Lucene search
K

17 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:16 a.m.3 views

Malicious code in gita-semur99-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd57eea9cb468177282437da4a01fd02958d32b7fca458dedaf51cc3006197cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/12 5:6 a.m.25 views

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

The U.S. Department of Justice DoJ has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.9 views

Single lender can game markets into unexpected states of delinquency

Lines of code Vulnerability details Impact Wildcat Markets allow for for a borrower to accept the risks they are willing to manage when agreeing to terms of uncollatoralised lending. Namely authorised borrowers will permit certain lenders and control certain market parameters like interest rate,...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.16 views

Unrestricted Name and Symbol Modification in LSP7 and LSP8 Digital Assets

Lines of code Vulnerability details I HAVE ALREADY SUBMITTED THIS ISSUE HOWEVER I MESSED UP THE LINKS FOR IT. CAN YOU PLEASE DISREGARD THE PREVIOUS SUBMISSION? Impact The owner of a contract in LSP8IdentifiableDigitalAsset and LSP7DigitalAsset can arbitrarily change the name and symbol of a token...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.12 views

Unrestricted Token Transfer and Minting

Lines of code Vulnerability details Impact An attacker could exploit this vulnerability to mint an unlimited number of tokens, potentially devaluing the token and manipulating the market. Proof of Concept: Proof of Concept --The contract allows anyone to call the onTokenTransfer function without...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.8 views

User can abuse tight stop losses and high leverage to make risk free trades

Lines of code Vulnerability details Impact User can abuse how stop losses are priced to open high leverage trades with huge upside and very little downside Proof of Concept function limitClose uint id, bool tp, PriceData calldata priceData, bytes calldata signature external checkDelayid, false;...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/17 12:0 a.m.13 views

There is no boundaries for starting an auction.

Lines of code Vulnerability details Impact The team has brought this contest to be fairer to their users in terms of liquidation mechanism. Looking through this perspective, it can be developed more on the process to be much fairer to the users in volatile market conditions. Proof of Concept The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/30 12:0 a.m.14 views

Moral hazard of borrower calling liquidate() and potential Oracle manipulation

Lines of code Vulnerability details Impact In the InceptionVaultsCore contract, the liquidate and liquidatePartial function can be called anyone. This means that the borrower for a specific vaultId can call liquidate or liquidatePartial on his own vault. Furthermore, the project incentivizes...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/04 12:50 p.m.38 views

Investment scams are on the rise

Preying on one of the most basic human flaws, investment scams and other get-rich-quick schemes are making up an ever larger portion of the online scammers cake. The number of victims, for now, is lower than the number of victims of fraudulent sales, identity fraud, and dating fraud, but the cost...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/02 12:0 a.m.9 views

A market's hourly average price can be biased by a large number of trades

Handle shw Vulnerability details Impact An attacker can artificially move a market's hourly average price i.e., the result of getHourlyAvgTracerPrice by executing a large number of trades on the market with only paying gas fees. Proof of Concept The hourly average price is calculated by the...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/08/06 12:37 p.m.64 views

Black Hat 2020: Using Botnets to Manipulate Energy Markets for Big Profits

Researchers are warning that a new class of botnets could be marshaled and used to manipulate energy markets via zombie armies of power-hungry connected devices such as air conditioners, heaters, dryers and digital thermostats. A coordinated attack could cause an energy stock index to predictably...

0.4AI score
Exploits0References9
The Hacker News
The Hacker News
added 2019/01/15 7:34 p.m.101 views

Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme

The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/07/05 6:6 a.m.36 views

Augur: A miner can manipulate the gas reporting bond

Not entirely confident I've understood this system correctly, apologies if it's wrong and feel free to stop reading if you run into an obvious mistake... Summary: add summary of the vulnerability By creating a market with themselves as designated reporter and setting a very high gas price for the...

1.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/05/31 6:23 p.m.60 views

1834: The First Cyberattack

Tom Standage has a great story of the first cyberattack against a telegraph network. The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could ge...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2018/03/26 10:10 p.m.42 views

Stellar.org: Exploitable vulnerability in SDEX

Hi, Last Thursday I discovered the exploitable vulnerability in SDEX. I immediately reported the bug directly to Jed by email and he confirmed it. It's all about rounding during trades. You see, I found that orders are always executed if the price matches market, even if the amount is as small as...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2018/03/03 5:43 a.m.20 views

Stellar.org: It's possible to put SDX orderbook into invalid state and execute trades at arbitrary price

stellar-core improperly handles creation of a buy offer which crosses existing sell offers immediate execution but can only be filled partially due to a trustline limit on the source account. This makes it possible to create a valid offer to buy any custom asset at higher price than existing sell...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2016/02/08 10:42 p.m.19 views

Russian Hackers Manipulate Ruble-Dollar Exchange Rate with Malware

Russian Group of Hackers reportedly cracked into the Kazan-based Energobank and messed up with the Ruble-Dollar exchange rates. In Feb 2015, a hacking group, known by the name METEL, successfully breached into the Russian Regional Bank for just 14 minutes and caused the exchange rate to fluctuate...

6.5AI score
Exploits0
Rows per page
Query Builder