How hackers stole $400M+ in a year
Heyo,
Jules here, from Cyfrin.
We are doing a little experiment with the newsletter this week - let us know what you think here!
What you will find this week
🥷🏻 Everything you need to know about oracle manipulation attacks
📆 Security events going on this week
✍🏼 Articles on wallets, auditing firms, and how fuzzing can help you catch exploits
⭐️ Rockstar community member highlight
Oracle Manipulation Attacks
In 2022, over $403.2 million were stolen in DeFi as a result of over 40 oracle manipulation attacks.
🤷🏻♀️ What are they? Oracle manipulation attacks happen when an oracle’s price feed is artificially altered.
🥷🏻 How do they happen? Attackers usually execute these exploits through flash loans altering the price of assets in automated market makers, such as Uniswap, changing the spot price of a token before the smart contract has a chance to look up the token’s value again.
💪🏽 5 ways to prevent them:
- Choose your oracle carefully
- Have back-up systems
- Decentralized > centralized oracles
- Constantly check the oracle’s performance and take protective steps if needed
- Get an audit
— Read more about oracle manipulation attacks here!
Security events this week
🧐 [Today, Feb 1st. 4pm UTC] Twitter Space: Web3 Security in 2024: what to look out for? - conversation between some of the industry’s top security researchers.
🎙️ [Tomorrow, Feb 2nd. 12pm UTC] You Tube Live: DeFi Dialogue with The Standard - a decentralized, over-collateralized stablecoin protocol backed by physical & digital assets.
🔐 [Next week, Feb 8th. 4pm UTC] Twitter Space: Web3 Security for Protocols - a peek into how protocols today are thinking about security in 2024.
Related blogs
🥷🏻 A deep dive into oracle manipulation attacks
🧪 How can fuzz testing help you catch exploits, like oracle manipulation attacks?
🕵🏻♀️ Top 10 smart contract auditing firms, and how to determine which is best for your codebase
Ecosystem rockstars ⭐️
This week, we want to give a shoutout to @engr.pips!
One of our most active community members in Discord - he is helpful, curious, and currently studying the UniswapV3 book and participating in his first audits.
Excited to have you!
Let us know what you thought of this new version of the newsletter here!
Sending lots of cyber love,
Jules 🤸🏻