March 14, 2021
Cypherock Security Digest - PAID Network Crypto Hack, NFT sells for almost $70 Million and many more

Hi,

Thank you for being a part of the Cypherock family. The device is currently being tested thoroughly by an experienced group of testers and is towards its final stage of completion. Stay tuned!

This weekend, we take a look at Cryptocurrency Exchange hacks with more news from the Cryptocurrency space.

Team Cypherock

Security Digest

PAID Network Attack Postmortem

PAID Network Attack Postmortem

Technical Analysis of the attack

We covered the hack in the last newsletter. As per the network’s official twitter account, the root cause of the attack was a combination of two vulnerabilities: a leaked private key and a failure in key management processes. The code was not compromised as they have complete trust in their CertiK audit. The first failure was a private key leak. They have identified the cause of the private key leak, and have mitigated it. As they have not fully resolved the situation with the responsible party, they are not disclosing details on how the private key was leaked at this time. It was not a malicious leak as there is no reason to think that it was. The second failure was a key management failure. The compromised private key provided access to the PAID token contract, and was used to modify the token contract to allow the attacker to maliciously burn and then re-mint PAID tokens. The burning was required in order to mint tokens as the max supply had already been reached. The attacker proceeded to sell the re-minted PAID tokens on Uniswap for ETH, until liquidity on the Uniswap pair was pulled by the PAID Network team.

How to prevent: Use wallets to store crypto that supports users to manage private keys through multi-sig or Shamir secret sharing which prevents from being vulnerable to the compromise of a single private key.

Dapp News

Beeple NFT Sells For $69.3 Million, Becoming Most-Expensive Ever

Beeple NFT Sells For $69.3 Million, Becoming Most-Expensive Ever

A piece of digital art sold for $69.3 million at Christie’s Thursday morning, a record amount money paid for a new but booming category of art called non fungible tokens or NFTs. It quickly places the artist known as Beeple in a rarified world previously occupied only by artists creating physical work.

“Everydays: The First 5,000 Days” by Beeple, a 41-year-old illustrator from Wisconsin, was a collage of 5,000 images the artist made over as many days. Its eight-figure sale represents the latest height in a mounting frenzy for NFTs, a type of digital media built on the blockchain that has catapulted to mainstream attention—and demand—over the past two months. Beeple, whose real name is Mike Winkelmann, has posted an image online every day since 2007, and the work sold at Christie’s is a collection of these software-drawn pictures, many of them cheeky indictments of our modern, tech-obsessed lives. Led by Beeple, the NFT market has now exceeded more than $400 million in transactions during 2021, several fold more than occurred during all of last year.

Twitter Tales

What are blockchain based Dapps? And how can it be the future of Decentralization? See Alex Mizrahi talk about it.

Check out the tweet here.

What's the point of dapps? From a technical perspective, anything a dapp can do can also be done using a centralized service more easily and efficiently (in theory, at least). So there must be a reason why a centralized service would not work for dapp to matter. — Alex Mizrahi (@killerstorm) January 14, 2019

Reddit Reads

Why are people going mad over NFTs? Check out the thread below.

NFT Madness - What they are and what they are not. Why they're great, and why they suck from r/CryptoCurrency

Cypherock Updates

Is Your Crypto Safe?

Is your crypto safe

Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!

If you still wish to learn more about how you can secure your crypto better, you book a free consultation call here.

We will meet again next week. Till then, stay safe!