Category: Cryptanalysis

Background on Log4j Alibaba Cloud Security Team publicly disclosed a critical vulnerability (CVE-2021-44228) enabling unauthenticated remote code execution against multiple versions of Apache Log4j2 (Log4Shell). Vulnerable servers can be exploited by attackers connecting via any protocol such as HTTPS and sending a specially crafted string. Log4j crypto-mining campaign Darktrace detected crypto-mining on multiple customer deployments which occurred…

Not so long ago, the elliptic (6.5.4) package for standard elliptic curves was vulnerable to various attacks , one of which is the Twist Attack . The cryptographic problem was in the implementation of secp256k1. We know that the Bitcoin cryptocurrency uses secp256k1 and this attack did not bypass Bitcoin, according to the CVE-2020-28498 vulnerability, the confirming parties of the ECDSA algorithm transaction through certain points on the secp256k1…

But is actually just a trap. Honeypots work by luring attackers with a balance stored in the smart contract, and what appears to be a vulnerability in the code. Typically, to access the funds, the attacker would have to send their own funds, but unbeknownst to them, there is some kind of recovery mechanism allowing the smart…

In the last article: “Blockchain Attack Vectors & Vulnerabilities to Smart Contracts” we reviewed all known attacks on the blockchain, in this article we will talk about crypto threats again and we will talk about identifying vulnerabilities for Cold wallets, as well as for Hot wallets. Blockchain is the underlying tech layer made up of a decentralized…

</p> In this article, we will talk about all known attacks on the blockchain, as well as smart contract vulnerabilities. Blockchain isn't really as secure as we tend to think. Though security is integrated throughout all blockchain technology, even the strongest blockchains come under attack by modern cybercriminals. Blockchains can resist traditional cyber attacks quite well, but…

In this article, we have compiled a list of useful tools and services for tracking illegal activities, crypto threats, and finding vulnerabilities in blockchain transactions. Most of the services include a comprehensive hack monitoring platform and process algorithm for the security of crypto wallets. In cryptanalysis, the control and analysis of transactions is always important to us. These services are…

In this article, we will take a detailed look at the open source password recovery tools and wallet seed phrases in the Crypto Deep Tools repository, and we will also discuss the situation when you accidentally lost or forgot part of your mnemonic or made a mistake while decrypting it. (So you either see an empty wallet…

In this article, we will tell you about the most daring and biggest thefts of cryptocurrencies associated with платформой DeFi. Hackers had a big year in 2021 when they stole $3.2 billion worth of cryptocurrencies. But in 2022, the amount of theft of cryptocurrencies reached a historical maximum. In the first three months of this year, hackers have stolen $1.3 billion from…

This article will focus on a vulnerability in inter-network bridge protocols, which is a big security threat to smart contracts between different blockchains. Cross bridges are an attractive target for hackers because they often represent a central storage point for the funds that support the "bridge" assets on the receiving blockchain. What are Internet Bridge Protocols? Bridges…

In this article, we will again touch on the topic of a signature failure in a blockchain transaction and apply a completely new attack: “WhiteBox Attack on Bitcoin” .Differential fault analysis (DFA)was briefly described in the literature in 1996 when an Israeli cryptographer and cryptanalyst Eli Biham and an Israeli scientist Adi Shamir showed that they could use error injection to extract the secret key and recover the private…