Aave DAO to consider security patches after Nov. 4 market freeze

A coalition of Aave contributors and web3 developers put forth a proposal to address vulnerabilities discovered in two versions of defi’s largest lending protocol which prompted a halt on select markets. The proposal from BGD Labs suggested changes to Aave’s v2 deployment on Ethereum and Aave v3 on Arbitrum, Avalanche, Optimism, and Polygon blockchains. If backed by the protocol’s community, the proposal would implement updates for stable borrow paraments set for tokens with stable debt. Furthermore, Aave would shutter minting new stable debt tokens to provide additional security to its…

Friend​.tech copycat Stars Arena patches exploit after some funds drained

The Stars Arena Web3 social media app on Avalanche has lost some of its funds due to a malicious attack, according to social media reports.  Stars Arena user Lilitch.eth discovered the exploit on Oct. 5 and announced it on X (formerly Twitter), claiming that over $1 million was lost. The Stars Arena team confirmed the attack, calling it a “war” against the app. They said the attack only resulted in approximately $2,000 in losses and that the exploit had been patched. THE EXPLOIT HAS BEEN FIXED. BUT DON’T GET THIS…

WinRAR patches zero-day bug that targeted stock and crypto traders

The developers behind file compression software WinRAR have patched a zero-day vulnerability that allowed hackers to install malware onto unsuspecting victims’ computers, enabling them to hack into their crypto and stock trading accounts. On Aug. 23, Singapore-based cybersecurity firm Group-IB reported a zero-day vulnerability in the processing of the ZIP file format by WinRAR. The zero-day vulnerability tracked as CVE-2023-38831, was exploited for approximately four months, allowing hackers to install malware when a victim clicked on files in an archive. The malware would then allow hackers to breach online crypto…

BitGo patches critical vulnerability first discovered by Fireblocks

Cryptocurrency wallet BitGo has patched a critical vulnerability that could have exposed the private keys of retail and institutional users. Cryptography research team Fireblocks identified the flaw and notified the BitGo team in December 2022. The vulnerability was related to BitGo Threshold Signature Scheme (TSS) wallets and had the potential to expose the private keys of exchanges, banks, businesses and users of the platform. The Fireblocks team named the vulnerability the BitGo Zero Proof Vulnerability, which would allow potential attackers to extract a private key in under a minute using…

OpenSea patches vulnerability that potentially exposed users’ identities

Nonfungible token marketplace OpenSea has reportedly patched a vulnerability that, if exploited, could have exposed identifying information about its anonymous users.  In a March 9 blog post blog, cybersecurity firm Imperva detailed how it discovered the vulnerability, which it claimed could deanonymize OpenSea users “by linking an IP address, a browser session, or an email in certain conditions” to an NFT. As the NFT corresponds to a cryptocurrency wallet address, a user’s real identity could be revealed from the information gathered and linked to the wallet and its activity, Imperva explained. Imperva…

Wasabi Wallet Patches Flaw That Could Have Thwarted Bitcoin Privacy Feature

Wasabi Wallet users need to upgrade to the latest version if they want to continue using the CoinJoin feature to keep their Bitcoin transaction histories private. That’s because those running older iterations of the wallet can no longer use this feature to mix their coins with users who have the newest version. The Wasabi Wallet team hard-forked the wallet Thursday to address a vulnerability discovered by a team member at Trezor, a leading maker of hardware wallets. A hard fork is a code change that makes older versions of a…

Startup Finds and Patches Vulnerability in Code for Facebook’s Libra

Developers working for startup OpenZeppelin, a third-party audit firm specializing in cryptocurrency, have discovered and patched a vulnerability in Facebook’s Libra’s open-source code. The problem According to an article by Coindesk on Sept. 10, the crypto auditing firm found vulnerabilities in Move, which is a scripting language developed by Facebook for its stablecoin Libra. OpenZeppelin’s CEO Demian Brener said that the vulnerability would have enabled malicious actors to introduce executable code to smart contracts. He continued: “The good news is that it was found and patched before the platform was…

Monero Patches Vulnerability Bug | CCG

After a vulnerability has been spotted in Monero’s ecosystem, users reported it to the company. As a response to the situation, Monero developing team patched the bug that reportedly allowed hackers to “burn” the funds of the company’s cryptocurrency wallet.  The developers of an open-source cryptocurrency Monero (XMR) reportedly fixed a bug that could allow an attacker to “burn” the funds of the company’s wallet while only losing network transaction fees.  What is the “Burning Bug”? According to the statement from the cryptocurrency company, the bug has been reportedly discovered after a community…