Just launched: ZKsync, Circle, and Cyfrin’s Full-Stack Web3 Crash Course! Learn to build blockchain-powered apps in just 8 hours and kickstart your journey as a full-stack web3 developer.
Read on for the month's update from Cyfrin, security news, and industry insights.
Aderyn v0.0.35 is live, featuring Hardhat/Soldeer support, faster startup, better false positive handling, and GitHub CI integration to catch issues before merging.
And if you want to be a top security researcher, the Solodit Checklist Explained series teaches you how to:
Mantra ($5.5B): 17 wallet addresses moved $227M to exchanges, causing the OM token to plunge in value by 90%, fueling rumors of a classic rug pull and causing community outrage.
BTC ($330M): An elderly user was tricked into sending 3,520 BTC in a targeted phishing attack; funds were rapidly laundered through Monero.
UPCX ($70M): Attackers compromised the ProxyAdmin contract to add a backdoor, draining 18.4M UPC tokens. The stolen funds remain in a known wallet, unmoved, as the investigation continues.
KiloEx ($7.5M): A price oracle exploit allowed an attacker to manipulate asset prices and profit by opening and closing leveraged positions. The funds were returned, and KiloEx pledged full compensation plus a bonus APY for stakers.
Loopscale ($5.8M): A vault pricing flaw on Solana allowed an attacker to drain funds. $2.8M was later returned under a whitehat bounty deal.
BTCM App ($1M+): A logic flaw in the overPaper function is allowing hackers repeated fund withdrawals. The exploit is ongoing, with assets being transferred across chains.
49% of vulnerable smart contracts are hacked within 30 days of deployment. See why pre-deployment security is critical.
Protect your treasury with this multisig checklist to safeguard signer keys and stay audit-ready.
Master spec thinking to uncover hidden risks and speed up audits with fuzzing and formal verification.
Vitalik Buterin maps a pragmatic path for faster, more secure L2 finality by blending optimistic, ZK, and TEE proofs.
A hidden flaw in ETH validator deposits contracts could let attackers steal staked funds. Learn the defenses every developer must know.
Wallet bugs could silently drain your crypto without you even clicking.
LLMs won't replace audit tools, but can turbocharge PoC builds and reports.
Schedule your certification exam today!
Start learning smart contract development and security on Cyfrin Updraft.
Participate in competitive audits on CodeHawks.
Did someone forward you this newsletter? Subscribe here!