Security

ZachXBT's investigation points to Axiom Exchange staff allegedly misusing internal access to monitor user wallets and conduct insider trading. This comprehensive breakdown examines the timeline of events, data structure, controversy in public opinion, and implications for the industry.

GateToken (GT) is the native asset and core value carrier of the Gate ecosystem. It not only supports the rights and interests system of the centralized exchange but also serves as the Gas payment token for GateChain. Acting as a strategic bridge connecting CeFi and DeFi, GT secures the network through a Proof-of-Stake (PoS) consensus mechanism and provides users with multiple utility credentials, including cross-chain resource scheduling, ecological governance voting, and priority participation in the Launchpad.

GT (GateToken) and BNB represent two core logics in the evolution of platform tokens: the former emphasizes "on-chain asset security and underlying infrastructure," while the latter is dedicated to "high-performance transactions and full-stack ecological expansion."

Cardano is a public blockchain network centered on smart contracts, utilizing a layered architecture and a Proof of Stake (PoS) mechanism. It aims to provide a more secure and scalable underlying support for decentralized applications and financial infrastructure. Its consensus mechanism, Ouroboros, enhances network security and energy efficiency through mathematical modeling and formal verification design. ADA, Cardano's native token, serves as both the settlement currency for network transactions and a key tool for staking and governance. Through decentralized stake pools and incentive mechanisms, network participants collectively maintain system operations and security, enabling Cardano to operate continuously without centralized control.

The primary difference between Cardano and Ethereum lies in their ledger models and development philosophies. Cardano adopts the Extended UTXO (EUTXO) model derived from Bitcoin and emphasizes formal verification and academic rigor. Ethereum, by contrast, uses an account-based model and, as a pioneer of smart contracts, prioritizes rapid ecosystem iteration and broad compatibility.

Security researchers have identified that hackers are exploiting "search poisoning" to manipulate Bing AI search results, steering users toward downloading a fake OpenClaw application embedded with infostealer malware, leading to the theft of crypto assets and sensitive information. This article examines the attack methodology, technical specifics, and the broader implications for the industry.

A user on CoW Swap exchanged roughly $50.43 million in aEthUSDT for AAVE. Because slippage exceeded 99%, the user ended up with only about $36,000 in assets, sparking widespread market concern. This article examines Aave's collateral swap mechanism, transaction routing challenges, and associated DeFi risks.

Resolv's USR stablecoin experienced a significant security breach, allowing an attacker to mint 80 million uncollateralized tokens and liquidate roughly $25 million, which caused a substantial price depeg. This article offers an in-depth examination of the incident, the attack method, and the inherent risks of DeFi stablecoins.

In this decentralized digital world, everyone is responsible for safeguarding their own assets and acting as the first line of defense against risks. We can’t rely on others, but we can rely on rules and common sense. Always remember: Never share your mnemonic phrase.

This article explores how to leverage technologies such as ZKP, zkTLS, TEE, and FHE to protect data privacy and ensure data verifiability and trustworthiness in the rapidly evolving landscape of AI and blockchain development.

Usual recently garnered market attention due to the USD0++ depegging incident. USD0++ is an enhanced stablecoin backed by RWA assets, offering up to 50% APY. On January 10, Usual modified its redemption rules, reducing the unconditional redemption rate to 0.87, which triggered market panic and caused the USD0++ price to drop to around $0.9. This move is seen as a strategic effort by the project team to accurately trigger the liquidation of high-leverage circular loan positions through a set redemption floor and liquidation line while attempting to control the circulation of the USUAL token and curb the death spiral. However, the centralized and governance-lacking process of the rule changes raised concerns among users. This incident reflects the participation risks in complex DeFi products and the dynamic adjustments in market development.

Ethereum's privacy issues are increasingly gaining attention, especially as transaction transparency may expose users' financial information and activities. To address this issue, Stealth Addresses have been proposed, aiming to ensure the receiver's identity and transaction details remain private by generating a unique temporary address for each transaction. This method does not rely on third-party privacy protocols but enhances privacy directly at the protocol level. However, the implementation of Stealth Addresses still faces challenges.

UniLend was exploited due to a vulnerability, leading to the theft of approximately $200K (4% of TVL). The attacker used a flash loan to deposit 60 million USDC, manipulated collateral calculations, and exploited a contract bug in the health check process to inflate collateral value, withdrawing 60 stETH. The flaw stemmed from the faulty implementation of the userBalanceOfToken function. UniLend has since fixed the issue, paused V2 deposits, and offered a bounty to recover the funds. This incident underscores the critical importance of security for DeFi platforms and the need for thorough smart contract audits.

This report provides an in-depth analysis of the current state and trends in cryptocurrency security in 2024. We will review major security incidents from this year, analyzing attackers' common methods, targets, and resulting losses. We will also examine historical case studies and draw lessons from them. Furthermore, the article looks ahead to future challenges and opportunities in cryptocurrency security, and explores how regulatory authorities and industry participants can work together to address these challenges and build a more secure and reliable cryptocurrency ecosystem.

Crime-as-a-Service (CaaS) is an emerging cybercrime model in which criminals sell or rent their tools and services to individuals lacking technical expertise, lowering the barriers to committing crimes. In the cryptocurrency space, this model makes it easier for malicious software, phishing tools, and Distributed Denial of Service (DDoS) attacks to be accessed, increasing the risks for users. To protect themselves, users should enhance their security awareness, adopt multi-factor authentication, exercise caution with suspicious links and software, and regularly update their security measures.