Cryptospace Spotlight

1. 20 Feb - Decentralized finance (DeFi) protocol Hope Finance lost roughly $2 million worth of crypto tokens at launch of protocol. The community suspected that it was a rug pull. [more]

   1. The auditor, Cognitos, indicated that the exploited smart contract was different from the one Hope Finance provided for audit. [more-audit_report]

2. 21 Feb - Jump Crypto and Oasis.app recovered $225 million worth of crypto tokens in after a successful counter exploit against the Wormhole protocol attacker. [more][more-2]

   1. Recap: Just over a year ago, the Wormhole bridge was attacked in one of the largest crypto loss events of 2022. Altogether, around 120,000 ETH was stolen — $325 million at the time.

   2. Oasis worked with a whitehat hacking group to retrieve the stolen assets. Oasis said that this recovery strategy was only possible to a “previously unknown vulnerability” in its own admin multisig access. It added that user funds have never been at risk, and insisted that it could have patched any vulnerability that was otherwise reported.[more]

3. The Financial Stability Board (FSB) today published a report on the financial stability risks of Decentralised Finance (DeFi). DeFi is commonly used to describe services in crypto-asset markets that aim to replicate some functions of the traditional financial system in a supposedly decentralised manner – though the actual level of decentralisation varies widely. [more]

4. Coinbase shared the attacker’s Tactics, Techniques, and Procedures (TTPs) after experiencing a social engineering attack. [more]

5. Crypto wallet company Dfns pointed out the vulnerability of using ‘magic links’. However, some of the companies see it as a phishing attack technique than a more severe “zero day” exploit claimed by Dfns.[more]

6. Malwarebytes cautioned crypto traders about two new malicious softwares deployed by bad actors. According to the website, the new software targets crypto traders who carry out their activities on desktops. [more]

Techwatch Select

1. Sam Altman, the CEO of ChatGPT creator OpenAI, warned about the potential potentially scary Artificial Intelligence, and urged the importance of regulating AI. [more]

2. The researchers from the Department of Energy's Pacific Northwest National Laboratory who built an abstract simulation of the digital conflict between attackers and defenders in a network. The newly created artificial intelligence (AI) system based on deep reinforcement learning (DRL) can react to attackers in a simulated environment and block 95% of cyberattacks before they escalate. [more]

3. It was noted that an alarming 87% of container images running in production have critical or high-severity vulnerabilities, up from 75% a year ago, according to the "Sysdig 2023 Cloud-Native Security and Usage Report”. The increase in vulnerabilities due to misconfigurations was largely due to the lack of security policies. [more]

4. According to a recent audit by the Pentagon’s Office of Inspector General (OIG)Department of Defense (DoD) military service branch components may be unaware of cybersecurity risks associated with operating their systems or storing data in authorized commercial cloud service offerings (CSOs) because service branch authorizing officials (AOs) have failed to review all required documentation. [more]

5. Security researchers warned that adversaries are executing several new Windows and Android phishing campaigns using ChatGPT to trick users into downloading malware and handing over their credit card details. [more]

TRG Learn

What is DeFi? [more]