Crypto scams, hacks and exploits and how to avoid them: Crypto-Sec
DeFI exploits: iVest hit with donation attack
Decentralized Finance protocol iVest Finance was the victim of a $156,000 exploit on Aug. 12, according to a report from blockchain security firm QuillAudits.
Transferring tokens to a null address (0x0) usually causes them to be lost forever. However, in the iVest protocol, transfers to the null address cause a _MakeDonation function to be called, which in turn causes “the sender’s balance [to be] incorrectly reduced by double the intended amount,” QuillAudits reported.
Source: QuillAudits
The attacker repeated these steps over and over again, successfully draining over $156,000 worth of BNB and iVest tokens from the pool, most of which had been deposited by other users.
Quill stated that it would provide more updates as information becomes available.
On its website, iVest describes itself as a project that combines “SocialFi and DAO governance with unique tokenomics to support our members and create thriving community projects.” Cointelegraph contacted iVest for comment but did not receive a response by the time of publication.
Malware vulnerability: AMD “Sinkclose” affects millions
Millions of PCs are affected by a vulnerability in AMD processors discovered on Aug. 9, according to a report from Wired. The discovery could be especially concerning for users who run software wallets such as MetaMask, Coinbase Wallet, Trustwallet or others on these devices.
The vulnerability, called “Sinkclose,” allows an attacker to create a “bootkit” that “evades antivirus tools and is potentially invisible to the operating system.” If a user’s device becomes infected with sinkclose-associated malware, it is virtually impossible to remove. Even formatting the hard drive and reinstalling the operating system will not get rid of the malware.
The vulnerability was reportedly discovered by Enrique Nissim and Krzysztof Okupski, researchers for the cybersecurity firm…
..
