$1.4B was stolen in the largest crypto heist, but web3 is fighting back with the safe-tx-hashes tool, smarter defenses, and better security education.
Read on for the month's update from Cyfrin, security news, and industry insights.
News and partnerships:
It’s all about people: Elif joins Cyfrin after four years at Chainlink, bringing her passion for Solidity, developer education, and security. Meanwhile, Mustapha went from student to smart contract security expert in under five months, protecting billions in assets! How?
Key insights from Cyfrin:
Bybit exploit ($1.4B): Read Cyfrin’s detailed analysis of the largest heist in crypto’s history. What’s more, Cyfrin’s guide from a few weeks ago breaks down how it could have been avoided. And even more importantly, learn web3 wallets and post-deployment security on Updraft.
LIBRA memecoin rug pull ($286M): The $4.4B LIBRA rug pull left 74,000 traders with $286M in losses, implicating Argentina’s President Milei and sparking a legal and political fallout.
Infini exploit ($50M): A suspected ex-developer left a hidden backdoor, bypassed security, and drained Infini’s contract. The funds were swiftly laundered through Tornado Cash, swapped for ETH, and moved to a fresh wallet.
Ionic exploit ($12.3M): A $12.3M exploit via social engineering, in which an attacker used a fake LBTC token to drain assets, laundered $3.5M through Tornado Cash before $8.8M was frozen on Mode.
zkLend hack ($9.5M): zkLend lost $9.5M (3,600 ETH) after an attacker exploited a rounding error in the mint() function to inflate their balance, later laundering the funds through Railgun.
Turn skills into cash: Auditing is a goldmine—if you know where to look, here’s how top auditors get rich. To get ahead, learn from these critical exploits, governance takeovers, and vulnerabilities that caught experts off guard. Remember that your success depends on the quality of your vulnerability report, so master the art.
Walking in the Devil’s shoes: Discover the eight most active attackers of Q4 2024—how they operate, launder funds, and evade detection. Plus, step inside a hacker’s mind and see how they break assumptions, manipulate time, and weaponize curiosity.
AI: friend or foe: How do threat actors leverage generative AI for faster, more efficient attacks, and what’s stopping them from doing more damage? See Google’s findings.
Advanced security deep dives: From confidential smart contracts to Layer 2 scaling, Trusted Execution Environments (TEEs) are changing the game. And Multisig wallets aren’t as safe as you think. Here’s why.
Tool of the month: Safe-tx-hashes could have stopped the $1.4B Bybit heist by ensuring every multi-sig transaction was verified before signing. This tool helps you catch malicious transactions before they drain your funds—use it or risk becoming the next headline.
Schedule your certification exam today!
Start learning smart contract development and security on Cyfrin Updraft.
Participate in competitive audits on CodeHawks.
Did someone forward you this newsletter? Subscribe here!
