The year 2021 almost ended with a disastrous $24B hack which was luckily averted by the responsible disclosure programs hosted by Immunefi and Polygon. The trend of the same DeFi projects getting hacked again and again continues with Vesper Finance getting hacked twice in the past two months. The year end edition also features a number of excellent research articles to prepare you for what’s to come in 2022 like the first $1B+ DeFi hack?

Happy new year and be sure to protect your crypto by exercising safe sex!

News

• What 2022 Might Bring for Crypto Regs and Compliance by TRM.

• Crypto Roundup + The biggest hacks from 2021 by Breadcrumbs.

• Our review of the blockchain security industry in 2021, with global losses exceeding $9.8 billion by SlowMist.

• Malaysia Seizes 1,720 Bitcoin Mining Machines in Electricity Theft Crackdown.

Scams

• Phishing campaign targets CoinSpot cryptoexchange 2FA codes.

• YEAR airdrop rugpulled investors with a backdoored contract.

• Stolen Bored Apes Worth $1.9M 'Frozen' by NFT Marketplace OpenSea.

• After Identity Theft, Salvadorans Now Report Funds Disappearing From Chivo Wallets.

• NFT Swapping Platform MetaSwap Allegedly Rug Pulled: $600K Worth of BNB Stolen.

Hacks

• On December 4, 2021 Polygon lost $1.8M after a silently patched vulnerability was exploited. The mount stolen is still significantly less than the $24B that were at risk as a result of the flaw.

• On December 27, 2021 DexTools front-end code injection vulnerability was used to trick users into buying fake NFT tokens.

• On December 30, 2021 Vesper Finance lost $1M as a result of a price oracle manipulation vulnerability.

• On December 30, 2021 SashimiSwap logic error vulnerability in its swap function was exploited which resulted in the loss of $335K.

• On January 1, 2022 Tinyman, an Algorand project, lost $3.5M after a logic error in its burn function got exploited.

Vulnerabilities

• Bitswift fixed an unlimited minting vulnerability after it was responsibly disclosed through Immunefi.

• Solana fixed a critical integer overflow bug in its rBPF implementation which could trigger network shutdown.

Media

• RugDoc x Moralis Workshop: How to Launch a DeFi Project That Doesn't Suck! has plenty of tips on building secure DeFi deploys.

Research

• A Glimpse of the Deep: Finding a Creature in Ethereum's Dark Forest.

• Towards Malicious address identification in Bitcoin.

• Hacking the Blockchain: An Ultimate Guide.

• How to make a jump from Web2 hacking to Web3 hacking?

• Introduction to Smart Contract Vulnerabilities: Reentrancy Attack.

• Intro to Smart Contract Vulnerabilities: Overflow.

• Intro to Smart contract exploits: Selfdestruct function.

• Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities.

• One Bad Apple Spoils the Bunch: Transaction DoS in MimbleWimble Blockchains.

• All You Need to Know About DeFi Flash Loans.

• How to fork mainnet for testing.

• How To Secure Your Crypto Wallet On A Virtual Machine And Stop Front-Running.

• Stealing all your secrets using IPFS Mounts by Joran Honig.

Premium Content