Share this page!

Halborn Profile picture
Twitter logo
Nov 15 6 tweets 5 min read
1/ In November 2022, Skyward Finance became the first project in the NEAR ecosystem on the Rekt leaderboard of the biggest #DeFi hacks. The attacker exploited vulnerabilities in the Skyward contracts to drain approximately $3.2 million in tokens from the project. #cryptocurrency
2/ The Skyward hack was made possible by a vulnerability in the redeem_skyward function within the project’s #SmartContracts. This function allows users to redeem the SKYWARD tokens they have earned for wNEAR tokens stored within the contract.

#Hacked #Blockchain #Security
3/ The redeem_skyward function failed to properly validate token_account_ids when processing redemptions. The function verified that a provided token_account_id was valid but not that it was unique. The attacker exploited this vulnerability.

#CyberSecurity #Blockchain #Hacked
4/ One of the reasons this hack was possible was because the contract unnecessarily allowed multiple token_account_ids to be passed to the redeem_skyward function when only one was necessary.
5/ This type of simple vulnerability could have been detected and remediated by a smart contract audit before the contract was deployed to the #blockchain

#SmartContracts #CryptoNews
6/ This type of simple vulnerability could have been detected and remediated by a smart contract audit before the contract was deployed to the blockchain. Learn how to secure your project’s smart contracts: halborn.com/explained-the-…
#SmartContracts #BlockchainNews #DeFi

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Halborn

Halborn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HalbornSecurity

Halborn Profile picture
Nov 14
1/ Let's compare the four main types of #Blockchain Networks!🔗

We'll take a look at the main features, advantages, and disadvantages of each.
2/ Public: Public blockchains are permissionless, decentralized networks accessible to anyone.

#blockchain #decentralized
3/ Private: Private blockchains are dedicated networks that restrict access to transaction data to invited users only, which means they are “permissioned”.
Read 7 tweets
Halborn Profile picture
Oct 6
1/ 🤫 Proving knowledge of a secret is a common requirement in security. For example, passwords are the most common form of user authentication.

Password-based authentication requires both parties (the user and the server) to know the secret.
2/ 0️⃣ Zero-knowledge proofs (or ZKPs) provide an alternative. With a ZKP, the prover can prove knowledge of a secret without revealing the secret itself.
3/ 🕵️ There is limited privacy on the blockchain because anyone can see the contents of an account’s wallet and every transaction that it has performed.
Read 5 tweets
Halborn Profile picture
Oct 5
1/ ⛓️ Once and for all, how do Bitcoin and Ethereum compare? We explore...
2/ 🪙 Bitcoin is a decentralized, peer-to-peer digital currency that enables instant, global payments to anyone, anywhere.
3/ 📜 The Ethereum Virtual Machine (EVM) is essentially a piece of software that runs smart contracts.

The core value proposition of the EVM is its enablement of decentralized applications (dApps).
Read 9 tweets
Halborn Profile picture
Oct 5
1/ 🚩 Exit scams are one of the major risks of investing in a cryptocurrency project. There are 7 red flags that may be a cause for concern...
2/ 🕵️ Anonymous Teams: It is much easier for a project team to steal the project’s funds and disappear if no one knows who they truly are.
3/ 📂 Unprofessional or Incomplete Materials: If the project website is incomplete, unprofessional, or largely ripped off from another DeFi project, it may indicate that the team was throwing something together that was just designed to last long enough for the scam.
Read 9 tweets
Halborn Profile picture
Oct 4
1/ 📘 In information security, the Blue Team refers to a group of defensive security pros tasked with maintaining internal defenses against any incoming cyber attacks.

But their job is only part of the security work needed within any given entity...
2/ 📕...On the other side of the Blue Team’s defensive approach comes the Red Team playing offense.

Red Teams consist of security pros, including ethical hackers, who try to overcome an organization’s cybersecurity controls.
3/ ❌ Without the work of the Red Team, it’s difficult to know how your organization could be attacked from the outside, which is where a majority of the real world attacks come from.
Read 6 tweets
Halborn Profile picture
Oct 4
1/ 🥁 Introducing Part 1/3 of our Decentralized Finance Security series.
2/ 💰 DeFi’s ability to revolutionize the financial sector by offering decentralized, blockchain-based alternatives to traditional financial services has driven significant investment in the space.
3/ 🎯 However, the large amount of value invested in DeFi smart contracts also makes them common targets of attack...
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(