In this episode we discussed how Coinbase was issued a Wells notice from the SEC. Do Kwon was arrested with fraud charges. Euler Finance, a permissionless borrowing and lending protocol on Ethereum, was the victim of a flash loan attack. Cross-chain Web3 platform Poolz Finance lost $390,000 to a hacking incident on Mar. 16. General Bytes experienced a security incident on March 17 and 18 that enabled a hacker to remotely access the master service interface and send funds from hot wallets. We also discussed a few different crypto wallet vendor vulnerabilities.

In this episode we discussed how North Korea-linked cybercrime syndicate Lazarus Group has reportedly transferred $63.4 million in Ethereum from 2022’s mammoth Harmony bridge hack. Advertisements on popular search engines like Google have been used to serve malware to unsuspecting users. The founder of cryptocurrency exchange Bitzlato was arrested and charged with processing $700 million in illicit funds. The U.S. Department of Justice (DOJ) has concluded a months-long disruption campaign, in cooperation with the Federal Bureau of Investigation (FBI), against crypto ransomware group Hive Network, preventing victims from losing $130 million in ransoms.

In the episode we discussed a report that Immunefi put out regarding crypto losses in 2022. One of the original core developers of Bitcoin, Luke Dashjr, claimed that someone stole 216 BTC from them. A class action lawsuit has been filed against Last Pass that alleges that the data breach against Last Pass resulted in loss of crypto. The CFTC filed charges against the Mango Markets hacker. Crypto and banking apps are being targeted by the "GodFather" malware. Multiple major hacks against individuals occurred over the past month.

In this episode we talked about how FTX co-founder and former CEO Sam Bankman-Fried has been arrested. Lodestar Finance was hacked for $6.9 million. FTX apparently stored wallet private keys unencrypted. A new phishing campaign that creates similar wallet addresses to victim wallets was discussed. CoinTracker suffered a data leak of user information. Gemini warned of potential phishing messages targeting its users.

In this episode we gave an update on the FTX collapse. A crypto scammer was sentenced to 18 months in prison. Ankr was victim to a potential private key compromise. An investor was hacked for $42 million in crypto. Attackers have bypassed Coinbase and Metamask 2FA via TeamViewer fake support chats. Infura made a change in their privacy policy that appears to state they are collecting Metamask Users' IP addresses. We also talked about how ChatGPT can be used to find vulnerabilities in smart contracts.   00:00 - 2022-12-02 | CoinSec Podcast Ep 72 01:48 - Story # 1: FTX Update https://www.forbes.com/sites/mariagraciasantillanalinares/2022/12/02/bankman-frieds-complex-explanation-points-to-comingled-funds-on-ftx/ 09:15 - Story # 2: Crypto Scammers Sentenced to 18 Months in Prison https://tech.hindustantimes.com/tech/news/crypto-scammer-in-geniuses-hack-gets-18-months-in-prison-71669977845605.html 15:21 - Story # 3: Ankr “Infinite Mint” Hack https://decrypt.co/116268/binance-pauses-withdrawals-amid-5m-ankr-hack 19:03 - Story # 4: FTX Attacker Fund Movement https://twitter.com/zachxbt/status/1597605409883566080 22:14 - Story # 5: Bo Shen Hacked for $42 million https://decrypt.co/115420/fenbushi-founder-bo-shen-loses-42m-stablecoins-bitcoin-ethereum-hackers 25:50 - Story # 6: Attackers Bypass 2FA on Coinbase and Metamask via Teamviewer https://www.bleepingcomputer.com/news/security/attackers-bypass-coinbase-and-metamask-2fa-via-teamviewer-fake-support-chat/ 31:49 - Story # 7: Infura Collecting MetaMask Users’ IP, Ethereum Addresses After Privacy Policy Update https://decrypt.co/115486/infura-collect-metamask-users-ip-ethereum-addresses-after-privacy-policy-update 38:57 - Story # 8: ChatGPT for Finding Smart Contract Vulns https://twitter.com/gf_256/status/1598104835848798208

In this episode we gave an update on the FTX collapse. A crypto scammer was sentenced to 18 months in prison. Ankr was victim to a potential private key compromise. An investor was hacked for $42 million in crypto. Attackers have bypassed Coinbase and Metamask 2FA via TeamViewer fake support chats. Infura made a change in their privacy policy that appears to state they are collecting Metamask Users' IP addresses. We also talked about how ChatGPT can be used to find vulnerabilities in smart contracts.   00:00 - 2022-12-02 | CoinSec Podcast Ep 72 01:48 - Story # 1: FTX Update https://www.forbes.com/sites/mariagraciasantillanalinares/2022/12/02/bankman-frieds-complex-explanation-points-to-comingled-funds-on-ftx/ 09:15 - Story # 2: Crypto Scammers Sentenced to 18 Months in Prison https://tech.hindustantimes.com/tech/news/crypto-scammer-in-geniuses-hack-gets-18-months-in-prison-71669977845605.html 15:21 - Story # 3: Ankr “Infinite Mint” Hack https://decrypt.co/116268/binance-pauses-withdrawals-amid-5m-ankr-hack 19:03 - Story # 4: FTX Attacker Fund Movement https://twitter.com/zachxbt/status/1597605409883566080 22:14 - Story # 5: Bo Shen Hacked for $42 million https://decrypt.co/115420/fenbushi-founder-bo-shen-loses-42m-stablecoins-bitcoin-ethereum-hackers 25:50 - Story # 6: Attackers Bypass 2FA on Coinbase and Metamask via Teamviewer https://www.bleepingcomputer.com/news/security/attackers-bypass-coinbase-and-metamask-2fa-via-teamviewer-fake-support-chat/ 31:49 - Story # 7: Infura Collecting MetaMask Users’ IP, Ethereum Addresses After Privacy Policy Update https://decrypt.co/115486/infura-collect-metamask-users-ip-ethereum-addresses-after-privacy-policy-update 38:57 - Story # 8: ChatGPT for Finding Smart Contract Vulns https://twitter.com/gf_256/status/1598104835848798208

In this episode we primarily talked about the collapse of major cryptocurrency exchange FTS. We also talked about how Crypto.com accidentally sent $400 million to the wrong wallet address. Deribit was hacked for $28 million. Skyward Finance was hacked for $3 million. 50,000 BTC were confiscated from a hacker who allegedly stole them from the Silk Road.

In this episode we discussed how Bitkeep was exploited for $1 million. Hackers who stole funds from Transit Finance, Moola Market, and Mango Market have returned some of the stolen funds. A bug in the smart contract code for the Ethereum Alarm Clock service was exploited for nearly $260,000. After the feds seized $311 million in BTC the funds were stolen back due to an apparent private key compromise. A popular MEV bot was hacked for $1.45 million.

Ethereum has successfully transitioned to a Proof-of-Stake consensus mechanism. A vulnerability was discovered in the Profanity vanity address generator that may allow attackers to drain funds from wallets that used it. Wintermute was hacked for $160 million. Shiba Inu developers posted AWS credentials to a public Github repository. SudoRare appears to have disappeared with $800,000 in an apparent rug pull. OptiFi accidentally locked $661,000 in user funds. FBI has put out a warning to DeFi platforms to beef up security.

In this episode we talked about how attackers are leveraging Google Sites and Azure App Services for crypto-related phishing. Chainalysis released a mid-year report indicating that scams are down, but hacks are up. Acala Network was exploited for $1.6 million. Velodrome Finance said that an insider stole $350k. CelerNetwork suffered a DNS hijack. PolySwarm launched token rewards to crowdsource cybersecurity with crypto.

In this episode we were joined by guests from AnChain.ai who talked about their upcoming CTFs they are putting on. Tornado Cash has been sanctioned by OFAC. We talked about the repercussions of these sanctions. We discussed a phishing attack against DeBridge Finance employees. NEAR Protocol revealed that SMS and email data that was used as wallet recovery options were leaked to a third party in June. Curve Finance was hacked via a DNS hijack. Ethereum's Proof of Stake merge is getting closer!

In this episode of the CoinSec Podcast we talked about the $190 million Nomad bridge hack. Users of the Solana wallet Slope found that their tokens were being sent without authorization resulting in $6 million in losses across 9000 wallets. ZBExchange was drained for nearly $5 million. We discussed critical vulnerabilities discovered in Moonbeam and Strips finance. Our CoinSec Discord has new bots that are for assisting in blockchain threat intel.

In this episode of the CoinSec Podcast we talked about the $190 million Nomad bridge hack. Users of the Solana wallet Slope found that their tokens were being sent without authorization resulting in $6 million in losses across 9000 wallets. ZBExchange was drained for nearly $5 million. We discussed critical vulnerabilities discovered in Moonbeam and Strips finance. Our CoinSec Discord has new bots that are for assisting in blockchain threat intel.

In this episode we talked about a $3.5 million theft from the Solana stablecoin Nirvana via a flash loan attack. The music-related token Audius was hit by a governance takeover. Premint's website suffered an issue where it appeared that malicious JavaScript was being injected into the site, causing malicious wallet requests to visitors of the site. A sophisticated phishing attack targeting Uniswap users was discussed. Metamask has updated their browser extension to display the implications of token approval transactions.

In this episode we talked about a $3.5 million theft from the Solana stablecoin Nirvana via a flash loan attack. The music-related token Audius was hit by a governance takeover. Premint's website suffered an issue where it appeared that malicious JavaScript was being injected into the site, causing malicious wallet requests to visitors of the site. A sophisticated phishing attack targeting Uniswap users was discussed. Metamask has updated their browser extension to display the implications of token approval transactions.

In this episode we are joined by special guest Steven Walbroehl from Halborn Security to discuss a critical wallet vulnerability they discovered. A law firm served a hacker with a restraining order via NFT. ApolloX had a bug in their network's trading rewards contract that resulted in an attacker stealing $2.8 million. Inverse Finance was hit for a 2nd time this year via an Oracle Manipulation attack. GYM Network had a function that lacked caller verification that resulted in a hack of $2.1 million. Osmosis Exchange was hacked for $5 million. Maiar Exchange was brought offline after a $113 million hack of the Elrond virtual machine. Wintermute made a mistake when attempting to receive airdropped Optimism governance tokens that resulted in the loss of around $27.6 million.

In this episode we discussed Solana network downtime due to a bug that led to non-determinism resulting in a lack of consensus. A former OpenSea employee was arrested after being accused of using his knowledge of which NFTs would be featured on the site's home page to make financial gain. Mirror Protocol was hacked for $90 million. Internet sleuth ZachXBT posted a thread allegedly revealing that the Animoon NFT project was a rug pull. The World of Solana team was able to recover some NFTs that were stolen via scams. We discussed crypto-related puzzles including the ongoing Phrazeboard puzzle as well as an amazing, augmented reality game puzzle created by the SheetFighter NFT project.

A phishing attack targeting users of popular crypto data sites like Etherscan and CoinGecko was found that uses CoinZilla ad networks. Two lending platforms, Venus Protocol on BSC and Blizz Finance on Avalanche, have been drained of $13.5 and $8.3M, respectively. NeorderDAO had a private key compromise. The popular Mee6 Discord bot was compromised and used to post scam messages in high profile Discord servers.

In this episode we discussed the $UST (Terra Luna) depeg issue that is ongoing. Multiple hacks were discussed this week including FEI Rari, Saddle Finance, Deus DAO, MMFinance, and Fortress protocol. An Internet sleuth helped track down stolen funds for person. A vulnerability was discovered in Everscale wallet. OpenSea's Discord was hacked. NiceHash found a way to bypass Nvidia's LHR protection that prevents miners from leveraging the hardware to its full capabilities.

In this episode we discuss Axie Infinity's Ronin Bridge hack and how it has been tied to the North Korean Lazarus group. An Ethereum developer has been imprisoned for helping North Korea evade sanctions. Tornado Cash has implemented a measure to help block OFAC-sanctioned addresses. Elephant Money and Beanstalk Farms were both hacked. Metamask has issued a warning regarding iCloud backups. A critical Cross-Site Scripting (XSS) bug was found in Rarible's website.

In this episode we covered hacks against Agave, Hundred, Deus Finance, and Paraluni. The Bitcoin mixing tool CoinJoin announced that it will block transactions associated or flagged as illegal. Malicious NPM packages are being used to compromise Discord servers. $APE token was dropped and immediately an attacker performed a flash loan attack.

In episode 58 we discussed an executive order signed by U.S. president Joe Biden calling on the government to examine the risks and benefits of cryptocurrencies. Bacon Protocol reportedly lost $1 million due to a reentrancy vulnerability. Fantasm Finance was hacked for $2.7 million. The Pirate X staking contract was attacked. Fake Nvidia GPU mining software turned out to be malware.

In episode 57 we discussed how some investigative journalism was performed in which the potential identity of the DAO hacker was discovered. An OpenSea-based phishing attack was successful in stealing $1.7 million worth of NFTs. Canada attempted to freeze at least 34 crypto accounts related to the Freedom Convoy protests. We covered crypto issues related to Russia's war against Ukraine. Bitmex founders pleaded guilty to bank secrecy act violations.

In episode 56 we discussed Optimism paying out a $2 million bug bounty. A BGP hijack occurred in South Korea and the KLAYswap platform was affected for roughly $1.9 million. IRA Financial Trust was hacked for $36 million. The ArrowDAO founder explains an elaborate scam targeting him. Department of Justice beefs up efforts to combat criminal use of cryptocurrencies. Twitter user Tree_of_Alpha reported vulnerabilities to both CoinDesk and Coinbase.

In episode 56 we discussed Optimism paying out a $2 million bug bounty. A BGP hijack occurred in South Korea and the KLAYswap platform was affected for roughly $1.9 million. IRA Financial Trust was hacked for $36 million. The ArrowDAO founder explains an elaborate scam targeting him. Department of Justice beefs up efforts to combat criminal use of cryptocurrencies. Twitter user Tree_of_Alpha reported vulnerabilities to both CoinDesk and Coinbase.

In episode 56 we discussed Optimism paying out a $2 million bug bounty. A BGP hijack occurred in South Korea and the KLAYswap platform was affected for roughly $1.9 million. IRA Financial Trust was hacked for $36 million. The ArrowDAO founder explains an elaborate scam targeting him. Department of Justice beefs up efforts to combat criminal use of cryptocurrencies. Twitter user Tree_of_Alpha reported vulnerabilities to both CoinDesk and Coinbase.

In episode 56 we discussed Optimism paying out a $2 million bug bounty. A BGP hijack occurred in South Korea and the KLAYswap platform was affected for roughly $1.9 million. IRA Financial Trust was hacked for $36 million. The ArrowDAO founder explains an elaborate scam targeting him. Department of Justice beefs up efforts to combat criminal use of cryptocurrencies. Twitter user Tree_of_Alpha reported vulnerabilities to both CoinDesk and Coinbase.

In 2016, Bitfinex was hacked, and 120,000 Bitcoin were stolen. A New York couple was arrested and charged with laundering $4.5 billion in connection with the Bitfinex hack. Meter.io was hacked for $4.4 million. The Superfluid contract on QiDao was hacked for $8.7 million. EarnHub was hacked due to a logic error in their contract. Dego Finance was hacked for $10 million due to an alleged private key compromise.

In this episode we discussed the Wormhole exploit that resulted in $323 million being stolen. We also discussed an $80 million hack against Qubit Finance. A person was apparently phished where they accepted token approvals on their behalf and lost $2.7 million in NFTs. SMS phishing attacks are up for Binance users. We also discussed various physical attacks such as a case where a man drugged his father to get access to his Bitcoin.

In this episode of the podcast we were joined by Tal Be'ery, Co-Founder & CTO of ZenGo. We discussed the ongoing attacks against Multichain. OpenSea continues to have listing issues resulting in NFTs being purchased for way lower than floor prices. Some Crypto.com users were hacked for around $30 million. A price oracle manipulation attack happened to the Float Protocol Pool 90 on Rari Capital. Crypto YouTuber's accounts are being hacked. $2 million was recovered from a Trezor.

In episode 52 we were joined by Jack Rhysider from Darknet Diaries. He gave us additional insight into a story we covered in episode 44 around Coinbase accounts getting hacked. We also talked about a $1 million bug bounty that was paid out by Notional. DefiDollar successfully stopped a smart contract attack by having an early warning system in place that detected a malicious contract. LCX was hacked for $7.94 million in a hot wallet compromise. North Korean hackers are targeting crypto startups. Rarible is creating a tool to block risky NFT sales. Fees.wtf was hit by bots that drained their liquidity pool during their token launch.

2022 is already starting off hot for crypto hacks, scams and rug pulls. We recap 2021 as $14 billion were stolen in crypto-related incidents. A follow-up from episode 50 in regard to Polygon hard forking due to a critical bug was discussed. Norton Anti-virus has added a cryptomining feature to its Norton 360 software. Tinyman was hacked for $3 million. The first week of the new year saw rug pulls from Arbix Finance, $YEAR token, and Doodled Dragons NFT. A new smart contract auditing tool called SAILFISH claims to discover new vulnerabilities. $2.2 million in Bored Apes were frozen on OpenSea after being stolen. Steve walks us through a demo on how to recover/crack your lost wallet password.

In episode 50 we discussed the Helium network, how to mine HNT, and a hack for getting a miner. Multiple Discord hacks happened to various NFT projects. Grim Finance, Bent Finance, and Visor all dealt with hacks. Polygon silently hard forked.

In this episode of the CoinSec Podcast we talked about the critical Log4J issue and how that may affect crypto-related software. BadgerDAO was compromised for $120 million due to an attacker gaining CloudFlare API access. Four different private key compromise stories were discussed in this episode for Vulcan Forged, AscendEX, Bitmart, and 8ight. MonoX was hacked for $31 million due to a smart contract vulnerability. Also, a man accidentally sold a Bored Ape for $3k instead of $300k.

MediaMarkt was infected with Hive Ransomware preventing their cash registers from accepting credit cards. More than 5 million email addresses were stolen in a hack on Robinhood. A man threatened to burn down the Upbit Exchange. Blizzard Network was allegedly hacked by a malicious insider for $1 million. The ConstitutionDAO failed to purchase a copy of the US Constitution. Samczun created a CTF that included a 0-day in Etherscan.

In episode 47 we talked about two separate rug pulls that happened recently. Also, a number of fake Metamask and Phantom wallet extensions have been on the rise. We discussed potential vulnerabilities in smart contracts written for NFTs. BZX appeared to have a private key compromise resulting in the loss of over $53 million. Show Notes at: https://coinsecpodcast.com/Episode-47-7e704784114442c1aef28d62ae6a96b2

In this episode we are joined by Mudit Gupta of SushiSwap to help break down the latest CREAM Finance hack. We explore how multiple Discord servers related to NFTs have been compromised recently. Police seized 48 BTC from a UK-based 16-year-old. We talk about how attackers are leveraging a custom administrative panel for phishing Coinbase credentials, including MFA. 3.1 million email addresses were leaked for users of CoinMarketCap. Facebook pushes for a metaverse and rebrands to "Meta". Show Notes at: https://coinsecpodcast.com/Episode-46-562f5685ce6e490bafe66e8dbbbf1d4a

In this episode we talked about the largest crypto-related bug bounty payout ever. Compound accidentally sent millions in rewards due to a bug. StakeSteak left private keys on a Github repo resulting in compromise. A vulnerability was discovered in Rocketpool & Lido that would allow an ETH 2.0 node operator to perform front-running attacks against stakers. Indexed Finance, Pancake Hunny, and CreatureToadz all had security issues this week. We also discussed the potential for malicious NFTs and how they could be used to attack users on OpenSea. Show Notes at: https://coinsecpodcast.com/Episode-45-6a8c7733f17b4cec8358ddeb92887a4f 00:00 - CoinSec Podcast Ep 45 – https://coinsecpodcast.com/Episode-45-6a8c7733f17b4cec8358ddeb92887a4f 01:23 - Story # 1: https://cointelegraph.com/news/crypto-market-cap-hits-new-all-time-high-as-btc-eth-soar 04:34 - Story # 2: https://decrypt.co/83997/polygon-dodges-850m-hack-pays-record-2m-bounty 11:38 - Story # 3: https://decrypt.co/82499/compound-exploit-drains-21m-from-lending-protocol 15:16 - Story # 4: https://stakesteak.medium.com/10-4-post-mortem-82edf38b0064 20:09 - Story # 5: https://medium.com/immunefi/rocketpool-lido-frontrunning-bug-fix-postmortem-e701f26d7971 24:30 - Story # 6: https://rekt.news/indexed-finance-rekt/ 41:57 - Story # 7: https://ownsnap.com/pancake-hunny-hunny-crashes-50-as-it-faces-token-leaks-in-pools/ 51:33 - Story # 8: https://thedrop.beehiiv.com/p/creature-toadz-hacked 55:58 - Story # 9: https://research.checkpoint.com/2021/check-point-research-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/

In episode 44 we talked about Bitcoin.org being compromised to redirect people to a scam. A Compound bug caused excess rewards to be sent out. pNetwork and VeeFinance were both hacked for millions of dollars. A malicious browser extension called Safepal was discussed. The largest bug bounty ever was paid equaling $1,050,000. We discussed an issue in SMS-based MFA resulting in theft from Coinbase users. Lastly, we talked about the many crypto-related puzzles currently available to participate in. Show Notes at: https://coinsecpodcast.com/Episode-44-216ff3b62e21423c8be6e7134cca983b   00:00 - CoinSec Podcast 44 03:33 - Story # 1: https://decrypt.co/81612/bitcoin-org-compromised-fraudulent-crypto-giveaway-advertised 07:38 - Story # 2: https://twitter.com/dafthack/status/1439348515986104323?s=21 11:47 - Story # 3: https://www.rekt.news/overcompensated/ 19:22 - Story # 4: https://decrypt.co/81301/defi-bridging-protocol-pnetwork-suffers-12-million-hack 24:40 - Story # 5: https://rekt.news/veefinance-rekt/ 27:05 - Story # 6: https://www.bleepingcomputer.com/news/security/malicious-safepal-wallet-firefox-add-on-stole-cryptocurrency/ 32:15 - Story # 7: https://medium.com/immunefi/belt-finance-logic-error-bug-fix-postmortem-39308a158291 38:02 - Story # 8: https://twitter.com/electroneum/status/1440269750215479301?s=19 41:56 - Story # 9: https://www.bleepingcomputer.com/news/security/hackers-rob-thousands-of-coinbase-customers-using-mfa-flaw/ 49:09 - Crypto Puzzles!

In this episode we discuss one of the first major exploits on the Avalanche blockchain in Zabu Protocol. Some fake news surrounding Litecoin being accepted as payment at Wal-Mart was spread by major news outlets. An attack on Ethereum managed to trick some nodes into following a fake chain. Solana had a major denial-of-service issue. NowSwap was hacked resulting in the loss of over $1 million. Gelato had a front-running issue during its token sale. SushiSwap's token platform MISO was attacked via a supply chain attack. Show Notes: https://coinsecpodcast.com/Episode-43-4bbec4a6843e4a279d3e42d9d45354e1 00:00 - CoinSec Podcast 43 03:41 - Story # 1: https://www.coindesk.com/tech/2021/09/13/avalanche-based-zabu-finance-exploited-in-32m-hack/ 08:03 - Story # 2: https://hypebeast.com/2021/9/litecoin-walmart-partnership-rumors-surge-and-crash 12:20 - Story # 3: https://www.theblockcrypto.com/linked/117637/unsuccessful-attack-on-ethereum-managed-to-trick-a-few-nodes 15:24 - Story # 4: https://finance.yahoo.com/news/solana-mainnet-finally-back-online-121733288.html 23:28 - Story # 5: https://coingape.com/defi-hack-alert-nowswap-losses-over-1-million-in-cyber-attack/ 25:46 - Story # 6: https://stockhead.com.au/cryptocurrency/gelato-network-customers-out-in-the-cold-as-front-runners-snatch-about-us8m-in-tokens-for-us1-5m/ 32:54 - Story # 7: https://decrypt.co/81120/sushiswaps-token-launchpad-hacked-over-3m-ethereum 38:49 - Story # 8: https://github.com/LavaMoat/LavaMoat 44:27 - Story # 9: https://start.blockchainhax.com/

In this episode of the CoinSec Podcast Steve Borosh (@424f424f) show how to track transactions using BitQuery. We talk about Miner Exctractable Value (MEV) and some potential protection mechanisms. DAOMaker was hacked for a 2nd time. Mastercard acquired CipherTrace. A contract analysis tool called TokenSniffer was discussed as well.

C.R.E.A.M. v1 market on Ethereum suffered an exploit draining $18.8 million. Bilaxy Exchange was hacked for $21 million. X-Token's xSNX smart contract was exploited with an estimate $4.5 million lost. Banksy was warned about a vulnerability in website prior to exploitation resulting in NFT scam. Steve shows off his PancakeSwap market prediction bot. Beau shows a new Blockchain Hacking QuickStart Guide he created at https://start.blockchainhax.com.  00:00 - CoinSec Podcast Ep 41 : https://coinsecpodcast.com/Episode-41-2f0413737fef4ba5833e9f246162bf70 04:07 - Story # 1: https://twitter.com/electroneum/status/1431620290967216131 09:53 - Story # 2: https://cointelegraph.com/news/cream-finance-defi-platform-loses-19m-in-a-flash-loan-hack 17:07 - Story # 3: https://cointelegraph.com/news/bilaxy-exchange-suspends-website-after-erc-20-hot-wallet-hack 19:44 - Story # 4: https://www.rekt.news/xtoken-rekt-x2/ 25:21 - Story # 5: https://www.bbc.com/news/technology-58437753 32:01 - LINK: Carnac https://github.com/rvrsh3ll/Carnac 41:32 - BlockchainHAX QuickStart Guide: https://start.blockchainhax.com/ 44:32 - Getting Started in Blockchain Security & Smart Contract Auditing: https://register.gotowebinar.com/register/3816384386435465995   Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/

Geth version 1.10.7 and older has a vulnerability currently being exploited that split Ethereum's chain. Poly Network has announced that they have regained control of all stolen funds. Potential rug pull in Luna Yield protocol. Maze Protocol hack investigation update. Antinalysis Bitcoin tracing tool. Big tech companies to spend billions on cybersecurity. A vulnerability was patched in an OpenZeppelin library. Show Notes: https://coinsecpodcast.com/Episode-40-214c586a59434780bbc2d325649bf86f 00:00 - CoinSec Podcast Episode 40 01:05 - LINK: https://coinsecpodcast.com/Episode-40-214c586a59434780bbc2d325649bf86f 01:26 - Story # 1: https://www.bleepingcomputer.com/news/security/ethereum-urges-go-devs-to-fix-severe-chain-split-vulnerability/ 09:54 - Story # 2: https://medium.com/poly-network/poly-network-asset-recovery-complete-a7ba33c2f2e4 12:31 - Story # 3: https://www.coindesk.com/markets/2021/08/20/solanas-luna-yield-goes-dark-with-some-fearing-a-rug-pull-involving-67m/ 17:56 - Story # 4: https://blog.mazeprotocol.com/an-aftermath-update-a1ee7b24468c 20:49 - Story # 5: https://decrypt.co/79331/dark-web-tool-dirty-bitcoin-returns-after-shutdown?utm_source=twitter&utm_medium=social&utm_campaign=auto 25:28 - Story # 6: https://www.cnbc.com/2021/08/25/google-microsoft-plan-to-spend-billions-on-cybersecurity-after-meeting-with-biden.html 35:47 - Story # 7: https://twitter.com/OpenZeppelin/status/1430999829748932614 42:58 - Story # 8: https://decrypt.co/79459/brazilian-police-carry-out-record-cryptocurrency-seizure?utm_source=twitter&utm_medium=social&utm_campaign=auto 47:24 - Story # 9: https://twitter.com/kelvinfichter/status/1430951568505978888 Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/

In episode 39 we discuss how SushiSwap was able to fix an issue in their MISO auction potentially saving $350 million in funds. Japanese exchange Liquid Global was hacked for close to $90 million. Some cybercrime groups are offering $1 million in Bitcoin to target employees to deploy ransomware on their networks. Finally, we demonstrate an example smart contract exploit against a flash loan lending pool. Show Notes:  https://coinsecpodcast.com/Episode-39-1fcad93d5e60429b9f6a2cd68ea78327   00:00 - CoinSec Podcast Ep 39 01:51 - LINK CoinSecPodcast.com 02:13 - Story # 1: https://decrypt.co/78802/ethereum-dex-avoids-350m-defi-hack-thanks-white-hat-heroics 08:01 - Story # 2: https://cointelegraph.com/news/breaking-liquid-exchange-hacked-to-the-tune-of-80-million 15:16 - Story # 3: https://thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html 20:46 - Story # 4: https://docs.google.com/document/d/1-WoQwT1QrPEX-r4N-fDamRQ50LM8DsdsOyq1iTabS3Q/edit 28:51 - Story # 5: https://decrypt.co/78715/crypto-exchanges-see-10x-increase-phishing-attacks-says-new-report?utm_source=twitter&utm_medium=social&utm_campaign=auto 33:34 - Story # 6: https://blog.mazeprotocol.com/neko-hacking-incident-report-e46cdf179fd9 36:41 - Mobile Apps coming to Windows 11 : https://www.cnet.com/tech/computing/android-apps-on-windows-11-yup-how-it-works-which-apps-you-get-when-to-download/ 41:09 - https://cryptozombies.io/ 43:26 - Exploit Demo   Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/

CoinSec is back after a lengthy hiatus. Much has happened in the crypto space since the last episode. In this episode we discuss the largest DeFi hack ever along with two other hacks that resulted in large financial loss. Also, we discuss the looming infrastructure bill and potential concerns around crypto. 00:00 - CoinSec Episode 38 02:49 - Story # 1: https://decrypt.co/78163/polynetwork-suffers-record-breaking-600-3m-hack 03:13 - LINK: coinsecpodcast.com 25:36 - Story # 2: https://decrypt.co/77620/defi-protocol-popsicle-finance-hacked-25-million 28:02 - Story # 3: https://cointelegraph.com/news/dao-maker-crowdfunding-platform-loses-7m-in-latest-defi-exploit?utm_content=buffer1b294&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 34:08 - Story # 4: https://www.cnbc.com/2021/08/09/senate-rejects-compromise-crypto-tax-amendment-to-infrastructure-bill.html 39:17 - Bug Bounty Programs: https://docs.pancakeswap.finance/code/bug-bounty Show Notes: https://coinsecpodcast.com/Episode-38  Honk Kong by Taseh is licensed under a Attribution-NonCommercial-ShareAlike License. Based on a work at https://taseh.bandcamp.com/

On this episode Mike Felch (@ustayready) details some of the critical vulnerabilities that can be introduced into Ethereum smart contracts. The largest cryptocurrency hack ever happened to Coincheck. Coinhive made it's way into Google ads, and a new malware called WannaMine is using the NSA Eternal Blue exploit to compromise more hosts to mine on. Also, NIST put out guidance on Blockchain & cryptocurrency.

Steve Borosh (@424f424f) gives an introduction to mining cryptocurrencies. The hosts chat about the idea of splitting up private keys in different physical locations. News items for the week included VeChain's first ever cryptocurrency disaster recovery plan, reports of North Korea hacking South Korean exchanges, Sia ASIC miner drama, and discussion around millions being stolen from ICO's every month. Lastly the group chats about the penetration testing and bug bounty token Hacken.io.

This episode welcomes Chris Gates (AKA carnal0wnage) to the show to discuss how he got into cryptocurrency, and his new cryptocurrency project "The Great Altcoin Chase" (www.thegreataltcoinchase.com). Oracle WebLogic servers were being exploited to mine Monero, and Checkpoint states that Coinhive was the most prevalent malware of December, 2017. The Stellar Lumens wallet Blackwallet.co was DNS hijacked, and a vulnerability related to hijacking Lisk accounts was discussed.

In this inaugural episode of the CoinSec Podcast each host provided a brief history of their involvement in the InfoSec industry, and how they each got into cryptocurrency. Discussions were had around the latest vulnerabilities in the crypto space. Critical Electrum & Parity wallet vulns were discovered. Overstock.com had a critical vulnerability specifically related to Bitcoin payments. Also discussed was how malware authors are moving away from Bitcoin to Monero as a form of payment. The hosts did a deep dive into the PolySwarm ICO. Lastly, for those new to cryptocurrency a discussion around getting started with various exchanges was had.