Sign in Subscribe

This Week's Security News: Radiant Capital $50M Exploit, Ambient Finance Website Compromised

This Week's Security News: Radiant Capital $50M Exploit, Ambient Finance Website Compromised

Security 👾

SlowMist published Compound V2 security measures
  • Dedaub launches "Security Suite", providing Ethereum-compatible decompilation, monitoring, verification, and transaction simulation for contract analysis and secure testing.
    • Web3Builder news is supported in part by Dedaub

Radiant Capital $50 million exploit

Suffered a sophisticated attack resulting in a $50 million loss due to a malware injection targeting developers' hardware wallets.

The malware compromised the Safe (formerly Gnosis Safe) front-end, displaying legitimate transaction data while executing poisoned transactions in the background.

This incident occurred during a routine multi-signature emissions adjustment process, highlighting the vulnerability even during seemingly standard operations.

P719 $328,000 exploit

A staking project on Binance Smart Chain (BSC), lost $328,000 due to a misimplemented token trade function.

The exploit involved manipulating the token price by exploiting a discrepancy in the buy and sell functions.

Morpho Labs $230,000 exploit

Experienced a $230,000 loss in its PAXG/USDC market due to a misconfigured oracle that priced gold at an astronomical $2.6 trillion.

The exploit occurred when an attacker supplied $350 in PAXG and withdrew $250K using the mispriced gold value.

The misconfiguration stemmed from a mismatch in decimal places between USDC (6 decimals) and PAXG (18 decimals).

Security monitoring likely focused on reference prices, missing the post-calculation oracle price, allowing the exploit to go unnoticed.

Robust decentralized systems like Morpho require precise setup and real-time risk monitoring to prevent such incidents.

Ambient Finance Website Compromised

The Ambient Finance website domain has been hijacked and compromised.

The issue is limited to the frontend; Ambient contracts and funds remain safe.

Avoid visiting the website, connecting your wallet, or signing any transactions until further notice.

SlowMist reported increase in phishing attacks

Reported a significant increase in phishing attacks, particularly those using "permit" phishing signatures

These attacks resulted in approximately $40 million in losses, emphasizing the need for user vigilance and education around phishing techniques.

Like this content? Subscribe to stay up to date.

Subscribe to Web3Builder.news

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe