EUVD-2024-3483

Malicious code in bioql PyPI...

GHSA-JCXM-7WVP-G6P5 Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from...

Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from...

CVE-2024-54134

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

CVE-2024-54134

CVE-2024-54134 affects the Solana JavaScript library solana/web3.js, specifically versions 1.95.6 and 1.95.7. A publish-access account was compromised, enabling attackers to publish unauthorized malicious packages that could exfiltrate private key material and drain funds from dapps that handle p...

CVE-2024-54134 @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem

By Owais Sultan Institutions, dApps and users on Flare will now benefit from Hypernative’s industry-leading ecosystem-wide protection suite. This is a post from HackRead.com Read the original post: Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem...

Frontier 安全漏洞

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. A security vulnerability exists in Frontier. An attacker could exploit this vulnerability to perform a denial-of-service attack...

deposit and withdraw emit the same event than mint and burn in ERC20 and can affect to Dapps

Lines of code Vulnerability details Impact Deposit and Withdraw emit the same event than burn and mint than ERC20 so it's not possible to distinguish in a DAPP than deposit and withdraw are not mint or burn and could affect to the DAPP logics. For example, cointracking.info could understand in a...

DeFi Startup AllianceBlock Debuts Trustless ID Verification Service For Dapps

By Waqas The new service is meant to solve the problem of trustlessly sharing identity data. This is a post from HackRead.com Read the original post: DeFi Startup AllianceBlock Debuts Trustless ID Verification Service For Dapps...

No Allowlist For Bridgeable ERC-20 Tokens

Lines of code Vulnerability details Vulnerability Details We noticed that the deposit function of the L1ERC20Bridge contract code snippet 1 permits a user to bridge any ERC-20 tokens including deflationary and rebase tokens from the L1 to the L2 network. We considered that permitting non-standard...

Unsafe Initializations Of Bridge Contracts

Lines of code Vulnerability details Vulnerability Details During the zkSync initialization process, several complicated tasks would be required to execute. Incorrect configurations in some tasks could lead to unexpected vulnerabilities. One task of the zkSync initialization process is deploying a...

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency...