• English
  • 简体中文
  • 繁體中文
  • Tiếng Việt
  • ไทย
  • Indonesia
Subscribe
Real-time News
On July 16th, it was reported that Alibaba is integrating its Agent product line: based on QoderWork, it will integrate the capabilities of Wukong and MuleRun, upgrading them into a more powerful AI product for enterprise productivity scenarios. The new product is being overseen by Chen Yusen. Alibaba responded that existing QoderWork, Wukong, and MuleRun products and services will be seamlessly upgraded in the future, and all user rights will not be affected.According to the Financial Times, Chinese AI startup Dark Side of the Moon plans to release Kimi K3 in the coming days. The model, with parameters ranging from 2 to 3 trillion, will be Chinas largest AI model to date.July 16th - Subsidies in the housing market are increasingly being rolled out across the country. According to incomplete statistics, since the beginning of this year, over 20 provinces and cities nationwide, including Guangdong, Hubei, Guizhou, Yunnan, Chengmai County in Hainan, Lhasa in Tibet, Huaian in Jiangsu, Jinjiang in Fujian, and Urumqi in Xinjiang, have introduced housing subsidy policies. The biggest change in these policies is the shift from a universally applicable approach to targeted subsidies to more specific groups. Housing subsidies are becoming increasingly refined and differentiated within the housing market regulation toolbox. The biggest beneficiaries of these targeted subsidies remain high-level talent. For example, Huangpu District in Guangzhou has introduced a talent housing subsidy policy, offering subsidies of 100,000 yuan, 150,000 yuan, 250,000 yuan, and 300,000 yuan respectively to eligible undergraduates (or senior technicians), masters degree holders (or associate senior professional titles, special-grade technicians), doctoral degree holders (or senior professional titles, chief technicians), and postdoctoral fellows who have worked in the district within one year of completing their postdoctoral research.New Zealands National Emergency Management Agency has issued a tsunami warning for coastal areas following a 6.3-magnitude earthquake in the Fiordland region.Kremlin: The difficulties facing the Russian economy are not critical, and macroeconomic stability is guaranteed.

CertiK Crypto Report Counts $2.9B in Assets Stolen in 2022

Cory Russell

Oct 10, 2022 11:57

微信截图_20221010101057.png


Cryptocurrency security company CertiK wants you to be aware that it is not secure. The most recent analysis from the organization explores the murky underbelly of the world of digital assets in 2022.


Sadly, the dark underbelly of the industry is more powerful than crypto enthusiasts would want to accept. In only the first three quarters of the year, cyber thieves have seized over $2.9 billion. Additionally, CertiK claims that the methods used by these crooks are only improving.


According to CertiK's mid-year study released at the end of June, cryptocurrency thieves were on pace to siphon off about $1 billion in assets per quarter. As of today, when they released their third-quarter report, it is proving to be true. But the study contains a wealth of information beyond the startling figures on the front. In the previous three months, the firm has recorded 171 escapades. Decentralized finance (DeFi) flash loan assaults and rug-pull scams are only two examples of the vulnerabilities that may be used to steal from projects from inside. The analysis also finds that while being rare, multi-chain attacks have easily caused investors the greatest harm. Only six vulnerabilities were used in Q3 across different chains, yet they are responsible for more than $440 million of the $504 million in theft.


The rise in rug-pull or "exit" frauds in Q3 is one particular finding in this study that merits special attention. 89 scams were reported to have stolen $37 million in the company's Q2 report; in the Q3 report, 98 of these scams took a total of $57 million, a 54% increase. Hugh Brooks, Director of Security Operations at CertiK, explains to InvestorPlace that despite being simple to carry out, these frauds are not going out of style in the middle of a market slump. As Brooks warns investors, "A project being unaudited should raise a significant red alert." "A project could provide a novel approach to a problem or fill a market need, but if it puts your money at risk, it usually isn't a very smart investment."

As report case studies demonstrate, audits are not a panacea.

An exit fraud is one difficulty, but as CertiK notes, they only make up a small portion of 2022's losses.


Projects get a seal of approval from audits, which also provide confirmation that the smart contracts for the project are not in jeopardy. They are not, however, a failsafe method of project security.


The Slope wallet, Wintermute market maker, and Nomad bridge's respective adventures are three of the biggest ones from the quarter, according to CertiK's research. The $8 million in damages suffered by Slope were caused by a flaw in the way the seed words for users' wallets were kept. Once these words were discovered, hackers were able to steal money from victims' wallets one at a time. The creators of Wintermute made the decision to build its market maker on a wallet address that reduces transaction gas costs, which led to the game's vulnerability. Transactions required less CPU resources to settle when addresses had a lot of zeros in them. However, this choice of address allowed a hacker to quickly open the wallet. The losses suffered by Nomad are the result of hackers taking advantage of a weakness in the process of moving assets from one chain to another.


According to Brooks, "[The projects'] losses were not brought on by flaws in the audited smart contract code." In fact, the smart contracts for Wintermute and Nomad have both been reviewed and fixed. They yet fell prey to two of the greatest hacks of the year.

Projects to Secure Web 3.0: Next Steps

These three instances show that audits are insufficient to address an issue that is just becoming worse as time passes. Auditing is a crucial first step, according to Brooks. But a genuine commitment to security also calls for continuing testing, hardening, and monitoring techniques after implementation.


The issue of exit frauds is real. They keep stealing money from investors. However, as Brooks notes, they don't pose the same threat as the more profitable code attacks. The overall market slump has decreased asset prices and reduced the influx of novice investors, who are more prone than average to become victims of an exit scam.


While rug-pullers continue to use the same old techniques, hackers are growing more sophisticated. Rug-pullers rely on a steady supply of less experienced investors to approach them. On the other side, hackers are targeting large projects with many wallets and high liquidity, which makes them a larger danger to the whole crypto ecosystem.


As a result, according to Brooks, initiatives must do more than just get a smart contract audit. "The sector is developing at an incredible rate. To safeguard users and encourage the creativity that makes this sector so unique, we must enhance the degree of security across the whole Web3 ecosystem if we want this pace to continue. Additionally, CertiK notes in its report that it is striving to compile a group of tools and resources for projects that go beyond the straightforward tasks of auditing and into the world of real-time monitoring and bug hunting.