Cyfrin launches blockchain developer certifications backed by industry leaders and top university organizations.
Read on for the month's update from Cyfrin, security news, and industry insights.
Solidity developer certifications: Cyfrin Updraft now offers industry-recognized certifications, endorsed by top organizations and university organizations, enabling developers to showcase their expertise.
Secure development: Recent research highlights the importance of isolated development environments in preventing cyber attacks. Cyfrin CEO and Updraft’s lead educator, Patrick Collins’ blog post highlights the use of Docker for isolated development to prevent cyberattacks, with tips and best practices.
Preventing the next $50M hack: In response to the Radiant Capital hack, our new safe-tx-hashes tool helps users ensure secure verification of Safe multi-sig wallet signatures and prevent sophisticated exploits.
Web3 security guides: Our comprehensive two-part series on avoiding crypto scams covers everything from basic security practices to advanced threat prevention, including practical steps for protecting assets and identifying common attack vectors. Part 1 | Part 2
Phemex Exchange breach ($69.1M): A January 23 hack led to unauthorized transfers across multiple chains, with 125 suspicious transactions laundered through mixers.
Moby Protocol incident ($2.5M): Hackers stole liquidity pool (LP) assets by using stolen proxy private keys to upgrade smart contracts. (p.s. here’s a video lesson on how to safely store private keys)
Orange Finance attack ($840K): A malicious admin key upgrade diverted funds from multiple vaults, including Stryke and Stable, on January 8.
Fake Layer token ($465K): A fraudulent SOLAYER token misled investors, leading to a $465K rug-pull.
The Idols NFT exploit ($340K): Attackers abused reward calculations in self-transfer scenarios to drain $340K in stETH.
MoonHacker exploit ($300K): Flaws in Moonwell’s FlashLoan Callback and Approve Proxy enabled a $300K hack.
UniLend exploit ($200K): A redeemUnderlying flaw burned LP tokens before updating balances, resulting in a $200K loss.
The hidden danger in access control: QuillAudits' Breaking Rugs report reveals a shocking truth about 2024's $2.1B in losses: 78% came from a single type of exploit. Find out which vulnerability is costing protocols billions.
Your wallet's simulation could be its downfall: Researchers uncover how attackers are exploiting a trusted wallet feature to steal millions. Learn about the new attack vector that cost one user 143 ETH.
Cybercrime's new business model: How subscription-based malware, a.k.a. Crimeware-as-a-Service (CaaS), transforms crypto attacks from isolated threats into scalable, automated operations and why traditional security tools can't keep up.
The flash loan vulnerability nobody's talking about: A deep dive into how Maker's CDP system could be compromised through an unexpected reentrancy vector.
That dream job offer: Analysis reveals a sophisticated phishing campaign using fake CrowdStrike recruitment offers to deploy miners. Here's what developers need to watch for.
AI's role in finding smart contract vulnerabilities: New research shows how large language models (LLMs) could revolutionize vulnerability detection and why current tools might be missing critical bugs.
The most comprehensive scam database yet: A four-part list from Crypto Legal exposes thousands of fraudulent crypto companies. Essential resource for due diligence: Part 1, Part 2, Part 3, Part 4
Start learning smart contract development and security on Cyfrin Updraft.
Participate in competitive audits on CodeHawks.
Want to receive this as an email newsletter? Subscribe here!
