🚨 Swaprum (@Swaprum) on Arbitrum rugged by its founders for ~$3M

Here's what happened:

🧵… 🕵️ The deployer of Swaprum utilized a backdoor function, add(), to steal LP tokens staked by users

Following the theft, liquidity was swiftly stolen from the pool by the deployer

🔖 After the recent controversial Ledger update to restore your wallet with ID, it's time to discuss potential, more secure methods for wallet restoration

Let's dive into Account Abstraction (ERC-4337) ⬇️

🧵 📰 Crypto wallet maker Ledger has been recently criticized for its “Ledger Recover” feature, which stores encrypted user seed phrases with third-party custodians

This has led to concerns about privacy and security

🚨 A Validator Attack on MEV Bots caused $25.2M loss for MEV bots

Thread below with comprehensive explanation ⬇️

🧵... 💸 MEV bots lost $25.2M today due to a planned validator action

The validator was previously funded through the anonymous #Aztec protocol, suggesting that the theft from MEV bots was premeditated

The validator's confidential top-up occurred 18 days ago

🚨 All Bridge (@Allbridge_io) has experienced a security breach, leading to a loss of approximately $570K

More details in the thread below ⬇️

🧵... ⚙️ The issue seems to stem from the manipulation of the pool's swap price, with the attacker taking on dual roles as LP and swapper to control the price and drain funds from the pool

🧑‍💻 Creating a Smart Contract: A Beginner's Guide

Explore the essential steps in the thread below ⬇️

🧵... ⏲️ First of all, we need to prepare for creating the smart contract

We need to clarify what is transaction on a code level, that is #solidity, IDE & External Tools

❗️Why Proof of Reserves audit should be performed not only for centralized exchanges, but also for stablecoins and synthetic assets issuers

🧵... 1. Proof of Reserves audit can help to demonstrate that the stablecoin is backed by a stable asset, such as a fiat currency, and that the issuer has the reserves necessary to honor all outstanding stablecoin liabilities

🚨 Mango Markets (@mangomarkets) has been hacked for over $100M

We are closely monitoring the situation and will keep you updated as soon as we verify details of the attack

🧵... The attacker account:

trade.mango.markets/account?pubkey…

🚨 TempleDAO (@templedao) has been attacked

The attacker has stolen 1831 ETH, which is around $2.35M

We are closely monitoring the situation and will keep you updated as soon as we verify details

🧶... The address used for attack was funded from Binance (@binance)

Means the attacker withdrew the funds for attack from Binance Account

etherscan.io/address/0x9c9f…

The FBI received close to 30,000 complaints of Business Email Compromise (BEC) in 2021, with companies losing over $2.4 billion

So, let's clarify what is Business Email Compromise and its attack types 📧

🧵... 1. Using this way of social engineering, the attacker poses as someone the recipient should trust, usually a colleague, boss or vendor

The sender asks the recipient to make a wire transfer, divert payroll, change banking details for future payments, etc

Every project meets the problem of choosing between centralized and decentralized oracle

Let's briefly compare them in terms of security 🛡️

🧵... 🔘 Centralized Oracles Security & Trust

Possible security issues are clear in terms of the word “centralized”: