Cryptospace Spotlight

1. 10 Feb - dForce DeFi protocol was drained $3.6 million due to a reentrancy attack. The reentrancy bug was present in a smart contract function used by dForce to calculate oracle prices on the Arbitrum and Optimism chains when connected to Curve Finance. [more][more-Peckshield]

2. 7 Feb - Decentralized exchange (DEX) protocol CoW Swap lost at least 550 BNB (approx. $160K) in a contract exploit that approved fund transfers from the protocol. According to CoW Swap, the exploited settlement contract only has access to the fees that the protocol collected in a week. The team said that it is unable to access user funds without an order signed by users directly. [more][more-CoW]

3. 7 Feb - The co-founder of Web3 metaverse game engine “Webaverse” said that he lost $4 million worth of tokens after meeting with scammers posing as investors in a hotel lobby in Rome. He claims the scammers could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. These scammers were somehow able to gain access while taking a photo of the wallet’s balance. [more]

4. 3 Feb - SperaxUSD, the Arbitrum stablecoin protocol, indicated that an attacker increased the token balance of the wallet address to 9.7 billion without providing the corresponding collateral. Although the Sperax team and Arbitrum ecosystem partners jointly stopped it, approximately $300,000 was liquidated. [more-SperaxUSD][more-2]

5. SlowMist analysed Monkey Drainer NFT phishing group, including its modus operandi [more]

Techwatch Select

1. OTORIO's research noted that threat actors can exploit vulnerabilities in wireless IIoT devices to gain initial access to internal OT networks. They can be used to bypass security layers and infiltrate target networks, putting critical infrastructure at risk or interrupting manufacturing. [more]

   1. The research noted critical vulnerabilities that allow attackers to remotely compromise Wireless IIoT devices with high privileges, without authentication. These vulnerabilities could provide full access to thousands of OT networks directly from the internet.

2. NIST selected ‘Lightweight Cryptography’ algorithms that can be used to protect data created and transmitted by the Internet of Things and other small electronics. [more][more-NIST]

3. Meet DAN - DAN, “Do Anything Now” or DAN-GPT is basically a hacked or jailbroken version of OpenAI’s ChatGPT. It on the same window as ChatGPT. DAN, which stands for Do Anything Now is now in its 5th generation. Reddit users discovered a way to activate a wicked alter ego of ChatGPT that can easily sneak past the rules imposed by its developer, which turns the otherwise affable chatbot into a force for evil. [more]

   1. The way to activate DAN GPT is to go to the ChatGPT window, and simply paste a few instructions in to the chatbot, that would setup ChatGPT to answer in a specific way. And then, you build up from there. 

4. Cyber Security Agency of Singapore (CSA) noted that ChatGPT is a great learning aid for everyone – including novice and aspiring hackers.[more]

5. Researchers hope to raise the alarm over the potential privacy issues around these AI models before they are rolled out widely in sensitive sectors like medicine. [more]

   1. The research showed that these AI systems can be made to regurgitate exact copies of medical images and copyrighted work by artists.

6. Generative AI’s dirty secret - The race to build high-performance, AI-powered search engines is likely to require a dramatic rise in computing power, and with it a massive increase in the amount of energy that tech companies require and the amount of carbon they emit. [more]

Tech Learning

How does ChatGPT work? [more]