Uniswap’s recently launched bug bounty program has led to the discovery of a now-fixed vulnerability of the protocol’s Universal Router smart contract. The automated market maker released two new smart contracts to its platform in November 2022. Permit2 allows token approvals to be shared and managed across different applications, while Universal Router unifies ERC-20 and nonfungible tokens (NFTs) swapping into a single swap router. Uniswap also advertised a lucrative bug bounty program to identify potential vulnerabilities in its smart contracts towards the end of 2022 as it looked to assure the safety and efficacy of its protocol. Smart contract security …

As a part of its reform of crypto regulation, Indonesia will create a crypto exchange in 2023, according to reports. The platform is planned to be launched prior to a shift of regulatory power from commodities to securities authority. On Jan. 4, the head of the Commodity Futures Trading Regulatory Agency of Indonesia (Bappebti), Didid Noordiatmoko, stated that a crypto exchange should be set up this year. The move comes as a part of broader financial reform launched in December 2022. In accordance with the reform, in the next two years, the crypto oversight will be taken from Bappebti, a …

New reports into Sam Bankman-Fried and his collapsed exchanges revealed that Alameda Research, the now-bankrupt crypto trading firm, almost collapsed in 2018, even before FTX was in the picture. A report published in The Wall Street Journal citing former employees revealed that Alameda incurred heavy losses from its trading algorithm. The algorithm was designed to make a large number of automated and fast trades. However, the firm was losing money by guessing the wrong way about price movements. In 2018, Alameda lost nearly two-thirds of its assets due to the price fall of the XRP token and was in a …

Sam Bankman-Fried has reportedly been leading a decent lifestyle while under house arrest in his parent’s home in Palo Alto — with daily jogs, a security detail, and a couple of in-home visits. However, it's not exactly a life of endless luxury either. The former FTX CEO is reportedly required to wear an ankle monitor and is only allowed to leave the house under certain circumstances, among other restrictions. The aforementioned Palo Alto home, located on the border of Stanford University’s campus is understood to be a $4 million property equipped with 5 bedrooms, 3 bathrooms, and a pool according …

The FTX collapse shook up the crypto market, and billions of dollars are currently locked up in the now-defunct crypto exchange. On top of that, FTX was such a big player that the contagion spread to other crypto players, including several trading powerhouses, popular DeFi protocols, and decentralized exchanges. Trust in the crypto ecosystem is at its lowest level. Investors are withdrawing funds from major centralized exchanges while the sales of cold wallets are up. Despite an overall gloomy mood in crypto space, one form of crypto investment remains at the height of popularity, and this is staking. Staking is …

The Bitkeep exploit that occurred on Dec. 26 used phishing sites to fool users into downloading fake wallets, according to a report by blockchain analytics provider OKLink. The report stated that the attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker. 【12-26 #BitKeep Hack Event Summary】 1/n According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker …

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims. Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects. Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, …

Leading decentralized finance (DeFi) aggregator 1inch Network announced a major upgrade — Fusion — around its 1inch Swap Engine. The Fusion upgrade aims to deliver cost-efficient, secure and profitable swaps for crypto investors. The Fusion mode in 1inch Swap Engine allows DeFi investors to place orders with a predecided price and time range without paying network fees. In addition, the upgrade includes network improvements such as updated staking contracts and tokenomics. As a decentralized trading and matching system, the 1inch Swap Engine connects DeFi users and provides liquidity for crypto trades through professional market makers. Explaining the intent behind the …

Crypto-based scams are constantly sweeping the nonfungible token (NFT) space; therefore, staying updated is the most significant way to prevent both new and existing NFT scams. Other than fraud, intense rivalry for newly minted NFTs may cause prices to rise and transaction fees to skyrocket, making them unaffordable for early supporters. Nonetheless, these issues have been solved by NFT providers by establishing whitelists or allowlists, giving special privileges and access to a newly minted nonfungible token. Before public minting begins, nonfungible token projects employ allowlists to restrict who can mint NFTs. For example, one can mint NFTs without being concerned …

Password management service LastPass was hacked in August 2022, and the attacker stole users’ encrypted passwords, according to a Dec. 23 statement from the company. This means that the attacker may be able to crack some website passwords of LastPass users through brute force guessing. Notice of Recent Security Incident - The LastPass Blog#lastpasshack #hack #lastpass #infosec https://t.co/sQALfnpOTy — Thomas Zickell (@thomaszickell) December 23, 2022 LastPass first disclosed the breach in August 2022 but at that time, it appeared that the attacker had only obtained source code and technical information, not any customer data. However, the company has investigated and …

The stories about people getting their private keys hacked or stolen are nothing new, and users have reportedly lost their life savings because of these thefts. However, in quite an anti-climax scene, a crypto user managed to save their crypto holdings despite losing the private keys. Harpie, an on-chain security firm, revealed an instance of on-chain crime drama where the good guys eventually won. One of the users in their discord group reportedly raised concerns about the suspected theft of their private keys. When the firm looked into the said customer’s wallet, someone was indeed trying to transfer funds from …

Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year. In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens. This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on …