Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer alongside an on-chain...

One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts

Smart contracts have significantly advanced blockchain technology, and digital signatures are crucial for reliable verification of contract authority. Through signature verification, smart contracts can ensure that signers possess the required permissions, thus enhancing security and scalability...

BATBToken 安全漏洞

BATBToken is a token smart contract organized by Binance Smart Chain. A security vulnerability exists in the BATBToken smart contract that stems from an improper implementation of access control in the whitelist management function, which could lead to elevated privileges...

编号撤回

BSC Smart Contract is a high-performance blockchain network from BSC. This CVE number has been withdrawn...

A malicious actor can Block stuff the chain until the validator signature expires.

Lines of code Vulnerability details Impact The signature of a validator is time bound of which after the expiration period the transaction becomes invalid, a malicious user might notice a time bound transaction made by the sub account and decide to block stuff the network until the validator...

The Fake Browser Update Scam Gets a Makeover

One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping...

Binance's Smart Chain Exploited in New 'EtherHiding' Malware Campaign

Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain BSC contracts in what has been described as the "next level of bulletproof hosting." The campaign, detected two months ago, has been codenamed EtherHiding by Guardio Labs. The novel twist marks the latest...

Wrong blocksPerYear calculation in WhitePaperInterestRateModel.sol

Lines of code Vulnerability details Impact In WhitePaperInterestRateModel.sol, File: contracts/WhitePaperInterestRateModel.sol 17 uint256 public constant blocksPerYear = 2102400; There is wrong calculation of blocksPerYear and blocksPerYear is the approximate number of blocks per year that is...

[H1] Incorrect constant set at WhitePaperInterestRateModel

Lines of code Vulnerability details Impact Incorrect calculation of critical parameters like baseRatePerBlock. Proof of Concept The constant blocksPerYear is incorrectly set uint256 public constant blocksPerYear = 2102400; // @audit 15 seconds per block However, for Binance Smart Chain the blocks...

Wrong WhitePaperInterestRateModel block per year calculations incur losses for users and the protocol

Lines of code Vulnerability details Vulnerability Details Blocks per year calculations in WhitePaperInterestRateModel improperly assume 15 seconds block time, while on Binance Smart Chain it’s 3 seconds. This has grave consequences, because it is used in calculating borrower’s interest rate and...

Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange

Cryptocurrency trading platform BitMart has disclosed a "large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum ETH blockchain and...

Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network

Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what's believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches targeting exchanges Coincheck and Mt. Gox in recent years. Poly Network, a...

Hackers steal $3.8 million from Defi Protocol DODO

By Habiba Rashid DODO is a decentralized exchange built on the proactive market maker algorithm that runs on Ethereum and Binance Smart Chain BSC This is a post from HackRead.com Read the original post: Hackers steal $3.8 million from Defi Protocol DODO...