"Meet Whit Diffie, the man who invented public key cryptography and brought encryption to the masses"
Links to the best articles, videos and podcasts about Security in the crypto space.
"Flash loans have been the center of attention lately. Recently two hackers used flash loans to attack the margin trading protocol bZx, first in a $350K attack and later in a $600K copycat attack."
"On 02/15, we have provided a transaction-level recap on the bZx hack that recently captures various headlines in DeFi-related tweets and media. There are quite a few misunderstandings circulating around about the nature of this particular hack."
"ConsenSys Diligence is a security-focused group of 30+ Ethereum engineers, auditors and researchers distributed all over the world. We have a tradition of building security tools for ourselves and the Ethereum community. Because our time is precious, we focus on creating polished, highly usable tools that are truly helpful to auditors and smart contract developers. This article introduces some of the highlights."
"an overview of key learnings, takeaways and measures that the IOTA Foundation will implement to ensure the highest security standards for all of our software development."
"The Ethereum Name Service lets users send and receive crypto effortlessly. It also makes it incredibly easy to spy on them."
"The numbers speak for themselves."
"Understanding the concept of owning Bitcoin or other cryptocurrencies can be a challenge in the beginning. These are purely digital assets and the ownership is defined by holding a secret — the private key — to access them."
"A SIM swap is a low-cost, nontechnical way for attackers to gain control of a victim’s wireless phone account. To pull off an attack, a hacker needs to know how mobile wireless carriers authenticate identity and some portion of information about their victim. Often, this only requires a victim’s phone number."
"Unfortunately, it’s ignoring the easy stuff that causes the most loss. The biggest threat to personally owned coins is the threat of impersonation and the dozens of ways attackers use impersonation to steal funds."
"We don’t talk enough about the passphrase feature, to be honest. It’s one of those things that some people are either always using or never using."
"This article addresses the Read Protection (RDP) Downgrade attack discovered in both Trezor One and Trezor Model T by the Kraken Security Labs researchers on 30 October 2019."
"In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel’s buffer overwrite countermeasures."
"This post aims to analyze the security and scalability tug-of-war of blockchain sharding in an approachable way. The necessity of committee-based sharding is discussed, along with potential pitfalls and tradeoffs in the sharding design space."
"A look back at some of the crypto hacks, scams, and arrests that happened this past year."
"A dusting attack refers to a relatively new kind of malicious activity where hackers and scammers try and break the privacy of Bitcoin and cryptocurrency users by sending tiny amounts of coins to their personal wallets. The transactional activity of these wallets is then tracked down by the attackers, who perform a combined analysis of several addresses as an attempt to identify the person or company behind each wallet."
"Thanks to superior strains of malware, 90% of ransom demands are now met—in bitcoin, the hackers’ currency of choice. Ransomware celebrates its 30th birthday."
"Thanks to Ariel Gabizon and Zac Williamson for collaborating on the post, and the authors of Marlin 9 for highlighting the attack and its importance."