Security Hacks

Types of WEB3 hacks

WEB3:

Wallet hacks- Holding the user’s funds, wallets are a massive target for hackers. Security leaks can lead to hackers gaining access to user’s funds.

Token minting- Some token contracts have a minting functionality, which means that new tokens can be created. This can be used by hackers to mint new tokens and sell them.

Flashloans- Loans that have to be paid back in the same block they are taken. Can be used maliciously to extract money from Smart contracts. One way to utilize those loans, for example, is to trade big amounts and cause on-chain liquidations.

Exchange hacks- Both centralized and decentralized exchanges can be hacked, and the stored funds can be extracted.

Intentional “rug-pulls”- The team itself pulling liquidity, minting new tokens, dumping their tokens, or similar, can also be an issue.

Oracles- in the traditional trading arena, artificially inflating or deflating the price of an asset through market manipulation is illegal and you can be fined and/or arrested for it. In DeFi, which gives random people the ability to “flash trade” hundreds of millions or billions of dollars, causing sudden price fluctuations, the problem is pronounced.

Governance- this is the first crypto-specific issue to make the list. Many projects in web3 include a governance aspect, in which token-holders can put forward and vote on proposals to alter the network.

WEB2 & WEB3:

Phishing- is a well-known, ubiquitous issue. Phishers try to ensnare their prey by sending baited messages through a variety of channels,

APT operations: the top predators- often called Advanced Persistent Threats (APTs), are the boogeymen of security. 

Supply Chain- this has long been a security challenge across systems before web3, for example with the log4j exploit, which affected widespread web server software

Zero-day- exploits –  so named because they have been publicly known for zero days at the time of their appearance – are a hot button issue in the field of information security, and it is no different in web3 security.

Man in the middle attack- An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them.

Simjacker- At its most basic level, the main Simjacker attack is sending an SMS to a mobile phone with a special sort of spyware-like malware, which tells the UICC (SIM Card) within the phone to take over the phone in order to receive and conduct sensitive orders.

SIM Card Swapping- SIM swapping happens when scammers contact your mobile phone’s carrier and trick them into activating a SIM card that the fraudsters have. Once this occurs, the scammers have control over your phone number.

SIM Cloning- SIM cloning is the procedure through which a genuine SIM card is reproduced. When the cloning is accomplished, the cloned SIM card’s classifying information is transported onto a separate, secondary SIM card.