π Pendle Confirms Funds Are Safe Amid Penpie Security Vulnerability
#Pendle #Penpie #SecurityVulnerability #FundsSafety #Blockchain #CryptoSecurity #PENDLE
According to BlockBeats, on September 4, Pendle's official statement confirmed that funds on the Pendle platform remain secure following a thorough investigation. However, a security vulnerability was identified in Penpie, an independent protocol built on top of Pendle. As a precautionary measure, Pendle has temporarily suspended all contract operations and is maintaining close communication with the Penpie team to assist in resolving the issue promptly.#Pendle #Penpie #SecurityVulnerability #FundsSafety #Blockchain #CryptoSecurity #PENDLE
π Bedrock Identifies Security Vulnerability Involving UniBTC
#Bedrock #SecurityVulnerability #uniBTC #MultiChain #Liquidity #ReStaking #Blockchain #CryptoSecurity #DEX #AssetsProtection #CryptoNews #Audit
According to BlockBeats, on September 27, multi-chain liquidity re-staking protocol Bedrock announced via its Telegram channel that the team has identified a security vulnerability involving uniBTC. In response, the team has paused the contract to protect users and their assets. The team assured that the BTC in the custodial wallet is secure. The total estimated loss due to the breach is approximately $2 million.
Additionally, the team stated that they are actively coordinating with decentralized exchanges (DEX), security audit teams, and partner projects to revoke permissions. For permissions that cannot be revoked, the corresponding wallet addresses will be blacklisted.#Bedrock #SecurityVulnerability #uniBTC #MultiChain #Liquidity #ReStaking #Blockchain #CryptoSecurity #DEX #AssetsProtection #CryptoNews #Audit
π Tangem Addresses Security Vulnerability in Mobile App
#Tangem #Cryptocurrency #SecurityVulnerability #MobileApp #PrivateKeys #UserSafety #Reddit #BugFix #CryptoCommunity #SeedPhrase #DataProtection #AppUpdate
According to Cointelegraph, cryptocurrency wallet provider Tangem has resolved a significant security flaw in its mobile application that exposed certain users' private keys via email. This action followed repeated alerts from Reddit users who highlighted the risk to investors' funds due to the exposure of private keys to email accounts and Tangem employees.
The issue gained attention on December 29 when a Reddit discussion accused Tangem of misappropriating private keys through emails. A Reddit user, u/areklanga, criticized Tangem for not responding adequately when the problem was initially reported. The user claimed that private keys were stored in user email histories, Tangem's email records, and possibly in Tangem's ticket tracking system, making them accessible to Tangem employees. They also noted that an earlier Reddit post about the glitch was inexplicably removed.
On December 30, Tangem acknowledged the problem, attributing it to a bug in the mobile app's log processing, which has since been "fully resolved." The company explained that the issue occurred when creating a wallet with a seed phrase, where the private key was mistakenly logged in the application's logs. These logs could be accessed during interactions with Tangem's support team. Tangem confirmed that all logs and attachments sent to its support team have been permanently deleted to ensure no residual data remains.
Tangem stated that the bug affected a small group of users, specifically those who generated a seed phrase and immediately submitted a support request through the app. The company is proactively reaching out to these users for caution and support. Despite the update on December 30 to prevent further leaks, members of the crypto community criticized Tangem's subdued response. As of December 31, Tangem had not made any official announcements on its social media channels, including Twitter, Discord, or Telegram. However, all Tangem users are advised to update their mobile applications promptly to prevent seed phrase leaks.#Tangem #Cryptocurrency #SecurityVulnerability #MobileApp #PrivateKeys #UserSafety #Reddit #BugFix #CryptoCommunity #SeedPhrase #DataProtection #AppUpdate
π WebKeyDao Suffers $73,000 Loss in Hacker Attack
#WebKeyDao #HackerAttack #CryptoLoss #Web3 #DecentralizedExchange #SecurityVulnerability #Blockchain #TokenSale #InvestmentLoss
According to Odaily, Web3 launcher platform WebKeyDao has been targeted by hackers, resulting in a loss of approximately $73,000. The attackers exploited an unprotected function to purchase wkeyDao tokens at a low price and subsequently sold them on a decentralized exchange for profit. Specifically, the hackers used a vulnerability in the contract's buy function to acquire 230 wkeyDao tokens for 1159 BUSD. They then sold these tokens on a DEX for 13,167 BUSD, achieving nearly ten times the initial investment.#WebKeyDao #HackerAttack #CryptoLoss #Web3 #DecentralizedExchange #SecurityVulnerability #Blockchain #TokenSale #InvestmentLoss
π Scroll Faces Security Vulnerability Impacting Over $100 Million in TVL
#Scroll #SecurityVulnerability #BlockchainSecurity #TotalValueLocked #TVL #BugBounty #Immunefi #PavelShabarkin #Quantstamp #WhiteHatHackers
According to Foresight News, Pavel Shabarkin has revealed a security vulnerability in Scroll that could lead to indefinite reorganization of the Scroll L2, potentially halting the chain's operations and affecting over $100 million in Total Value Locked (TVL). Shabarkin initially reported this critical issue on February 17, but claims that Scroll downplayed its severity and categorized it as a known issue.
Shabarkin requested an investigation and intervention from Immunefi, a platform for bug bounties and security services, but alleges that Scroll's response was inadequate. As a result, Shabarkin publicly disclosed the issue to highlight Scroll's poor handling of security, unfair resolution processes, and unsatisfactory attitude towards white-hat hackers.
LinkedIn information indicates that Pavel Shabarkin is currently a Senior Blockchain Security Engineer at Quantstamp, a blockchain security company.#Scroll #SecurityVulnerability #BlockchainSecurity #TotalValueLocked #TVL #BugBounty #Immunefi #PavelShabarkin #Quantstamp #WhiteHatHackers
π Cork Protocol Investigates Security Vulnerability
#CorkProtocol #SecurityVulnerability #PhilFogel #Xplatform #ContractsSuspended
According to Odaily, Phil Fogel, co-founder of Cork Protocol, announced on the X platform that the team is currently investigating a security vulnerability. All contracts have been suspended as a precautionary measure, and further updates will be provided promptly.#CorkProtocol #SecurityVulnerability #PhilFogel #Xplatform #ContractsSuspended
π NOYA.ai Investigates Potential Security Vulnerability
#NOYAai #SecurityVulnerability #Investigation #UserSafety #CommunityUpdate #UnauthorizedDeveloper #RecoveryProcesses
According to Odaily, NOYA.ai has announced on the X platform that a potential vulnerability has been discovered. The team is conducting a thorough investigation and will keep the community updated on progress. Users are advised to pause usage during this period. Additionally, NOYA.ai has assured its Discord community that user wallets are not at risk and no additional actions are required. The team is working on recovery processes and plans to release a detailed announcement by tomorrow morning. The incident was reportedly caused by an unauthorized developer, and the situation is being addressed with urgency.#NOYAai #SecurityVulnerability #Investigation #UserSafety #CommunityUpdate #UnauthorizedDeveloper #RecoveryProcesses
π New WebAuthn Vulnerability Exposes Users to Credential Theft
#WebAuthn #CredentialTheft #XSS #BrowserExtensions #PasswordDowngrade #FIDO2 #W3C #YubiKey #WindowsHello #TouchID #AndroidBiometrics #WebAuthentication #SecurityVulnerability
According to PANews, a new type of attack has been identified that can bypass WebAuthn key-based login systems. The discovery was made by 23pds, Chief Information Security Officer at SlowMist Technology, who shared the findings on the X platform. This attack allows perpetrators to hijack the WebAuthn API through malicious browser extensions or by exploiting XSS vulnerabilities on websites. Consequently, attackers can force a downgrade to password login or manipulate the key registration process to steal user credentials.
This vulnerability does not require access to the victim's device or Face ID. Users logging in with keys on compromised websites or those with malicious extensions may face identity impersonation, leading to account breaches.
WebAuthn, or Web Authentication, is a web standard developed by the W3C and FIDO Alliance. It aims to provide secure authentication through public key cryptography, either as a replacement or supplement to traditional passwords. Users can log in using hardware security keys like YubiKey, built-in platform authenticators such as Windows Hello, Touch ID, Android biometrics, or devices compliant with the FIDO2 standard.#WebAuthn #CredentialTheft #XSS #BrowserExtensions #PasswordDowngrade #FIDO2 #W3C #YubiKey #WindowsHello #TouchID #AndroidBiometrics #WebAuthentication #SecurityVulnerability
π Technical Insights on Balancer Theft Incident
#BalancerTheft #Kebabsec #Citrea #SecurityVulnerability #AssetExtraction #Blockchain #TechInsights #TransactionAnalysis #SmartContract #Odaily
According to Odaily, in response to the technical details surrounding the Balancer theft incident, kebabsec auditor and citrea developer @okkothejawa shared insights on the X platform. They stated that the error mentioned by @moo9000 might not be the root cause, as in all 'manageUserBalance' calls, ops.sender equals msg.sender. The security vulnerability may have occurred in the transaction preceding the creation of the contract for asset extraction, as it led to some state changes in the Balancer vault.#BalancerTheft #Kebabsec #Citrea #SecurityVulnerability #AssetExtraction #Blockchain #TechInsights #TransactionAnalysis #SmartContract #Odaily
π Port3 Network Reports Security Vulnerability in Cross-Chain Token Solution
#Port3Network #SecurityVulnerability #CrossChain #TokenSolution #CATERC20 #NEXANetwork #HackingIncident #BoundaryCondition #OwnershipVerification #Decentralization #AuditReport #UnauthorizedAccess
According to PANews, Port3 Network has released a report on a hacking incident via the X platform, highlighting a security vulnerability in the cross-chain token solution CATERC20, developed by NEXA Network. The report reveals that CATERC20 has a boundary condition verification flaw. When token ownership is relinquished, the function returns a value of 0, which coincidentally matches the ownership verification condition. This results in a failure of the ownership check, potentially allowing unauthorized access. The audit report for CATERC20 did not identify this issue. Port3 tokens had previously relinquished ownership to achieve greater decentralization, leaving them susceptible to this vulnerability.#Port3Network #SecurityVulnerability #CrossChain #TokenSolution #CATERC20 #NEXANetwork #HackingIncident #BoundaryCondition #OwnershipVerification #Decentralization #AuditReport #UnauthorizedAccess
π Security Vulnerability Found in Mediatek Smartphone Chip
#SecurityVulnerability #Mediatek #SmartphoneChip #EMFI #ElectromagneticFaultInjection #MT6878 #AndroidSecurity #PhysicalAccess #PrivateKeys #Ledger #DonjonResearch #CodeExecution #ChipSecurity #MediatekResponse #HardwareWallets #CryptocurrencySecurity #PhysicalAttacks #TechVulnerability
According to ChainCatcher, Ledger's Donjon research team has demonstrated that electromagnetic fault injection (EMFI) can completely compromise a commonly used Mediatek smartphone chip, which is found in many Android phone models. This issue requires attackers to have physical access to the device, highlighting the risks faced by users storing private keys on smartphones.
Ledger stated that its team examined the Mediatek Dimensity 7300 (MT6878) chip produced by TSMC. Researchers used EMFI tools to disrupt the chip's boot ROM, successfully bypassing core security checks and gaining full control of the chip, allowing arbitrary code execution at the highest privilege level (EL3). Ledger emphasized that this discovery does not affect Ledger hardware wallets.
Ledger disclosed this vulnerability to Mediatek in May. Mediatek responded by stating that EMFI attacks are beyond the security scope of the MT6878 chip, which is designed for consumer products rather than financial or hardware security module applications. Mediatek also noted that devices with higher security requirements, such as encrypted hardware wallets, should include specialized defense measures.
The report comes at a time when physical attacks targeting cryptocurrency users are on the rise globally.#SecurityVulnerability #Mediatek #SmartphoneChip #EMFI #ElectromagneticFaultInjection #MT6878 #AndroidSecurity #PhysicalAccess #PrivateKeys #Ledger #DonjonResearch #CodeExecution #ChipSecurity #MediatekResponse #HardwareWallets #CryptocurrencySecurity #PhysicalAttacks #TechVulnerability
π Maple Temporarily Shuts Down Web Application Due to Security Vulnerability
#Maple #SecurityVulnerability #WebApplication #SmartContracts #UserSecurity #TemporaryShutdown #BlockBeats
On February 9, Maple announced a security vulnerability in its web application. According to BlockBeats, the issue has been resolved, but the web application will be temporarily closed to ensure the fix is thoroughly completed.
The team assured that smart contracts were not affected and user deposits remain secure. Users will be notified once the web application is back online.#Maple #SecurityVulnerability #WebApplication #SmartContracts #UserSecurity #TemporaryShutdown #BlockBeats
π Elon Musk Delays 'X' App Update Due to Security Vulnerability
#ElonMusk #XApp #SecurityVulnerability #AppUpdate #ForYouFeature #NS3AI #UserExperience #UpdateDelay
Elon Musk has announced a delay in the release of the new version of the app 'X' following the discovery of a security vulnerability. According to NS3.AI, the update, initially expected this week, is now likely to be postponed until the weekend. The update was set to introduce the 'For You' feature aimed at enhancing user experience. This decision underscores a cautious approach to prioritize security before launching new functionalities.#ElonMusk #XApp #SecurityVulnerability #AppUpdate #ForYouFeature #NS3AI #UserExperience #UpdateDelay
π GitHub's Security Vulnerability Reporting Process Criticized by OpenClaw Founder
#GitHub #SecurityVulnerability #OpenClaw #PeterSteinberger #NS3AI #SecurityManagement #VulnerabilityReporting #Cybersecurity
OpenClaw founder Peter Steinberger has raised concerns about GitHub's approach to handling security vulnerability reports. According to NS3.AI, Steinberger's post outlines several issues he perceives in GitHub's current system for reporting vulnerabilities. His critique focuses on the inefficiencies and potential risks associated with GitHub's processes, urging for improvements to ensure better security management.#GitHub #SecurityVulnerability #OpenClaw #PeterSteinberger #NS3AI #SecurityManagement #VulnerabilityReporting #Cybersecurity
β€1
π iOS Users Urged to Update Amid Critical Security Vulnerability
#iOSUpdate #SecurityVulnerability #DarkSword #iPhone #iPad #CryptoSecurity #Malware #CyberSecurity #TwoFactorAuthentication #GTIG #BinanceWallet #AppPermissions #CryptoWallet #SecurityAlert #UpdateNow #StaySafe
Binance Wallet announced on X that Apple is urging iPhone and iPad users to immediately update their iOS systems due to a critical security vulnerability. The Google Threat Intelligence Group (GTIG) has identified an exploit chain, named βDarkSword,β which affects iOS versions 18.4 to 18.7. This vulnerability is a system-level issue and is not linked to any exchange or wallet application.
The exploit can be triggered when users visit compromised websites that appear legitimate. It allows attackers to extract sensitive data, including information from crypto wallets, without any user interaction. The malware is capable of erasing its traces post-execution, making it challenging to detect. Devices running iOS 18.4 to 18.7 are particularly at risk.
To mitigate the risk, users are advised to update their devices to the latest iOS version immediately. Additionally, it is recommended to avoid clicking on unknown links or visiting untrusted websites. Users should also review app permissions and disable any unnecessary access. Enabling Two-Factor Authentication (2FA) on all crypto-related accounts and activating withdrawal whitelists are further suggested precautions.
This security alert is crucial for all users, not just those associated with Binance, as security is fundamental to the entire ecosystem. Protecting user assets is a top priority, and taking these steps can help safeguard against potential threats.#iOSUpdate #SecurityVulnerability #DarkSword #iPhone #iPad #CryptoSecurity #Malware #CyberSecurity #TwoFactorAuthentication #GTIG #BinanceWallet #AppPermissions #CryptoWallet #SecurityAlert #UpdateNow #StaySafe