https://github.com/blocksecteam/blocksec_academy

https://github.com/blocksecteam/blocksec_academy

Last synced: about 1 year ago
JSON representation

• Host: GitHub
• URL: https://github.com/blocksecteam/blocksec_academy
• Owner: blocksecteam
• Created: 2022-07-29T04:37:03.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2023-01-20T04:13:57.000Z (over 3 years ago)
• Last Synced: 2025-01-28T19:46:20.851Z (over 1 year ago)
• Size: 9.12 MB
• Stars: 157
• Watchers: 7
• Forks: 17
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# BlockSec Academy

[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/BlockSecTeam.svg?style=social&label=Follow%20%40BlockSecTeam)](https://twitter.com/BlockSecTeam)

## Attack/Vulnerability Analysis on Medium

- [[Dec 15, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract](https://blocksecteam.medium.com/beyond-the-market-risk-a-logic-bug-identified-in-sushiswaps-kashipairmediumriskv1-contract-80ead49d8d6d)

[[Sushi Swap](https://www.sushi.com/) | *BSC*]

- [[Oct 10, 2022] How we recover the stolen funds for TransitSwap (and BabySwap)](https://blocksecteam.medium.com/how-we-recover-the-stolen-funds-for-transitswap-and-babyswap-2a68c9f4d66f)   

[[Transit Swap](https://swap.transit.finance/) | *BSC*]

- [[Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project](

https://blocksecteam.medium.com/our-short-analysis-of-the-accusation-of-the-wintermute-project-dbde1ed11ef8)   

[[wintermute](https://www.wintermute.com/) | *Ethereum*]

- [[Sep 21, 2022] Our short analysis of the Profanity tool vulnerability](https://blocksecteam.medium.com/our-short-analysis-of-the-profanity-tool-vulnerability-9f0477f0c3c0)   

[*Ethereum*]

- [[Sep 19, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW](https://blocksecteam.medium.com/reveal-the-message-replay-attacks-on-ethereumpow-64e4feee991c)   

[[EthereumPoW](https://ethereumpow.org/) | *EthereumPoW*]

- [[Sep 19, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol](https://blocksecteam.medium.com/a-new-memory-overwrite-vulnerability-discovered-in-wyvern-protocol-5285996c297d)   

[[OpenSea](https://opensea.io) | *Ethereum*]

- [[Aug 5, 2022] How Unchecked Mapping Makes $200M Losses of Nomad Bridge](https://blocksecteam.medium.com/attack-analysis-how-unchecked-mapping-makes-200m-losses-of-nomad-bridge-441336e28924)   

[[Nomad Bridge](https://app.nomad.xyz//) | *Ethereum*]

- [[Jun 16, 2022] Our Take on the Inverse Finance Security Incident: Price Manipulation Attack](https://medium.com/@blocksecteam/price-oracle-manipulation-attack-on-inverse-finance-a5544218ea91)   

[[Inverse Finance](http://www.inverse.finance/) | 

*Ethereum* | Oracle vulnerability]

- [[Jun 7, 2022] How a Critical Bug in Solana Network was Detected and Timely Patched](https://medium.com/@blocksecteam/how-a-critical-bug-in-solana-network-was-detected-and-timely-patched-a701870e1324)    

[[Solana Network](https://solana.com/) | 

*Solana* | CWE-682]

- [[May 31, 2022] How the Mirror Protocol got Exploited](https://medium.com/@blocksecteam/how-the-mirror-protocol-is-exploited-33b5c1d48322)          

[[Mirror Protocol](https://www.mirror.finance/) | *Ethereum* | Double Claiming Attack]

- [[May 18, 2022] The Analysis of FEGtoken Security Incident: Devil’s in the Details](https://medium.com/@blocksecteam/the-analysis-of-fegtoken-security-incident-devils-in-the-details-ea554f52bdcb)   

[[FEGtoken](https://fegtoken.com/) | *Ethereum* | Access Control, Untrusted External Call]

- [[May 16, 2022] Revisiting the CashioApp Security Incident](https://medium.com/@blocksecteam/revisiting-the-cashioapp-security-incident-61277fd39baa)

[[CashioApp](https://cashio.app/#/print/) | *Solana* | Access Control]

- [[May 6, 2022] How to exploit the same vulnerability of MetaPool in two different ways (Nerve Bridge / Saddle Finance) — What you see is not what you get](https://medium.com/@blocksecteam/how-to-exploit-the-same-vulnerability-of-metapool-in-two-different-ways-nerve-bridge-saddle-774c271c8243)    

[[MetaPool](https://metapool.app/) | *Near* | Pricing Mechanism]

- [[Apr 23, 2022] How Akutar NFT loses 34M USD](https://medium.com/@blocksecteam/how-akutar-nft-loses-34m-usd-60d6cb053dff)    

[[Akutar NFT](https://www.aku.world/) | *Ethereum* | DoS Attack]

- [[Apr 21, 2022] How to verify a signature in a wrong way — the AssociationNFT case](https://medium.com/@blocksecteam/how-to-verify-a-signature-in-a-wrong-way-the-associationnft-case-5a913e9b8a1d)   

[[The Association NFT](https://theassociationnft.com/) | *Ethereum* | Double Claiming Attack, Signature Verification]

- [[Apr 4, 2022] The Race Against Time and Strategy: About the AnySwap Rescue and Things We Have Learnt](https://medium.com/@blocksecteam/the-race-against-time-and-strategy-about-the-anyswap-rescue-and-things-we-have-learnt-4fe086b186ac)    

[[Anyswap](https://multichain.org/) | *Fantom* | Access Control]

- [[Mar 31， 2022] Tracing the Stolen Fund of the Ronin Bridge](https://medium.com/@blocksecteam/tracing-the-stolen-fund-of-the-ronin-bridge-6cb0965d913)

[[Ronin Bridge](https://bridge.roninchain.com/) | *Ronin* | 

Private Key Leakage]

- [[Mar 31, 2022] Revest Finance Vulnerabilities: More than Re-entrancy](https://medium.com/@blocksecteam/revest-finance-vulnerabilities-more-than-re-entrancy-1609957b742f)   

[[Revest Finance](https://revest.finance/) | *Ethereum* |  Reentrancy, Access Control]

- [[Mar 13, 2022] [Not All Tokens Are Good] The quick analysis of the Paraluni attack](https://medium.com/@blocksecteam/not-all-tokens-are-good-the-quick-analysis-of-the-paraluni-attack-fabef25f714c)  

[[Paraluni](https://twitter.com/paraluni) | *Ethereum* |  Reentrancy, Unchecked Input Token]

- [[Mar 22， 2022] Revisiting the Wormhole Attacks](https://medium.com/@blocksecteam/revisiting-the-wormhole-attacks-b821c3374ea6)

[[Wormhole Network](https://wormholenetwork.com/) | *Solana* | Access Control]

- [[Mar 21, 2022] LI.FI Attack: a Cross-chain Bridge Vulnerability? No, It’s Due to Unchecked External Call!](https://medium.com/@blocksecteam/li-fi-attack-a-cross-chain-bridge-vulnerability-no-its-due-to-unchecked-external-call-c31e7dadf60f)   

[[LI.FI](https://li.fi/) | *Ethereum* | Unchecked External Call]

- [[Mar 17, 2022] The short analysis of the flashloan attack to the APE AirDrop](https://medium.com/@blocksecteam/the-short-analysis-of-the-flashloan-attack-to-the-ape-airdrop-490a7d6a1479)    

[[BAYC](https://boredapeyachtclub.com/#/) | *Ethereum*]

- [[Feb 3, 2022] When “SafeMint” Becomes Unsafe: Lessons from the HypeBears Security Incident](https://medium.com/@blocksecteam/when-safemint-becomes-unsafe-lessons-from-the-hypebears-security-incident-2965209bda2a)    

[[HyperBears NFT](https://hypebears.io/) | *Ethereum* | Untrusted External Call, Reentrancy]

- [[Jan 28, 2022] When “SafeTransfer” Becomes Unsafe: lessons from the QBridge security incident](https://medium.com/@blocksecteam/when-safetransfer-becomes-unsafe-lesson-from-the-qbridge-security-incident-c32ecd3ce9da)     

[[Qubit Finance](https://qbt.fi/app) | *Ethereum*]

- [[Jan 16, 2022] How a vulnerability is silently fixed by Coin98](https://medium.com/@blocksecteam/how-a-vulnerability-is-silently-fixed-by-coin98-f910e70398e3)      

[[Coin98](https://coin98.com/) | *BSC* | Unchecked Input Parameters]

- [[Dec 30, 2021] New Integer Overflow Bug Discovered in Solana rBPF](https://medium.com/@blocksecteam/new-integer-overflow-bug-discovered-in-solana-rbpf-7729717159ee)

[[Solana Network](https://solana.com/) | *Solana* | Interger Overflow]

- [[Nov 18, 2021] The analysis of Nerve Bridge Security Incident](https://medium.com/@blocksecteam/the-analysis-of-nerve-bridge-security-incident-ead361a21025)   

[[Nerve Network](https://nerve.network/) | *BSC*]

- [[Nov 6, 2021] The Initial Analysis of the bZx Security Incident](https://medium.com/@blocksecteam/the-initial-analysis-of-the-bzx-security-incident-7daf2c6b58f3)  

[[bZx Protocol](https://bzx.network/) | *Ethereum* | Possible Private Key leakage]

- [[Oct 22, 2021] The analysis of Indexed Finance Security Incident](https://medium.com/@blocksecteam/the-analysis-of-indexed-finance-security-incident-8a62b9799836)  

[[Indexed Finance](https://indexed.finance/) | *Ethereum* | 

Price Manipulation]

- [[Oct 10, 2021] [The Butterfly Effect] The Compound Security Incident Caused by a Bugfix](https://medium.com/@blocksecteam/the-butterfly-effect-the-compound-security-incident-caused-by-a-bugfix-8f2052e9a759)   

[[Compound Finance](https://compound.finance/) | *Ethereum*]

- [[Sep 22, 2021] The Real Root Cause of the Vee Finance Security Incident](https://medium.com/@blocksecteam/the-real-root-cause-of-the-vee-finance-security-incident-8ed6562814e5)   

[[Vee Finance](https://vee.finance/home) | *Ethereum* | Unchecked Input Parameters]

- [[Aug 28, 2021] A short analysis of the wild exploitation of CVE-2021–39137](https://medium.com/@blocksecteam/the-analysis-of-the-wild-exploitation-of-cve-2021-39137-f1c9ffcdd210)    

[[Ethereum Network](https://ethereum.org/en/) | *Ethereum* | 

CVE-2021–39137]

- [[Aug 15, 2021] The Retrospection of the Poly Network Hack from a Security Researcher perspective](https://medium.com/@blocksecteam/the-retrospection-of-the-poly-network-hack-from-a-security-researcher-perspective-7b9f5c6f06d1)  

[[Poly Network](https://poly.network/#/)]

- [[Aug 12, 2021] The Further Analysis of the Poly Network Attack](https://medium.com/@blocksecteam/the-further-analysis-of-the-poly-network-attack-6c459199c057)   

[[Poly Network](https://poly.network/#/)]

- [[Aug 11, 2021] The initial analysis of the PolyNetwork Hack](https://medium.com/@blocksecteam/the-initial-analysis-of-the-polynetwork-hack-270ac6072e2a)   

[[Poly Network](https://poly.network/#/)]

- [[Aug 9, 2021] The analysis of the Zerogoki attack](https://medium.com/@blocksecteam/the-analysis-of-the-zerogoki-attack-da4e0807b184)    

[[Zerogoki](https://zerogoki.org) | *Ethereum* | 

Price Manipulation]

- [[Aug 4, 2021] The Analysis of the Popsicle Finance Security Incident](https://medium.com/@blocksecteam/the-analysis-of-the-popsicle-finance-security-incident-9d9d5a3045c1)

[[Popsicle Finance](https://popsicle.finance/) | *Ethereum* | Double Claim Attack]

- [[Jul 21, 2021] The Analysis of the Sanshu Inu Security Incident](https://medium.com/@blocksecteam/the-analysis-of-the-sanshu-inu-security-incident-28c0c7c0e783)

[[Sanshuinu](https://sanshuinu.finance/) | *Ethereum* | 

Deflation Token]

- [[Jul 19, 2021] The Analysis of the Array Finance Security Incident](https://medium.com/@blocksecteam/the-analysis-of-the-array-finance-security-incident-bcab555326c1)

[Array Finance | *Ethereum* | Price Manipulation]

- [[May 9, 2021] Price manipulation attack in reality (again): RariCapital incident](https://medium.com/@blocksecteam/price-manipulation-attack-in-reality-again-raricapital-incident-8f2047bc3575)

[[RariCapital](https://app.rari.capital/) | *Ethereum* | 

Price Manipulation]

- [[Jan 3, 2021] Security incident on Seal Finance](https://medium.com/@blocksecteam/security-incident-on-seal-finance-fa79c27a1c3b)    

[[Seal Finance](http://seal.finance/) | *Ethereum* | 

Reentrancy]

- [[Jan 3, 2021] Deposit Less, Get More: yCREDIT Attack Details](https://medium.com/@blocksecteam/deposit-less-get-more-ycredit-attack-details-f589f71674c3)

[[YCredit](https://ycredit.tools/) | *Ethereum*]

- [[Dec 18, 2020] Flash Loan Attack on Plouto Vault](https://medium.com/@blocksecteam/flash-loan-attack-on-plouto-vault-197da1531758)  

[Plouto| *Ethereum*]

- [[Dec 3, 2020] Loopring(LRC) Protocol Incident](https://medium.com/@blocksecteam/loopring-lrc-protocol-incident-66e9470bd51f)    

[LRC Protocol| *Ethereum* | Price Manipulation]

## Secure Contract Development

### Secure the Solana Ecosystem

- [[Mar 9, 2022] Secure the Solana Ecosystem (1) — Hello Solana](https://blocksecteam.medium.com/secure-the-solana-ecosystem-1-hello-solana-bb7ecc1e6b21)

- [[Mar 18, 2022] Secure the Solana Ecosystem (2) — Calling Between Programs](https://blocksecteam.medium.com/secure-the-solana-ecosystem-2-calling-between-programs-5fa3d947c4ed)

- [[Mar 27, 2022] Secure the Solana Ecosystem (3) — Program Upgrade](https://blocksecteam.medium.com/secure-the-solana-ecosystem-3-program-upgrade-5590c746016)

- [[Apr 6, 2022] Secure the Solana Ecosystem (4) — Account Validation](https://blocksecteam.medium.com/secure-the-solana-ecosystem-4-account-validation-2e28b062de0b)

- [[Apr 10, 2022] Secure the Solana Ecosystem (5) — Multi-Sig](https://blocksecteam.medium.com/secure-the-solana-ecosystem-5-multi-sig-99b74bbb3bfe)

- [[Apr 24, 2022] Secure the Solana Ecosystem (6) — Multi-Sig2](https://blocksecteam.medium.com/secure-the-solana-ecosystem-6-multi-sig2-ef3e8d6cfe6f)

- [[Apr 29, 2022] Secure the Solana Ecosystem (7) — Type Confusion](https://medium.com/@blocksecteam/secure-the-solana-ecosystem-7-type-confusion-90dbc19cd0cb)

### Rust

- [[Oct 12, 2021] Rust智能合约养成日记（1）合约状态数据定义与方法实现](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484442&idx=1&sn=45940463885e133e05a74228a45c4be3&scene=21#wechat_redirect)

- [[Oct 17, 2021] Rust智能合约养成日记（2）编写Rust智能合约单元测试](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484468&idx=1&sn=fcbe194fb8824fd35243dc90002b227a&scene=21#wechat_redirect)

- [[Oct 24, 2021] Rust智能合约养成日记 （3）Rust智能合约部署，函数调用及Explorer的使用](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484488&idx=1&sn=bad2ebad4f412166e1ccadd9d3adcb68&scene=21#wechat_redirect)

- [[Oct 31, 2021] Rust智能合约养成日记（4）Rust 智能合约整数溢出](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484508&idx=1&sn=07c79e70e726e7f64e45cf9751f84575&chksm=c0a850f5f7dfd9e3934eec7692e2e44dfbd319435aee6e405eeda82a3b80361248279095c706&scene=21#wechat_redirect)

- [[Nov 12, 2021] Rust 智能合约养成日记（5）合约安全之重入攻击](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484515&idx=1&sn=f726c77d6ac4441ff5a82aaa8f639da7&chksm=c0a850caf7dfd9dc6b7de5f5f9b509b78918ed1546800c65ea15b347f18f3c5556f6ec831f4e&scene=21#wechat_redirect)

- [[Nov 23, 2021] Rust 智能合约养成日记（6）拒绝服务攻击](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484541&idx=1&sn=47fef1a045b741490ce41a339aef994e&chksm=c0a850d4f7dfd9c2a830fa467e4b5ce5b4e9c20d906de49b0f35cdc9e57594df4cd5a3885dee&scene=21#wechat_redirect)

- [[Dec 9, 2021] Rust 智能合约养成日记（7）合约安全之计算精度](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484549&idx=1&sn=2d93b38d50a40e636d05c237ade28476&chksm=c0a8502cf7dfd93a02a4b8365c27c7e855286a14314690247fcd8b5ea286aa72454c17489f2d&scene=21#wechat_redirect)

- [[Jan 13, 2022] Rust 智能合约养成日记（8）合约安全之权限控制](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484607&idx=1&sn=1313f2b8e36f2e0c4b6c2672ce3cd00a&chksm=c0a85016f7dfd900761d09fb67be2b058319444be29c9fd8b465daa6b7910c908a953c65f578&scene=21#wechat_redirect)

- [[Feb 25, 2022] Rust 智能合约养成日记（9）合约升级](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484676&idx=1&sn=8e5048dcbfd29e53c6622c4bbfaf5a70&chksm=c0a851adf7dfd8bba97f0b4fac8b066ed27daa8388e7865f7e728ec607cf718d63d5ee2ba07a&scene=21#wechat_redirect)

- [[Mar 25, 2022] Rust 智能合约养成日记（10-1）Spuntnik DAO](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484722&idx=1&sn=fa26ec7d847a6b2a07d4de0f514772be&scene=21#wechat_redirect)

- [[Apr 1, 2022] Rust 智能合约养成日记（10-2）Sputnik DAO::Factory合约解读](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484763&idx=1&sn=a94b36f736ce77852968fcd0c9704165&scene=21#wechat_redirect)

- [[Apr 24, 2022] Rust 智能合约养成日记（10-3）Sputnik DAO::提案介绍](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484836&idx=1&sn=fa60fd3617336f187f344ffe8e10e670&chksm=c0a8510df7dfd81b67914044dbdf9dd6fb6a9f1d07cdc5f0d64c76cfa2de2c997fab87038ea9&token=1019309428&lang=zh_CN#rd)

### Move

- [[Nov 7, 2022] Security Practices in Move Development (1): Hello World](https://blocksecteam.medium.com/security-practices-in-move-development-1-hello-world-42d0e44f3725)

- [[Nov 21, 2022] Security Practices in Move Development (2): Aptos Coin](https://blocksecteam.medium.com/security-practices-in-move-development-2-aptos-coin-abe7ab7509fb)

### NFT

- [[Aug 5, 2022] Secure Smart Contract Development — Code Reentrancy in NFT Contracts](https://medium.com/@blocksecteam/secure-smart-contract-development-code-reentrancy-in-nft-contracts-fa6799a3966c)

- [[Aug 12, 2022] Secure Smart Contract Development (2) — How to Use Digital Signature and Use It Right in NFT (Markets)](https://medium.com/@blocksecteam/secure-smart-contract-development-2-how-to-use-digital-signature-and-use-it-right-in-nft-cc7ed246c009)

## Misc

### AML

- [[Sept 13, 2021] 暴露出来的只是冰山一角：深度挖掘Colonial Pipeline事件背后隐藏的故事](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484265&idx=1&sn=03c4f5f3e25678abf2fe64d2575733fb&chksm=c0a857c0f7dfded6460dd0d8fd6e242ffe5a3b414ade80db04f8958d1a658ee9a401deb5be54&token=1019309428&lang=zh_CN#rd)

- [[Oct 02, 2021][BlockSec AML研究分析之二] Colonial Pipeline事件分析展示界面](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==&mid=2247484406&idx=1&sn=3b2e9bf6985b9fb5032d529904bb0335&chksm=c0a8575ff7dfde492c39ba9575a686fa615f0e1b6ba5006d0d94082dbc12712646402305565d&token=1019309428&lang=zh_CN#rd)

### Others

- [[Dec 15, 2022] Getting Started with Phalcon 2.0](https://blocksecteam.medium.com/getting-started-with-phalcon-2-0-253da584ca91)

- [[Dec 15, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract](https://blocksecteam.medium.com/beyond-the-market-risk-a-logic-bug-identified-in-sushiswaps-kashipairmediumriskv1-contract-80ead49d8d6d)

- [[Dec 1, 2022] BlockSec and Tokenlon Reached Strategy Partnership](https://blocksecteam.medium.com/blocksec-and-tokenlon-reached-strategy-partnership-2d488b6a12e3)

- [[Nov 18, 2022] Getting Started With MetaDock](https://blocksecteam.medium.com/getting-started-with-metadock-5e3b3aeb64d4)

- [[Nov 1, 2022] Rustle: the First Automatic Auditor for NEAR Community](https://blocksecteam.medium.com/rustle-the-first-automatic-auditor-for-near-community-9256bdeb7e1c)

- [[Oct 10, 2022] How we recover the stolen funds for TransitSwap (and BabySwap)](https://medium.com/@blocksecteam/how-we-recover-the-stolen-funds-for-transitswap-and-babyswap-2a68c9f4d66f)

- [[Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project](https://medium.com/@blocksecteam/our-short-analysis-of-the-accusation-of-the-wintermute-project-dbde1ed11ef8)

- [[Sep 21, 2022] Our short analysis of the Profanity tool vulnerability](https://medium.com/@blocksecteam/our-short-analysis-of-the-profanity-tool-vulnerability-9f0477f0c3c0)

[[Profanity tool](https://github.com/johguse/profanity)]

- [[Sep 20, 2022] The Two Sides of the Private Tx Service (on Binance Smart Chain)](https://blocksecteam.medium.com/the-two-sides-of-the-private-tx-service-on-binance-smart-chain-a76917c3ce51)

- [[Sep 18, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW]( https://medium.com/@blocksecteam/reveal-the-message-replay-attacks-on-ethereumpow-64e4feee991c)

- [[Sep 8, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol](https://medium.com/@blocksecteam/a-new-memory-overwrite-vulnerability-discovered-in-wyvern-protocol-5285996c297d)

- [[Aug 24, 2022] BlockSec and GoPlus Reached Strategy Partnership to Explore the Field of “Web 3.0 Security”](https://medium.com/@blocksecteam/blocksec-and-goplus-reached-strategy-partnership-to-explore-the-field-of-web-3-0-security-ffa63fb9590)

- [[Mar 7, 2022] How to Make the BlockChain Attack “Blockable”](https://medium.com/@blocksecteam/how-to-make-the-blockchain-attack-blockable-1c741aea64c3)

- [[Aug 17, 2021] Tradeoff Between Convenience and Security: Unlimited Approval in ERC20](https://medium.com/@blocksecteam/unlimited-approval-in-erc20-convenience-or-security-1c8dce421ed7)

# Twitter

- [[Jan 18, 2023] UpSwing Finance attack](https://twitter.com/BlockSecTeam/status/1615521051487932418)

[[UpSwing Finance](https://twitter.com/UpswingFinance) | *Ethereum* | Design flaw of the $UPStkn token ]

- [[Jan 17, 2023] Reply to Forta](https://twitter.com/BlockSecTeam/status/1615373777533308929)

- [[Jan 17, 2023] Omniestategroup attack](https://twitter.com/BlockSecTeam/status/1615232012834705408)

[[Omniestategroup](https://www.omni-psi.com/intro-page) | *BSC* | Insufficient check of the arguments ]

- [[Jan 17, 2023] Voltage Finance Exploiter activity](https://twitter.com/BlockSecTeam/status/1615203339930832897)

- [[Jan 17, 2023] Phalcon Update: Simulator on mobile](https://twitter.com/BlockSecTeam/status/1615021788655943680)

- [[Jan 16, 2023] MidasCapitalXYZ attack](https://twitter.com/BlockSecTeam/status/1614864084956254209)

[[MidasCapital](https://midascapital.xyz/) | *BSC* | Unexcepted external call ]

- [[Jan 12, 2023] Maybe a Rugpull of 2M BUSD on Avalanche](https://twitter.com/BlockSecTeam/status/1613518029840683013)

- [[Jan 12, 2023] UF Dao of XDAO attack](https://twitter.com/BlockSecTeam/status/1613507804412940289)

[[XDAO](https://www.xdao.app/) | *BSC* | Incorrect parameter setting ]

- [[Jan 12, 2023] Maybe a Rugpull of 2M BUSD related to a SwapHelper contract](https://twitter.com/BlockSecTeam/status/1613492776712249344)

- [[Jan 12, 2023] ThreeBodyOF attack](https://twitter.com/BlockSecTeam/status/1613430775789289478)

[[ThreeBody](https://twitter.com/ThreeBodyOF) | *BSC* | Use of the rebasing token ]

- [[Jan 12, 2023] RoeFinance attack](https://twitter.com/BlockSecTeam/status/1613267000913960976)

[[Roe Finance](https://www.roe.finance/) | *Ethereum* | Limited liquidity of the pool ]

- [[Jan 11, 2023] Suspicious activities duting BRA attack](https://twitter.com/BlockSecTeam/status/1613139824227291138)

- [[Jan 10, 2023] Phalcon supports Arbitrum](https://twitter.com/BlockSecTeam/status/1612821280268451841)

- [[Jan 10, 2023] $BRA attack](https://twitter.com/BlockSecTeam/status/1612701106982862849)

[[$BRA](https://bscscan.com/address/0x449fea37d339a11efe1b181e5d5462464bba3752) | *BSC* | Logic Flaw ]

- [[Jan 10, 2023] MetaDock recommendation on CryptoSlate](https://twitter.com/BlockSecTeam/status/1612606245218979840)

- [[Jan 9, 2023] Reply to KeyStone](https://twitter.com/BlockSecTeam/status/1612388204648493057)

- [[Jan 7, 2023] Reply to Lossless](https://twitter.com/BlockSecTeam/status/1611416763669020673)

- [[Jan 7, 2023] Agree with @pcaversaccio about zero allowance](https://twitter.com/BlockSecTeam/status/1611405528969936896)

- [[Jan 5, 2023] Phalcon biggest update yet: Source code view and fund flow chart](https://twitter.com/BlockSecTeam/status/1611016320874852354)

- [[Jan 4, 2023] Getting started with Phalcon 2.0](https://twitter.com/BlockSecTeam/status/1611360090258538497)

- [[Jan 4, 2023] Rustle got Honorable Mentions in the NEAR Hackathon](https://twitter.com/BlockSecTeam/status/1610633786194288644)

- [[Jan 4, 2023] $FUT rugged 2M+](https://twitter.com/BlockSecTeam/status/1610605662500974595)

- [[Jan 4, 2023] 0 value transfer phishing moves to Polygon](https://twitter.com/BlockSecTeam/status/1610589402798891008)

- [[Jan 4, 2023] Recommend MetaDock](https://twitter.com/BlockSecTeam/status/1610571036570914817)

- [[Jan 4, 2023] Phishing campaign towards TrustPad](https://twitter.com/BlockSecTeam/status/1610309720278958080)

- [[Jan 3, 2023] Thanks Adrian Hetman](https://twitter.com/BlockSecTeam/status/1610267076534599681)

- [[Jan 3, 2023] Phalcon update notice](https://twitter.com/BlockSecTeam/status/1610235548983263233)

- [[Jan 3, 2023] Gas-token scam alert](https://twitter.com/BlockSecTeam/status/1610232910539378690)

- [[Jan 3, 2023] $GDS attack](https://twitter.com/BlockSecTeam/status/1610167174978760704)

[[$GDS](https://twitter.com/GDS_chain) | *BSC* | LP Mining mechanism vulnerability ]

- [[Dec 29, 2022] MetaDock's privacy policy](https://twitter.com/BlockSecTeam/status/1608443114884333574)

- [[Dec 29, 2022] Jay attack](https://twitter.com/BlockSecTeam/status/1608372475225866240)

[[JAY](https://app.jaypeggers.com/sellNFTs) | *Ethereum* | Contract-level reentrancy ]

- [[Dec 28, 2022] MetaDock daily efficiency tip](https://twitter.com/BlockSecTeam/status/1608128497851207680)

- [[Dec 27, 2022] MetaDock daily efficiency tip](https://twitter.com/BlockSecTeam/status/1607758288850161670)

- [[Dec 25, 2022] CryptoRubic attack](https://twitter.com/BlockSecTeam/status/1606993118901198849)

[[Rubic exchange](https://rubic.exchange/) | *Ethereum* | Arbitrary function call ]

- [[Dec 25, 2022] New Phishing scam using a fake MetaMask](https://twitter.com/BlockSecTeam/status/1606969617947451393)

- [[Dec 24, 2022] Recommend MetaDock to users](https://twitter.com/BlockSecTeam/status/1606629267676495874)

- [[Dec 19, 2022] Open source phishing urls](https://twitter.com/BlockSecTeam/status/1605883653208391680)

- [[Dec 19, 2022] MetaDock update: integrates Deth.net](https://twitter.com/BlockSecTeam/status/1604718627172732929)

- [[Dec 18, 2022] Recommend MetaDock to users](https://twitter.com/BlockSecTeam/status/1604481080966275077)

- [[Dec 16, 2022] Recommend MetaDock to users](https://twitter.com/BlockSecTeam/status/1603729596381216768)

- [[Dec 16, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract](https://twitter.com/BlockSecTeam/status/1603633067876155393)

- [[Dec 16, 2022] Reply to MetaDock about CashioApp Exploiter](https://twitter.com/BlockSecTeam/status/1603590101425983489)

- [[Dec 15, 2022] 0 value phishing](https://twitter.com/BlockSecTeam/status/1603414327972667392)

- [[Dec 14, 2022] NimbusPlatform attack](https://twitter.com/BlockSecTeam/status/1602877048124735489)

[[NimbusPlatform](https://nimbusplatform.io/) | *BSC* | Price Manipulation]

- [[Dec 13, 2022] ElasticSwap attack](https://twitter.com/BlockSecTeam/status/1602517243598114816)

[[ElasticSwap](https://twitter.com/ElasticSwap) | *Ethereum* | Mix/misuse of two accounting systems]

- [[Dec 12, 2022] Talk about MEV bot](https://twitter.com/BlockSecTeam/status/1602666756253925378)

- [[Dec 13, 2022] $BGLD attack](https://twitter.com/BlockSecTeam/status/1602335214356660225)

[[$BGLD](https://bscscan.com/address/0xc2319e87280c64e2557a51cb324713dd8d1410a3) | *BSC* | Charge an extra fee on transferring]

- [[Dec 12, 2022] Open source MetaDock](https://twitter.com/BlockSecTeam/status/1602296025661640705)

- [[Dec 12, 2022] Phishing website alert](https://twitter.com/BlockSecTeam/status/1602203688012943360)

- [[Dec 10, 2022] Phishing scam website alert](https://twitter.com/BlockSecTeam/status/1601594772380037120)

- [[Dec 10, 2022] Recommend Mopsus based on Pocket Universe's thread](https://twitter.com/BlockSecTeam/status/1601279629373112321)

- [[Dec 7, 2022] MetaDock update: shortcuts, productive widgets, Open-source notice](https://twitter.com/BlockSecTeam/status/1600482845470097409)

- [[Dec 7, 2022] BNB-AES pool attack](https://twitter.com/BlockSecTeam/status/1600442137811689473)

[[BNB-AES pool](https://bscscan.com/tx/0xca4d0d24aa448329b7d4eb81be653224a59e7b081fc7a1c9aad59c5a38d0ae19) | *BSC* | Deflation token]

- [[Dec 7, 2022] BNB-AES pool attack](https://twitter.com/BlockSecTeam/status/1600432715399983107)

- [[Dec 6, 2022] Phalcon update: horizontal scroll bar, bug fixed](https://twitter.com/BlockSecTeam/status/1600060225943269377)

- [[Dec 6, 2022] Let ChatGPT expain pseudorandom number generation vulnerability](https://twitter.com/BlockSecTeam/status/1600029061920657409)

- [[Dec 6, 2022] RoastFootball attack](https://twitter.com/BlockSecTeam/status/1599991294947778560)

[[Roast Football](https://twitter.com/RoastFootball) | *BSC* | Weak pseudorandom number generation vulnerability]

- [[Dec 5, 2022] FTX whitehat/heist activity](https://twitter.com/BlockSecTeam/status/1599604070398193664)

- [[Dec 2, 2022] Attacker's activity during Ankr exploit](https://twitter.com/BlockSecTeam/status/1598681204882300929)

- [[Dec 2, 2022] Phalcon update: addresses highlighting, custom ABI parsing, custom label](https://twitter.com/BlockSecTeam/status/1598667524258004992)

- [[Dec 2, 2022] Ankr exploite incident](https://twitter.com/BlockSecTeam/status/1598514978428157954)

- [[Dec 2, 2022] Profit calculation of an Attacker related to Ankr exploit](https://twitter.com/BlockSecTeam/status/1598625878455373824)

- [[Dec 2, 2022] Ariva Coin rugpull or private key compromised](https://twitter.com/BlockSecTeam/status/1598621473115377666)

[[Ariva Digital](https://ariva.digital/) | *BSC* | Rug pull or Private Key Compromised]

- [[Dec 2, 2022] Ankr private key compromised](https://twitter.com/BlockSecTeam/status/1598504838949900289)

[[Ankr](https://www.ankr.com/) | *BSC* | Private Key Compromised]

- [[Dec 1, 2022] Contract hacked by price manipulation](https://twitter.com/BlockSecTeam/status/1598262002010378241)

[[Contract](https://bscscan.com/address/0x0fd03ca89545c2ca342c8b9785c2383b8b8eabc5) | *BSC* | Price Manipulation]

- [[Dec 1, 2022] Reach a strategic partnership with TokenLon](https://twitter.com/BlockSecTeam/status/1598157438166786048)

- [[Nov 30, 2022] $OCASH scam](https://twitter.com/BlockSecTeam/status/1597943125099438080)

- [[Nov 30, 2022] Fake phishing on rarible](https://twitter.com/BlockSecTeam/status/1597867409095806976)

[[Rarible](https://rarible.com/) | *Ethereum* | exploiting the unlimited approval issue]

- [[Nov 27, 2022] Reply to @ballsyalchemist](https://twitter.com/BlockSecTeam/status/1596713324204675072)

- [[Nov 26, 2022] Boshen's Wallet investigation, abuse MEV](https://twitter.com/BlockSecTeam/status/1596513467141591042)

- [[Nov 26, 2022] Reply to bertcmiller about MEV](https://twitter.com/BlockSecTeam/status/1595712830338048001)

- [[Nov 24, 2022] MetaDock updated: integrates Tenderly, Transaction Viewer, DeBank, Dedaub](https://twitter.com/BlockSecTeam/status/1595704166860861441)

- [[Nov 23, 2022] NUM attack](https://twitter.com/BlockSecTeam/status/1595346020237352960)

[[Numbers Protocol](https://www.numbersprotocol.io/) | *Ethereum* | incompatible with the Multichain Router]

- [[Nov 23, 2022] NUM attack](https://twitter.com/BlockSecTeam/status/1595308075690340352)

[[Numbers Protocol](https://www.numbersprotocol.io/) | *Ethereum* | fake Multichain transfer]

- [[Nov 23, 2022] Boshen asset tracking](https://twitter.com/BlockSecTeam/status/1595262314600886274)

[[Boshen](https://twitter.com/boshen1011/status/1595239850596306944) | *Ethereum*]

- [[Nov 22, 2022] MetaDock updated: smoother on BTC.com](https://twitter.com/BlockSecTeam/status/1595019201588367361)

- [[Nov 22, 2022] Profanity vulnerability](https://twitter.com/BlockSecTeam/status/1594969078367936512)

- [[Nov 22, 2022] AAVE is fine](https://twitter.com/BlockSecTeam/status/1594931190997610496)

- [[Nov 21, 2022] FTX accounts drainer activity](https://twitter.com/BlockSecTeam/status/1594627046935871493)

- [[Nov 21, 2022] Security Practices in Move Development (2): Aptos Coin](https://twitter.com/BlockSecTeam/status/1594584270362021888)

- [[Nov 21, 2022] FTX whitehat created a multisig wallet](https://twitter.com/BlockSecTeam/status/1594528398348816384)

- [[Nov 19, 2022] Glad to help manifoldfinance](https://twitter.com/BlockSecTeam/status/1593636758167560192)

- [[Nov 18, 2022] Reply to amber's Security Researcher](https://twitter.com/BlockSecTeam/status/1593477080582262785)

- [[Nov 18, 2022] MetaDock: a chrome extension aims to imporove the usability of blockchain explorers](https://twitter.com/BlockSecTeam/status/1593473535833350146)

- [[Nov 17, 2022] ConvexFinance was not hacked](https://twitter.com/BlockSecTeam/status/1593093458994286592)

- [[Nov 16, 2022] DFX Finance vulnerability](https://twitter.com/BlockSecTeam/status/1592734292727455744)

[Sheep_Farm22 | *BSC* | incorrect implementation of register function]

- [[Nov 14, 2022] Phalcon updates, faster and API](https://twitter.com/BlockSecTeam/status/1592177763536211970)

- [[Nov 12, 2022] FTX heist](https://twitter.com/BlockSecTeam/status/1591455813897707520)

- [[Nov 11, 2022] DFX Finance vulnerability](https://twitter.com/BlockSecTeam/status/1590962548593283072)

[[DFX Finance](https://dfx.finance/) | *Ethereum* | deposits vulnerability]

- [[Nov 11, 2022] DFX Finance attacker on the move](https://twitter.com/BlockSecTeam/status/1590960299246780417)

- [[Nov 7, 2022] Security Practices in Move Development (1): Hello World](https://twitter.com/BlockSecTeam/status/1589567009347760128)

- [[Nov 3, 2022] FMoney Finance Rescue](https://twitter.com/BlockSecTeam/status/1587998109648683010)

[[FMoney Finance](https://fmoney.finance/) | *Ethereum*]

- [[Nov 3, 2022] Skyward Finance Attack](https://twitter.com/BlockSecTeam/status/1587998109648683010)

[[Skyward Finance](https://app.skyward.finance/) | *NEAR* | 'redeem_skyward' vulnerability]

- [[Nov 1, 2022] Rustle: the first automatic auditor for NEAR community](https://twitter.com/BlockSecTeam/status/1587439644081545216)

- [[Oct 30, 2022] Phalcon's simulation on Ethdev contract](https://twitter.com/BlockSecTeam/status/1587120755015581701)[[ETHDev contract](0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae) | *Ethereum*]

- [[Oct 30, 2022] DAppNode profanity rescue](https://twitter.com/BlockSecTeam/status/1586671125735825408)

[[DAppNode](https://dappnode.com/) | *Ethereum* | the profanity vulnerability]

- [[Oct 28, 2022] Mopsus: industry-leading transaction pre-execution service](https://twitter.com/BlockSecTeam/status/1586024551036596226)

- [[Oct 28, 2022] friesDAO profanity rescue](https://twitter.com/BlockSecTeam/status/1585863541571014657)

[[friesDAO](https://fries.fund/) | *Ethereum* | the profanity vulnerability]

- [[Oct 28, 2022] V8Token attack](https://twitter.com/BlockSecTeam/status/1585824018925355008)

[V8Token | *BSC* | 'updateUserBalance' logic vulnerability]

- [[Oct 27, 2022] Collaborate with losslessdefi](https://twitter.com/BlockSecTeam/status/1585642914864300033)

[[Losslessdefi](https://twitter.com/losslessdefi)]

- [[Oct 27, 2022] Team Finance](https://twitter.com/BlockSecTeam/status/1585587617063895041)

[[Team Finance](https://www.team.finance/) | *Ethereum* | Fake token]

- [[Oct 27, 2022] UVT attack](https://twitter.com/BlockSecTeam/status/1585580096026734592)

[[UVToken](https://www.uvtoken.com/) | *BSC* | Lack of sanity check]

- [[Oct 27, 2022] VTF attack](https://twitter.com/BlockSecTeam/status/1585575129936977920)

[VTF token | *BSC* | 'updateUserBalance' logic vulnerability]

- [[Oct 26, 2022] n00dleSwap attack](https://twitter.com/BlockSecTeam/status/1584959295829180416)

[n00dleSwap | *Ethereum* | ERC777-based reentrncy]

- [[Oct 25, 2022] ULME attack](https://twitter.com/BlockSecTeam/status/1584839309781135361)

[ULME | *BSC* | Indirect price manipulation attack caused by unrestricted access control]

- [[Oct 20, 2022] Health attack](https://twitter.com/BlockSecTeam/status/1583073442433495040)

[Health | *BSC* | Price Manipulation]

- [[Oct 19, 2022] MEV bot was attacked](https://twitter.com/BlockSecTeam/status/1582715252428660736)

- [[Oct 18, 2022] BitKeepOS contract was hacked](https://twitter.com/BlockSecTeam/status/1582261040334901249)

[[Bitkeep](https://t.co/RoXJg4fuDf) | *BSC* | Looks like its function allows the attacker to execute an arbitrary call]

- [[Oct 17, 2022] Phalcon Update: Transaction Simulation supports BSC](https://twitter.com/BlockSecTeam/status/1581964129056628740)

- [[Oct 14, 2022] Phalcon Update: Simulate a transaction](https://twitter.com/BlockSecTeam/status/1580937962652475396)

- [[Oct 14, 2022] MEV bot was exploited](https://twitter.com/BlockSecTeam/status/1580779311862190080)

- [[Oct 13, 2022] Profanity Rescue](https://twitter.com/BlockSecTeam/status/1580558111844155392)

- [[Oct 12, 2022] ATK attacfk](https://twitter.com/BlockSecTeam/status/1580095325200474112)

[ATK | *BSC* ]

- [[Oct 12, 2022] Carrot attack](https://twitter.com/BlockSecTeam/status/1579908411235237888)

[Carrot | *BSC* | Public FunctionCall]

- [[Oct 11, 2022] TempleDao attack](https://twitter.com/BlockSecTeam/status/1579843881893769222)

[[TempleDao](https://templedao.link/) | *Ethereum* | Insufficient Access Control]

- [[Oct 11, 2022] QANplatform deployer address is vulnerable](https://twitter.com/BlockSecTeam/status/1579781207503802369)

- [[Oct 11, 2022] Indexed Finance Exploiter's address is vulnerable](https://twitter.com/BlockSecTeam/status/1579776638380048385)

- [[Oct 11, 2022] Profanity vulnerability](https://twitter.com/BlockSecTeam/status/1579769525247279104)

- [[Oct 10, 2022] Phalcon supports Avalanche C-Chain](https://twitter.com/BlockSecTeam/status/1579448545706651648)

- [[Oct 9, 2022] Phalcon Dark Mode Launched](https://twitter.com/BlockSecTeam/status/1579088375969378307)

- [[Oct 7, 2022] Binance Cross-chain Bridge Attack](https://twitter.com/BlockSecTeam/status/1578290988959035395)

- [[Oct 6, 2022] RES Attack Analysis](https://twitter.com/BlockSecTeam/status/1578041521273962496)

[RES token | *BSC* | Price Manipulation]

- [[Oct 4, 2022] Whitehat rescue of vulnerable addresses generated by the vanity tool](https://twitter.com/BlockSecTeam/status/1577146334863560705)

- [[Oct 2, 2022] BabySwap Attack Analysis](https://twitter.com/BlockSecTeam/status/1576441612812836865)

[[BabySwap](https://home.babyswap.finance/) | *BSC* ]

- [[Oct 2, 2022] Transit Swap Attack Analysis](https://twitter.com/BlockSecTeam/status/1576428812514250753)

[[Transit Swap](https://www.transit.finance/) | *BSC* | Unlimited Approval]

- [[Sep 29, 2022] Announcement of Phalcon Launch](https://twitter.com/BlockSecTeam/status/1575485620578709505)

- [[Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project](https://twitter.com/BlockSecTeam/status/1574738202744655872)

- [[Sep 23, 2022] RADT-DAO Attacl Analysis](https://twitter.com/BlockSecTeam/status/1573252869322846209) 

[RADT-DAO | *BSC* | Price Manipulation]

- [[Sep 21, 2022] Our short analysis of the Profanity tool vulnerability](https://twitter.com/BlockSecTeam/status/1572614722029260804)

- [[Sep 20, 2022] The Two Sides of the Private Tx Service (on Binance Smart Chai)](https://twitter.com/BlockSecTeam/status/1572241994155720705)

- [[Sep 20, 2022] Wintermute Attack Analysis](https://twitter.com/BlockSecTeam/status/1572158675606982656)

[[Wintermute](https://www.wintermute.com/) | *Ethereum* | Leaked Private Key]

- [[Sep 18, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW](https://twitter.com/BlockSecTeam/status/1571433997460459521)

- [[Sep 16, 2022] BlockSec Academy | About 61.8% (67.1K / 108.5K) of the #NFT projects are suffering from the holder pooling risk](https://twitter.com/BlockSecTeam/status/1570609612768026624)

- [[Sep 14, 2022] BlockSec Academy | NFT Assets Off-Chain Risk](https://twitter.com/BlockSecTeam/status/1569946202573254656)

- [[Sep 9, 2022] DeFi Alert](https://twitter.com/BlockSecTeam/status/1567928377432051713)

[0xEd850799CF22b66cb4911539425f8A41423D0933 | *BSC*]

- [[Sep 9, 2022] NFT Security Report 2022 ](https://twitter.com/BlockSecTeam/status/1567918184619032576)

- [[Sep 8, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol](https://twitter.com/BlockSecTeam/status/1567843681008492544)

- [[Sep 8, 2022] $ROI(Ragnarok Online Invasion) Attack Analysis](https://twitter.com/BlockSecTeam/status/1567746825616236544)

[Ragnarok Online Invasion | *BSC* | Access Control Vulnerability]

- [[Sep 8, 2022] No-Open Source Contract Attack](https://twitter.com/BlockSecTeam/status/1567706201277988866)

[0x8b068e22e9a4a9bca3c321e0ec428abf32691d1e | *BSC*]

- [[Sep 6, 2022] DeFi Alert](https://twitter.com/BlockSecTeam/status/1567027459207606273)

- [[Sep 5, 2022] DeFi Alert](https://twitter.com/BlockSecTeam/status/1566606770650300416)

[0xea41bbd80ac69807289d0c4f6582ab73e96834d0 | *BSC* | Price Manipulation]

- [[Aug 31, 2022] No-Open Source Contract Attack](https://twitter.com/BlockSecTeam/status/1564890919023034369)  

[0x40c994299fb4449ddf471d0634738ea79c734919 | *BSC* | Logic Vulnerability]

- [[Aug 24, 2022] KaoyaSwap Attack Analysis](https://twitter.com/BlockSecTeam/status/1562286943957708800)   

[KaoyaSwap | *BSC* | Logic Vulnerability]

- [[Aug 17, 2022] Where is the $190M? --An Initial Analysis of the Nomad Bridge Attack Lost Funds](https://twitter.com/BlockSecTeam/status/1559785673770487809)

[[Nomad Bridge](https://www.nomad.xyz/) | *Ethereum* | Logic Vulnerability]

- [[Aug 16, 2022] Do not directly sell NFT airdrop after ETH merge](https://twitter.com/BlockSecTeam/status/1559485426104418304)

- [[Aug 12, 2022] Secure Smart Contract Development (2) — How to Use Digital Signature and Use It Right in NFT (Markets) ](https://twitter.com/BlockSecTeam/status/1557981700218847232)

- [[Aug 10, 2022] ANCH Attack](https://twitter.com/BlockSecTeam/status/1557207585375531009)

[ANCHStake Protocol | *BSC* | Logic Vulnerability]

- [[Aug 10, 2022] XSTABLE.PROTOCOL Attack](https://twitter.com/BlockSecTeam/status/1557195012042936320)

[XSTABLE.PROTOCOL | *BSC* | Logic Vulnerability]

- [[Aug 8, 2022] EGD_Finance Attack](https://twitter.com/BlockSecTeam/status/1556496717843148801)

[EGD_Finance | *BSC* | Price Manipulation]

- [[Aug 4, 2022] Freedom Protocol Rug&Pull](https://twitter.com/BlockSecTeam/status/1555116309955850241)

[[Freedom Protocol](https://www.freedomprot.com/) | *BSC* | Rug]

- [[Aug 2, 2022] Nomad Bridge Exploit](https://twitter.com/BlockSecTeam/status/1554390772585500674)

[[Nomad Bridge](https://www.nomad.xyz/) | *Ethereum* | Logic Vulnerability]

- [[Jul 14, 2022] SpaceGodzilla Attack](https://twitter.com/BlockSecTeam/status/1547456591900749824)    

[[SpaceGodzilla NFT](https://twitter.com/SpaceGodzilla_c) | 

*Ethereum* | Price Manipulation]

- [[Jul 13, 2022] Wash trading to arbitrage on LooksRare](https://twitter.com/BlockSecTeam/status/1547220280061607936)  

[[LooksRare](https://looksrare.org/) | *Ethereum* | Wash trading]

- [[Jul 10, 2022] ParallelFi Attack](https://twitter.com/BlockSecTeam/status/1546141457933025280)      

[[Parallel Finance](https://parallel.fi/) | *Ethereum* | 

Reentrancy]

- [[Jul 1, 2022] How to sell an NFT to a buyer with a high price without the buyer's consent](https://twitter.com/BlockSecTeam/status/1542846129456709633)     

[[Quixotic](https://quixotic.io/) | *Ethereum* | Access Control, Signature Verification]

- [[Jun 26, 2022] XCarnival_Lab Attack](https://twitter.com/BlockSecTeam/status/1541070850505723905)   

[[XCarnival_Lab](https://xcarnival.fi) | *Ethereum* | Access Control]

- [[Jun 2, 2022] CoFiXProtocol Exploit](https://twitter.com/BlockSecTeam/status/1532059317616058368)    

[[CoFiX Protocol](https://cofix.tech/) | *Ethereum* | Access Control]

- [[May 26, 2022] How is a honeypot contract trapped by an MEV bot](https://twitter.com/BlockSecTeam/status/1529832324774625281)   

[Honeypot]

- [[May 24, 2022] Hackerdao Attack](https://twitter.com/BlockSecTeam/status/1529084919976034304)    

[[Hackerdao](https://www.hackerdao.xyz/) | *BSC*]

- [[May 21, 2022] bDollarFi Attack](https://twitter.com/BlockSecTeam/status/1527882159528083456)   

[[bDollar Finance](https://twitter.com/bdollar_fi) | *BSC* | Price Manipulation]

- [[May 9, 2022] Fortress Protocol Attack](https://twitter.com/BlockSecTeam/status/1523530484877209600)    

[[Fortress Protocol](https://fortress.loans/) | *BSC* | Price Oracle Manipulation]

- [[Apr 27, 2022] BnBBrokers Attack](https://twitter.com/BlockSecTeam/status/1519249933832171520)    

[[BnBBrokers](https://bnbbrokers.app/) | *BSC* | Reentrancy]

- [[Apr 23, 2022] AkuDreams Exploit](https://twitter.com/BlockSecTeam/status/1517740643325714432)    

[[Akutars](https://www.aku.world/) | *Ethereum*]

- [[Apr 21, 2022] Zeed Protocol Exploit](https://twitter.com/BlockSecTeam/status/1517052623354232832)    

[[Zeed Protocol](https://twitter.com/zeedcommunity) | *BSC* |

Reward Distribution Vulnerability]

- [[Apr 18, 2022] BeanstalkFarms Attack](https://twitter.com/BlockSecTeam/status/1515732238612430849)   

[[Beanstalk Farms](https://twitter.com/BeanstalkFarms) | 

*Ethereum*]

- [[Apr 13, 2022] ElephantStatus Attack](https://twitter.com/BlockSecTeam/status/1513966074357698563)   

[[Elephant Money](https://linktr.ee/elephant_money) | *BSC* | Price Manipulaiton, Reentrancy]

- [[Apr 10, 2022] Gym Network Attack](https://twitter.com/BlockSecTeam/status/1512832398643265537)   

[[Gym Network](https://gymnetwork.io/) | *BSC* | Price Manipulaiton]

- [[Apr 2, 2022] Inverse Finance Attack](https://twitter.com/BlockSecTeam/status/1510271190749032453)   

[[Inverse Finance](https://www.inverse.finance/) | 

*Ethereum* | Price Manipulaiton]

- [[Mar 31, 2022] Ola Finance Attack](https://twitter.com/BlockSecTeam/status/1509466576848064512)    

[[Ola Finance](https://ola.finance/) | *Ethereum* | Reentrancy]

- [[Mar 27, 2022] Classic Single-contract Re-entrancy Attack](https://twitter.com/BlockSecTeam/status/1508065573250678793)

[[Rena](https://rena.finance/) | *Ethereum* | Reentrancy]

- [[Mar 24, 2022] CashioApp Attack](https://twitter.com/BlockSecTeam/status/1506664679200149506)  

[[Cashio App](https://cashio.app/) | *Solana* | Access Control]

- [[Mar 20, 2022] Scam token BmDoge](https://twitter.com/BlockSecTeam/status/1505550140299685889)   

[[BmDoge](https://bscscan.com/address/0x0be34a21d808161bcb84f4afba708560ab6c316b) | *BSC* | Backdoor Function]

- [[Mar 15, 2022] Agave Lending Attack](https://twitter.com/BlockSecTeam/status/1503754973867569155)    

[[Agave Fiannce](https://agave.finance/) | *Gnosis Chain* | Untrusted external call]

- [[Mar 15, 2022] Deus Finance Exploit](https://twitter.com/BlockSecTeam/status/1503638069240827910)   

[[Deus Finance](https://deus.finance/) | *Fantom* | Price Manipulation]

- [[Mar 9, 2022] PXPNFTsGame Attack](https://twitter.com/BlockSecTeam/status/1501474711599198211)    

[[PiratexPirate](https://piratexpirate.io/) | *Ethereum* | Private Key Leakage]

- [[Mar 4, 2022] The rough analysis on the BTC donation to Ukraine](https://twitter.com/BlockSecTeam/status/1499757354115809288)

- [[Mar 3, 2022] How to shop free for NFT](https://twitter.com/BlockSecTeam/status/1499321063372898304)

- [[Jan 18, 2022] Crosswise Finance Attack](https://twitter.com/BlockSecTeam/status/1483335951833518082)   

[[Crosswise Finance](https://crosswise.finance/) | *Ethereum* | Access Control]

- [[Dec 30, 2021] SashimiSwap Attack](https://twitter.com/BlockSecTeam/status/1476516736422019082)   

[[SashimiSwap](https://sashimiswap.org/) | *Ethereum*]

- [[Nov 30, 2021] MonoXFinance Attack](https://twitter.com/BlockSecTeam/status/1465690478414761992)    

[[MonoX Finance](https://monox.finance/home) | *Ethereum*]

- [[Nov 21, 2021] FormationFi Attack](https://twitter.com/BlockSecTeam/status/1462216654570463238)    

[[Formation Finance](https://twitter.com/VisorFinance) | *Ethereum*]

- [[Oct 28, 2021] CreamFinance Attack](https://twitter.com/BlockSecTeam/status/1453393444047441923)    

[[Cream Finance](https://cream.finance/) | *BSC* | Oracle Vulnerability]

- [[Sep 15, 2021] NowSwap Attack](https://twitter.com/BlockSecTeam/status/1438100688215560192)    

[[NowSwap Protocol](http://nowswap.org/) | *Ethereum* | Semantic Inconsistenty]

- [[Sep 14, 2021] KlondikeFinance Attack](https://twitter.com/BlockSecTeam/status/1437704673385857026)   

[[Klondike Finance](http://klondike.finance/) | *Ethereum*]

- [[Sep 3, 2021] Siren Protocol Attack](https://twitter.com/BlockSecTeam/status/1433682132090568705)    

[[Siren Protocol](https://siren.xyz/) | *Ethereum* | Reentrancy]

- [[Aug 17, 2021] XSURGEDEFI Attack](https://twitter.com/BlockSecTeam/status/1427482803134894080)

[[Xsurge](https://xsurge.net/) | *Ethereum* | Reentrancy, Price Manipulation]

# Media Coverage

- [[Jan 14, 2023] 디파이, NFT 온체인 리스크 쉽게 확인하기 ](https://contents.premium.naver.com/professorjo/research/contents/230114125451591td)

- [[Jan 12, 2023] First Mover Asia: The Next Avraham Eisenberg Isn’t Going to Be a ChatGPT-Powered ‘Script Kiddie’](https://www.coindesk.com/markets/2023/01/12/first-mover-asia-the-next-avraham-eisenberg-isnt-going-to-be-a-chatgpt-powered-script-kiddie/)

- [[Jan 9, 2023] Introducing MetaDock: A secure and efficient trove of Web3 tools and resources](https://cryptoslate.com/press-releases/introducing-metadock-a-secure-and-efficient-trove-of-web3-tools-and-resources/)

- [[Dec 6, 2022] Minted: How the DeFi Wallet NFT Marketplace Works in Detail](https://crypto.com/university/minted-defi-wallet-nft-marketplace)

- [[Dec 5, 2022] Attackers Net $20M through Ankr and Helio exploits](https://www.moneycontrol.com/news/business/cryptocurrency/top-cryptocurrency-news-on-december-5-front-running-scams-to-increase-by-500-defi-protocols-suffer-a-20-million-hack-coinbase-apple-at-loggerheads-and-more-9649111.html)

- [[Dec 3, 2022] Hack Saldırısı Bu Altcoin’i Yerle Bir Etti: Fiyat Sıfıra Gidiyor!](https://tr.tradingview.com/news/cointurk:e965d877b:0/)

- [[Dec 2, 2022] Attackers pocket $20 million in exploits on Ankr and Helio](https://coinmarketcap.com/headlines/news/attacker-pockets-20-million-in-exploits-on-ankr-and-helio/)

- [[Dec 2, 2022] Hackers get away with $20 million in twin attacks on Ankr and Helio](https://invezz.com/news/2022/12/02/hackers-get-away-with-20-million-in-twin-attacks-on-ankr-and-helio/)

- [[Dec 2, 2022] Binance pausa saques em meio a hack ao protocolo Ankr](https://www.criptofacil.com/binance-pausa-saques-em-meio-a-hack-ao-protocolo-ankr/)

- [[Nov 11, 2022] DeFi Platform DFX Finance Says it Has Been Hacked for $7.5M](https://blockchain.news/news/defi-platform-dfx-finance-says-it-has-been-hacked-for-$7.5m)

- [[Nov 11, 2022] Polychain-backed DFX Finance hacked for $7.5 million](https://www.theblock.co/post/185796/polychain-dfx-finance-hacked)

- [[Nov 9, 2022] Desenvolvimento Seguro de Contratos Inteligentes (1) - Reentrância de Código em Contratos NFT](https://www.web3dev.com.br/panegali/desenvolvimento-seguro-de-contratos-inteligentes-1-reentrancia-de-codigo-em-contratos-nft-5a59)

- [[Nov 7, 2022] Skyward Finance Reportedly Suffers $3M Exploit on Near Protocol](https://coinculture.com/au/business/skyward-finance-reportedly-suffers-3m-exploit-on-near-protocol/)

- [[Nov 4, 2022] Crypto : Les escrocs du Merge d'Ethereum (ETH)](https://www.cointribune.com/crypto-les-escrocs-du-merge-dethereum-eth/)

- [[Nov 4, 2022] Skyward Finance Suffers $3M Lost From Finance Attack](https://blog.mexc.com/skyward-finance-suffers-3m-lost-from-financial-attack/)

- [[Nov 4, 2022] Developers of pNetwork bridge drain $4.3 million from PancakeSwap in ‘white hat’ attack](https://coinmarketcal.com/en/news/developers-of-pnetwork-bridge-drain-4-3-million-from-pancakeswap-in-white-hat-attack)

- [[Nov 4, 2022] Developers of pNetwork bridge drain $4.3 million from PancakeSwap in 'white hat' attack](https://www.theblock.co/post/182969/developers-of-pnetwork-bridge-drain-4-3-million-from-pancakeswap-in-white-hat-attack)

- [[Nov 3, 2022] Hacker Steals $3 Million Worth of Tokens From Skyward Finance](https://vpnoverview.com/news/hacker-steals-3-million-worth-of-tokens-from-skyward-finance/)

- [[Nov 3, 2022] Skyward Finance Allegedly Suffers $3M Loss in Exploit](https://www.coinspeaker.com/skyward-finance-3m-loss-exploit/)

- [[Oct 31, 2022] BlockSec Debunks Rumours of $532M Smart Contract Hack](https://crypto.news/blocksec-debunks-rumours-of-532m-smart-contract-hack/)

- [[Oct 30, 2022] Hackers nab $14.5M from DeFi platform Team Finance](https://www.scmagazine.com/brief/breach/hackers-nab-14-5m-from-defi-platform-team-finance)

- [[Oct 27, 2022] DeFi platform robbed of nearly $15 million in hack](https://therecord.media/defi-platform-robbed-of-nearly-15-million-in-hack/)

- [[Oct 18, 2022] New Community-Based Security Mechanism Launched By BNB Chain To Protect Users](https://www.blockchain-council.org/news/new-community-based-security-mechanism-launched-by-bnb-chain-to-protect-users/)

- [[Oct 17, 2022] TempleDAO Hacked Funds Deposited to Tornado Cash](https://blockworks.co/news/templedao-hacked-funds-deposited-to-tornado-cash)

- [[Oct 16, 2022] Wintermute repays $92M TrueFi loan on time despite suffering $160M hack](https://cointelegraph.com/news/wintermute-repays-92m-truefi-loan-on-time-despite-suffering-160m-hack)

- [[Oct 13, 2022] Someone abused FTX’s withdrawal fee subsidy to mint $70,000 of XEN](https://www.theblock.co/post/176923/someone-abused-ftxs-withdrawal-fee-subsidy-to-mint-70000-of-xen)

- [[OCt 7, 2022] A $568 Million Hack of Binance Coin Roils Crypto Sector Anew](https://www.bloomberg.com/news/articles/2022-10-06/bnb-chain-says-bsc-temporarily-paused-on-irregular-activity)

- [[Sep 19, 2022] BlockSec detects replay exploit with ETHPoW tokens](https://www.theblock.co/post/170953/blocksec-detects-replay-exploit-with-ethpow-tokens)

- [[JULY 10, 2022] Hacker drains $1.4 million worth of ETH from NFT lender Omni](https://www.theblock.co/post/156800/hacker-drains-1-4-million-worth-of-eth-from-nft-lender-omni)

- [[JUN 17, 2022] Inverse Finance exploited again for $1.2M in flash loan oracle attack](https://cointelegraph.com/news/inverse-finance-exploited-again-for-1-2m-in-flashloan-oracle-attack)

- [[MAY 13, 2022] How to protect yourself from the recent spate of ‘crypto muggings’](https://cointelegraph.com/news/how-to-protect-yourself-from-the-recent-spate-of-crypto-muggings)

- [[May 3, 2022] Spate of Exploits Snares Rari Capital and Saddle Finance for $90M Escalation of Malicious Attacks Shows No Sign of Abating](https://finance.yahoo.com/news/spate-exploits-snares-rari-capital-091600216.html)

- [[May 1, 2022] Fei Protocol Offers $10M Bounty After $80M Rari Capital Exploit](https://decrypt.co/99103/fei-protocol-offers-10m-bounty-after-80m-rari-capital-exploit)

- [[APR 22, 2022] Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct](https://cointelegraph.com/news/hacker-bungles-defi-exploit-leaves-stolen-1m-in-contract-set-to-self-destruct)

- [[APR 22, 2022] Finance Redefined: Hacker bungles DeFi exploit, dYdx's decentralization goals, and more](https://cointelegraph.com/news/finance-redefined-hacker-bungles-defi-exploit-dydx-s-decentralization-goals-and-more)