Appears on
Articles50
Crypto Security Report: April 2022
Featuring Endo's CommonJS compatibility milestone for MetaMask's npm dependency chain, LavaMoat v6's 'a'a package naming rollout, LavaMoat's path to React Native and MetaMask Mobile, and an iCloud backup advisory for MetaMask vault data.
Crypto Security Report: May 2022
Endo's import.meta and __dirname implementations for MetaMask's module compatibility, a distributed key generation prototype snap using multi-party computation for MetaMask Flask, and the launch of MetaMask's HackerOne bug bounty program.
Crypto Security Report: June 2022
Featuring the $120,000 clickjacking bounty awarded to the UGWST, the Halborn "Demonic" vulnerability disclosure affecting browser wallets, plus the deprecation of eth_decrypt and eth_getEncryptionPublicKey.
Crypto Security Report: July 2022
Featuring LavaMoat's launch of three experimental browser security tools targeting prototype pollution and cross-realm attacks, a fake $UNI airdrop that phished over 73,000 LP addresses, and a YouTube-based MEV frontrunning bot scam.
Crypto Security Report: August 2022
Featuring Merge-themed phishing campaigns impersonating trusted entities to trick users into fake ETH 2.0 conversions, a breakdown of crypto honeypot scam mechanics, LavaMoat-style policy enforcement, and HackerOne bounty program metrics.
Crypto Security Report: October 2022
Featuring the SES v0.17.0 release landing the "quadruple backflip" evaluator refactor, Socket.dev's disclosure of npm bin script confusion attacks, LavaMoat's new global scuttling defense, and two MetaMask security talks at Devcon VI in Bogota.
Crypto Security Report: September 2022
Featuring a Consensys study on why MetaMask users fall for phishing, a CircleCI impersonation campaign that bypassed GitHub 2FA, and Twitter-promoted Ethereum Merge scam accounts impersonating Vitalik Buterin and the Ethereum Foundation.
Crypto Security Report: November 2022
Featuring LavaMoat's rollout of Snow and global scuttling to the MetaMask Extension, the case for integrating Snow into MetaMask, a Twitter Space on Snaps and self-custody after the FTX collapse, and Google Sites and Telegram trading bot scams.
Crypto Security Report: December 2022
Featuring the Lazarus Group's new AppleJeus malware in fake crypto apps, a social engineering scam netting 14 Bored Apes worth $1.07 million, LavaMoat's bin confusion mitigation, and a year-end wrap covering PhishFort takedowns and the MobyMask launch.
Crypto Security Report: January 2023
Featuring address poisoning attacks that exploit lookalike wallet addresses, a deep dive on read-only reentrancy as an emerging DeFi attack vector, LavaMoat's new LavaTube object-graph tool, and RATs hidden in fake game downloads.
Crypto Security Report: February 2023
Featuring MetaMask disabling eth_sign by default as the Monkey Drainer phishing group shuts down, a Namecheap/SendGrid breach behind MetaMask-branded phishing emails, a Google Fi SIM-swap hack, and a fake EthDenver site tied to a phishing wallet.
Crypto Security Report: March 2023
Featuring a surge in airdrop scams that exploited fake giveaway hype to phish users, ~2,400 wallets targeted before the Arbitrum airdrop, a Cloudflare Global API key warning for web3 teams, and EthDenver talks on Delegatable and JavaScript realms.
Crypto Security Report: April 2023
Featuring the scam-as-a-service that stole $27 million, MetaMask, OpenSea, and Blockaid's new transaction security feature, the multichain drainer targeting longtime crypto users, and Etherscan's move to curb address poisoning.
Crypto Security Report: May 2023
Featuring the $10 million multichain hack targeting crypto veterans, a checklist for investigating a drained wallet, an FTC alert about phishing emails, and a Hardened JavaScript conference talk.
Crypto Security Report: June 2023
Featuring the inaugural MetaMask and Wallet Guard State of Security Twitter Space, Harry Denley on smart contract security, an explainer on LavaMoat's scuttling feature, and a preview of the Menpo DeFi incident database at DeFi Security Summit.
Crypto Security Report: July 2023
Featuring pig butchering and fake mining scams, a new fake approvals scam using airdropped gas tokens, npm malware from the Lazarus Group targeting crypto developers, and MetaMask's Menpo DeFi incident database at DeFi Security Summit.
Crypto Security Report: August 2023
Featuring the launch of Seal 911, a Telegram hotline for crypto emergencies from MetaMask, Paradigm, Yearn, and Polygon, a typosquatted npm package that steals private keys, a bold new direction for Snow, and MetaMask talks at Defcon.
Crypto Security Report: September 2023
Featuring the MetaMask Snaps open beta, roughly $35 million in thefts possibly linked to Secret Recovery Phrases stored in LastPass, the Pink Drainer SIM-swap attack on Vitalik Buterin, and a calldata allowlist to curb DNS hijacking losses.
Crypto Security Report: October 2023
Featuring MetaMask and Blockaid's security alerts, the $7 million Fantom Foundation hack, EtherHiding malware stored on BNB Chain, Galxe's 110% compensation after a DNS hijacking attack, and the LavaMoat webpack plugin open beta.
Crypto Security Report: November 2023
Featuring Tether's freeze of 225 million USDT tied to a pig butchering syndicate, the $130 million Poloniex hack and its $10 million bounty, a $12.5 million crypto abduction in Montenegro, and Taylor Monahan and ZachXBT's LastPass breach investigation.
