Web3 Cryptospace Spotlight

1. 26 Apr - Decentralized exchange (DEX) Merlin was drained of around $1.82 million from its liquidity pool due potential private key management issue. Web3 security firm, Certik, who completed an audit of the DEX just before its launch pointed to "rogue developers" for the hack [more]. CertiK indicated that its initial investigations into the hack showed that it was a potential private key management issue rather than an exploit as the root cause. [more]

2. 28 Apr - Polygon-based DeFi protocol, 0vix, lost approximately $2 million worth of digital token through flashloan attack. [more]

3. FilDA, a multi-chain lending protocol, said that it was attacked on the Elastos Smart Chain (ESC) and REI Network, resulting in a loss of approximately $700K. FilDA managed to negotiate the return of the stolen digital tokens while allowing the attacker to keep some under ‘bounty’ arrangement. FilDA noted that the team has reviewed the flaw contract code and made the attack path ineffective. [more][more-2]

4. Attackers exploited an API issue of AT&T and take control of victims' email addresses to steal cryptocurrency. [more]

5. DEX DeGate built with ZK-Rollup on Ethereum is announcing a Bug Bounty program with Immunefi for hackers to identify vulnerabilities. The program will pay out $1.11 million to a hacker who identifies a critical vulnerability in DeGate smart contract. [more]

6. Study noted that cryptocurrency scammers made of over $4 million from victims using phishing websites and Google Ads. [more]

EmergingTech Spotlight

1. Cloud Security Alliance (CSA) release a position paper that provides analysis of ChatGPT across four dimensions. It also provides clarity about managing the risks in leveraging ChatGPT, as well as identifies over a dozen specific use cases for improving cybersecurity within an organization. [more]

   1. How it can benefit cybersecurity,

   2. how it can benefit malicious attackers,

   3. how ChatGPT might be attacked directly, and

   4. guidelines for responsible usage.

2. OpenAI announced that it would allow users to turn off the chat history feature for its flagship chatbot - ChatGPT. The “history disabled” feature means that conversations marked as such won’t be used to train OpenAI’s underlying models, and won’t be displayed in the history sidebar. They will still be stored on the company’s servers, but will only be reviewed on an as-needed basis for abuse, and will be deleted after 30 days. [more]

3. Using generative AI in software development can be transformative and helps to raise productivity, but it brings potential risk and security concerns. [more]

4. Solana Labs, the company that represents the founders of and core contributors to the Solana blockchain, will be introducing an AI plugin. With the new plugin, Solana users will be able to perform various tasks through the ChatGPT user interface, including checking wallet balances, transferring tokens, and purchasing NFTs. Solana Labs hopes it will make it easier for users to navigate the Solana blockchain. [more]

5. A columnist replaced herself with AI voice and video to see how humanlike the tech can be. The AI output managed to fool the bank and her family. [more]