3/ Private: Private blockchains are dedicated networks that restrict access to transaction data to invited users only, which means they are “permissioned”.
4/ Hybrid: A hybrid blockchain is a type of blockchain that combines public and private blockchain characteristics.
5/ Consortium: A consortium blockchain is a distributed ledger in which multiple organizations can operate a node on the network.
6/ When contemplating the right network or architecture for the #blockchain, #security is a crucial factor that must be carefully considered. Both public and private blockchains are vulnerable to distinct attack vectors.
1/ In November 2022, Skyward Finance became the first project in the NEAR ecosystem on the Rekt leaderboard of the biggest #DeFi hacks. The attacker exploited vulnerabilities in the Skyward contracts to drain approximately $3.2 million in tokens from the project. #cryptocurrency
2/ The Skyward hack was made possible by a vulnerability in the redeem_skyward function within the project’s #SmartContracts. This function allows users to redeem the SKYWARD tokens they have earned for wNEAR tokens stored within the contract.
3/ The redeem_skyward function failed to properly validate token_account_ids when processing redemptions. The function verified that a provided token_account_id was valid but not that it was unique. The attacker exploited this vulnerability.
1/ 🤫 Proving knowledge of a secret is a common requirement in security. For example, passwords are the most common form of user authentication.
Password-based authentication requires both parties (the user and the server) to know the secret.
2/ 0️⃣ Zero-knowledge proofs (or ZKPs) provide an alternative. With a ZKP, the prover can prove knowledge of a secret without revealing the secret itself.
3/ 🕵️ There is limited privacy on the blockchain because anyone can see the contents of an account’s wallet and every transaction that it has performed.
1/ 🚩 Exit scams are one of the major risks of investing in a cryptocurrency project. There are 7 red flags that may be a cause for concern...
2/ 🕵️ Anonymous Teams: It is much easier for a project team to steal the project’s funds and disappear if no one knows who they truly are.
3/ 📂 Unprofessional or Incomplete Materials: If the project website is incomplete, unprofessional, or largely ripped off from another DeFi project, it may indicate that the team was throwing something together that was just designed to last long enough for the scam.
1/ 📘 In information security, the Blue Team refers to a group of defensive security pros tasked with maintaining internal defenses against any incoming cyber attacks.
But their job is only part of the security work needed within any given entity...
2/ 📕...On the other side of the Blue Team’s defensive approach comes the Red Team playing offense.
Red Teams consist of security pros, including ethical hackers, who try to overcome an organization’s cybersecurity controls.
3/ ❌ Without the work of the Red Team, it’s difficult to know how your organization could be attacked from the outside, which is where a majority of the real world attacks come from.
1/ 🥁 Introducing Part 1/3 of our Decentralized Finance Security series.
2/ 💰 DeFi’s ability to revolutionize the financial sector by offering decentralized, blockchain-based alternatives to traditional financial services has driven significant investment in the space.
3/ 🎯 However, the large amount of value invested in DeFi smart contracts also makes them common targets of attack...