Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer alongside an on-chain...

Eclipse Attacks on Ethereum'S Peer-To-Peer Network

Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin SP'15, SP'20, CCS'21, SP'23 and Monero NDSS'25, but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We...

DeFeed: Secure Decentralized Cross-Contract Data Feed in Web 3.0 for Connected Autonomous Vehicles

Smart contracts have been a topic of interest in blockchain research and are a key enabling technology for Connected Autonomous Vehicles CAVs in the era of Web 3.0. These contracts enable trustless interactions without the need for intermediaries, as they operate based on predefined rules encoded...

MAL-2025-2212 Malicious code in testnet-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edd3718e0e37096149d4d64985025d95be3edcd077f04cf23ed0165b2b8b8b8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in testnet-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware edd3718e0e37096149d4d64985025d95be3edcd077f04cf23ed0165b2b8b8b8d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Analog Launches Testnet, Allocates 2% Token Supply for Participants

By Uzair Amir Analog’s Testnet is open for developers, community and validators, participants can complete quests and climb the ATP leaderboard… This is a post from HackRead.com Read the original post: Analog Launches Testnet, Allocates 2% Token Supply for Participants...

0G Launches Newton Testnet of Ultra-Scalable Modular AI Blockchain

By Uzair Amir 0G Labs is pleased to unveil the launch of the testnet for 0G, the modular ultra-high data throughput… This is a post from HackRead.com Read the original post: 0G Launches Newton Testnet of Ultra-Scalable Modular AI Blockchain...

Upgraded Q -> 2 from #246 [1699029716295]

Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-01 Use the factory constant address of the testnet Description import UNISWAPV3FACTORY, GOERLIUNISWAPV3FACTORY from '@script/Registry.s.sol'; contract UniV3Relayer is IBaseOracle, IUniV3Relayer // --- Registry ---...

timeswap testnet

Handle 0x1f8b Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...

timeswap testnet

Handle 0x6672 Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...

Zilliqa: Using gossip to drain miner wallets

Summary: Using a flaw in the gossip protocol, a malicious shard member can trick any other fellow shard member into signing an arbitrary message. One way this can be exploited is by creating a transaction transferring funds from the account corresponding to a target node's public key; having the...

Insecure String Comparison

zencashjs uses an insecure string comparison. This is due to a clash of address prefixes for testnet P2PKH and mainnet P2SH addresses. The package interprets transactions sent to a zt P2SH address on mainnet as P2PKH transactions erroneously. Any funds sent to a mainnet P2SH multisignature addres...

Undefined Behavior

Overview Versions of zencashjs prior to 1.2.0 may cause loss of funds when used with cryptocurrency wallets. The package relies on a string comparison of the first two characters of a Horizen address to determine the destination address type of a transaction P2PKH or P2SH. Due to the base58 addre...

Chainlink: Testnet address being sent in cleartext as http://rinkeby.chain.link/ is missing SSL certificate

Summary: SSL certificate missing for page: http://rinkeby.chain.link/ which is letting an attacker to sniff sensitive information, in this case, user's testnet address as it is being transmitted unencrypted in clear text Description: http://rinkeby.chain.link/ missing SSL encryption, data sent ov...