’s a law graduate residing in Bihar, India. She holds a curious persona, often delving into worlds of astrophysics, technology, crypto, law, and international relations.

follow me

Continue Reading

Quicktake

Solana Wallets Targeted in a New Multimillion Dollar Hack

mm

Published

on

VOC, Voice of Crypto, Solana, SOL

The recent hack of Solana’s hot wallets has seen $8 million drained, with more funds likely to be stolen as the hack is still ongoing.

The latest crypto hack has caused panic among users as reports come in about lost funds, with some warning anyone still storing money on Solana-based hot wallets such as Phantom and Slope to move their cryptocurrency over to cold wallets immediately.

Blockchain investigator PeckShield said the widespread hack is likely due to a “supply chain issue” that has been exploited to steal user private keys behind affected wallets. The estimated loss so far is around $8 million.

Phantom, a Solana-based wallet provider, comments that they are working with other teams to get to the bottom of this issue. However, it does not seem like a Phantom-specific problem at this time as other providers like Slope and non-fungible token (NFT) marketplace Magic Eden have reported similar problems and issues.

The developers of Magic Eden have confirmed that there is a widespread exploit involving SOL coins. They call users to revoke permission from suspicious links in their Phantom wallets.

In addition, Slope has also announced that they are working with Solana Labs and other protocols based on their platform to pinpoint the issue, though there have been “no major breakthroughs yet.”

 

 

 

 

 

Crypto Writer

Adekunle Joshua is a cryptocurrency writer. He has a deep understanding of the technology and how it can be used to improve the world. James is a strong advocate for using cryptocurrency to make the world a better place. He wants to help people understand the technology and use it to improve their lives.

Continue Reading

Quicktake

SEC Unveils a $300 Million Crypto Pyramid Scheme

mm

Published

on

VOC, Voice of Crypto, Ponzi scheme

According to a filing with the U.S. District Court, the SEC alleges that the founders of the Forsage platform have used a “fraud pyramid and multi-level Ponzi scheme” to raise funds (over $300 million) from retail investors across the globe.

Forsage bills itself as a blockchain for retail investors to trade on Ethereum, Tron, and Binance. 

The SEC has charged the company with running an extensive Ponzi scheme for over two years. Their recruiter takes advantage of investors by recruiting more people and then taking money from them to pay off the initial group.

Carolyn Welshhans, chief of the SEC’s Crypto Assets and Cyber Unit, said:

“Scammers cannot circumvent federal securities laws by shadowing their schemes in smart contracts and blockchain.”

Four of the 11 individuals charged were the founders of Forsage, namely Vladimir Okhotnikov, Jane Doe aka Lola Ferrari, Mikhail Sergeev, and Sergey Maslakov. The SEC’s complaint also included seven promoters, three of which were in a U.S.-based promotional group called the “Crypto Crusaders.”

All 11 individuals are charged with violating “Unregistered Offers and Sales of Securities” under Section 5 A & C and “Fraud” under Section 17(a) (1 & 3) of the U.S. Securities Act. In addition, the defendants have also been charged with “Fraud” under Section 10 B-C of the U.S. Exchange Act.

 

 

 

Crypto Writer

Adekunle Joshua is a cryptocurrency writer. He has a deep understanding of the technology and how it can be used to improve the world. James is a strong advocate for using cryptocurrency to make the world a better place. He wants to help people understand the technology and use it to improve their lives.

Continue Reading

News

NFT Platform OMNI Hit By Re-entrancy Attack, Hacker Drain $1.4M worth of ETH

mm

Published

on

VOC, Voice of Crypto, NFT, OMNI

OMNI – an NFT financialization protocol has fallen victim to a re-entrancy exploit, losing over 1,300 ETH, worth $1.4 million. It offers lending and borrowing services. Users can lend NFTs and other ERC-20 tokens to earn interest. In addition, these tokens can also be used as collateral for borrowing assets.

What is Re-entrancy?

Reportedly, the hacker exploited a reentrancy vulnerability in the Omni protocol. Re-entrancy is a type of vulnerability in projects coded with Solidity. It enables a rogue actor to push its smart contract to make an external call to an untrusted contract.

This external call is executed before the original function and can thus be used to re-enter the protocol to compromise its liquidity repeatedly.

OMNI Protocol Temporarily Suspended

The development team has temporarily suspended the protocol and is investigating the exact cause of the attack. Moreover, as the protocol is still in its beta phase, no customer funds were stolen,  just the internal testing funds were affected. 

How was the OMNI platform exploited?

According to the Crypto security firm BlockSec, the attack was “due to the old-school reentrancy of onERC721Received.” It also highlighted that the attacker used NFTs from a collection called Doodles to borrow ETH.

The attacker then exploited the reentrancy vulnerability by withdrawing all but keeping one of the NFTs deposited as collateral. This action activated a malicious callback function to the benefit of the attacker.

This function allowed the hacker to utilize the borrowed funds to purchase more Doodles before liquidating the loan.

The Doodle NFT used as collateral is returned to the attacker following the liquidation. This loan position is liquidated because the value of the collateral NFT is not sufficient to cover the debt position.

This is where the reentrancy comes into the picture, as the attacker can force through using the borrowed ETH to buy more NFTs before the liquidation occurs. The Omni protocol failed to recognize this new debt position, so the attacker could easily withdraw the NFTs without any re-payment.

As per Etherscan, the exploiter laundered the funds via Tornado Cash, a coin mixing service for private transactions on the Ethereum blockchain.

It seems that the DeFi and NFT space is constantly being plagued with such attacks, with bad actors making hundreds of millions of dollars. Recently, NFT lending pool XCarnival lost nearly $4 million in an exploit, though the hacker accepted a 1,500 ETH bounty.

One of the most prominent hacks was the Ronin Bridge, where attackers stole over $600 million. There are many speculations that North Korean hackers were behind this incident. Moreover, June Sales Of NFT stoop to a one-year low amid the ongoing Crypto Bear Market

mm
Krutika Adani Author

Krutika is an experienced Crypto News writer and Technical analyst. With over 3 years of extensive crypto knowledge, she has written on various subjects, including Price analysis, Whitepapers, Metaverse, and other crypto-related topics.

follow me

Continue Reading

Security and Privacy

The Most Common NFT Scams and How to Steer Clear of Them

mm

Published

on

VOC, Voice of Crypto, FBI, Scam Alert

NFT scams are undoubtedly very common now. Especially now that the adoption of cryptocurrencies and other blockchain-based assets is at an all-time high. This popularization of NFTs or non-fungible tokens became widespread in 2021, following the explosion of general cryptocurrency prices after the covid-19 pandemic.

This isn’t very surprising. Everyone has begun to see the real-world application of NFTs as digitized representations of real-world objects. Anyone can now create and mint NFTs representing ownership of a house, a piece of art, and many other real-world objects.

As an inevitable result of this explosion of NFT popularity, however, the number of related scams has grown exponentially as well. Many people have been scammed out of billions of dollars over the last year.

In this article, we examine seven of the most popular NFT scams. After reading, you may see a pattern, and learn how to identify future scams and how to avoid them before they happen.

Some Well Known NFT Scams

The FTC (Federal Trade Commission) estimates that Americans have lost over a billion dollars to crypto-related scams. These scams are so prominent, due to the unregulated and decentralized nature of cryptocurrencies and NFTs.

Lost crypto and NFTs are untraceable and unrecoverable. The perpetrators of these scams know this as well as anyone. It is a lot easier for them to rest easy, knowing that they may never be caught.

In 2021, there were an estimated 280,000 buyers and sellers of NFTs. Many of these buyers and sellers were newbies, looking to get in on the action after hearing some of the hype around NFTs. Many of them learned things the hard way.

Here are some scams that show the unsuspecting how risky the cryptocurrency market can be 

  • NFT Pump and Dumps:

In pump and dump schemes, the creators of these projects keep a large amount of these scam NFTs or cryptocurrencies for themselves. They then proceed to ‘hype-up’ the low-value assets, encouraging people to invest and drive the prices up.

When prices reach a certain level, the scam orchestrators sell their holdings, crashing the prices and leaving their investors holding an empty bag.

These scammers may sell slowly or sell all at once, giving their investors no time to react.

  • Counterfeit NFTs

Artists and creators have always had to struggle with their work being stolen or plagiarized. And so far, the same is starting to happen in the world of NFTs.

It is surprisingly easy to convert any regular picture into an NFT. Sometimes, these pictures can include replicas of already valuable NFTs. In scams like these, anyone could make a copy of an asset worth millions, mint them and market the counterfeit as an original.

  • Phishing

Phishing scams are easy to fall for. Falling victim to a phishing scam can be as easy as clicking a malicious link on a fake advert. Popular places these scams happen include discord, telegram and Twitter. Newcomers to the NFT market are one of the most common victims of these scams. 

  • Impersonation

Celebrity endorsements are common in the NFT market. The Bored Ape Yacht Club, for example, has Steph Curry, Tom Brady and Madonna as well-known holders. Scammers can impersonate any of these people and convince investors to buy some scam NFTs.

  • Outbidding

Outbidding scams are more common than many realize. Outbidders buy a certain NFT and change the purchase currency, hoping to sell at a much higher price than they bought. An outbidder may purchase an NFT for $1, and change the purchase price to 1BTC.

  • Scam Contracts

On websites containing scam smart contracts, purchased NFTs promptly disappear, or turn out to be something else after they are purchased. This is because the contracts on the scam websites are different from the contracts linked to the original NFT. So buying from a scam website may deposit the wrong NFT or nothing at all in your wallet.

  • Customer Support Scam

In this category, the scammers pretend to be customer support personnel for exchanges and marketplaces. They pretend to be trying to help and ask the unsuspecting to send them sensitive wallet details like their seed phrase.

Many fall for this and end up regretting it.

How to Avoid These Scams

  • Do your research before buying any NFTs
  • Marketplaces like Opensea have blue badges and other identifiers for their verified users. You should be wary of accounts with no evidence of verification.
  • Keep your information private, and never give out your seed phrase
  • Doublecheck the purchase currency before making payment, to avoid outbidding scams
  • Be alert, and never part with money you can’t afford to lose

 

 

 

Crypto Writer

Adekunle Joshua is a cryptocurrency writer. He has a deep understanding of the technology and how it can be used to improve the world. James is a strong advocate for using cryptocurrency to make the world a better place. He wants to help people understand the technology and use it to improve their lives.

Continue Reading

News

Polygon, Fantom and Major Blockchains Hit With Network Attack

mm

Published

on

VOC, Voice of Crypto, Polygon, Fantom

Hackers aimed at one of blockchain’s most innovative companies this week, targeting services provided to Polygon and Fantom. Blockchain infrastructure company Ankr on Friday shared this information.

Anker announced on Twitter that their team is currently investigating their Polygon and Fantom Foundation Remote Procedure Calls (RPC). In the meantime, they have provided alternate options for those who need them.

The RPC is a software communication program used to exchange information across different networks.

Polygon Under Attack

The chief information security officer of 0xPolygon, Mudit Gupta, revealed on Twitter that the company’s gateway for Polygons (polygon-rpc.com) and Fantoms (rpc.ftm.tools) were compromised due to a DNS hijack. He also stressed that his company has no control over services provided by others.

Fantom has asked its users not to use the compromised RPC, which could allow hackers access to your system.

Gupta has been working with Ankr and suggested using Alchemy RPCs until they resolve this issue. He also said that Polygons’ team is hard at work creating their own remote procedure call (RPC) to ensure more reliability.

Whereas Ambire Wallet has revealed that the Polygon and Fantom networks are unavailable on their wallets. QuickSwap DEX has also requested that users not use the compromised networks until they have more information.

A Phishing Attack

When the users of the compromised RPC log onto their accounts, they see an error message asking them to send all funds to polygonapp[.]net. The scam transfers the users to a different page to put their seed. 

It is still unclear what kind of damage was caused by this new attack. However, an attack vector targeting RPC endpoints is the latest addition to the long list of security vulnerabilities. This means that Web3 companies need a thorough understanding and rigorous defense strategy for their platform, or else it could be compromised in seconds.

It seems like crypto hacks are becoming more and more common. Just this past month, Harmony- a decentralized exchange, was hacked for over $100 million dollars.

With these high-profile hacks, it’s clear that the security of blockchain technology remains a concern for many. For example, the Bored Ape and Otherside NFT projects’ discord were compromised, while Ethereum-based DeFi platform Inverse Finance lost $1.2 million to an exploit. 

 

Jim Haastrup Author
Crypto Writer

Jim Haastrup is a freelance blockchain and metaverse writer. He helps founders, investors, startups, crypto, and blockchain enthusiasts connect with their audience and win investment through the written word.

follow me

Continue Reading

Trending