Awesome Blockchain Security
Companies
-
Kapersky lab - Securing Blockchain Compaines with Kaspersky Blockchain Security
-
Kapersky lab - Securing Crypto-Exchanges with Kaspersky CEX Security
-
Kapersky lab - Securing Token Sales Projects with Kaspersky Token Offering Security
Articles
- Top 5 Blockchain Security Issues in 2021
- The Benefits and Vulnerabilities of Blockchain Security
- Blockchain Security Issues - A Complete Guide
- These Were the Worst Hacks of 2021
Crypto Hacks
- Poly Network
- BitMart
- Coumpound
- Vulcan Forged
- Cream Finance
- Badger
- Ascendex
- EasyFi
- Uranium Finance
- bZx
- PancakeBunny
- Kucoin
- Alpha Finance
- Vee Finance
- Meerkat Finance
- MonoX
- Spartan Protocol
- StableMagnet
- Paid Network
- Harvest Finance
- XToken
- Popsicle Finance
- Pickle Finance
- Cream Finance
- Snowdog
- bEarn
- Indexed Finance
- Eminence
- Furucombo
- Compounder Finance
- Value DeFi
- Yearn
- Rari Capital
- Value DeFi
- Cover
- Punk Protocol
- THORChain
- Hack Epidemic
- Anyswap
- Warp Finance
- BurgerSwap
- Value DeFi
- Alchemix
- Belt
- Bondly
- Roll
- THORChain
- X-Token
- Eleven Finance
- ChainSwap
- DAO Maker
- JayPegs Automart
- PancakeBunny
- DODO
- Akropolis
- 8ight Finance
- Levyathan
- The Big Combo
- Autoshark
- Merlin Labs
- Merlin Labs
- Merlin Labs
- Saddle Finance
- SafeDollar
Organisations
Cloud Security Alliance
- Over 200 Documented Blockchain Attacks, Vulnerabilities and Weaknesses
- Blockchain DLT Attacks and Weaknesses Enumeration
- Secure Distributed Ledger Technology Framework for Financial Institute
- Crypto-Asset Exchange Security Guidelines
- Hyperledger Fabric 2.0 Architecture Security Report
- Hyperledger Fabric 2.0 Architecture Security Controls Checklist
- Top 10 Blockchain Attacks, Vulnerabilities & Weaknesses
Blockchain DLT Attacks and Weaknesses Enumeration
- Account Hijacking
- API Exposure
- Artificial Difficulty Increases
- Balance Attack
- Bitcoin lightning - Eclipse Attack Time Dilation
- Bitcoin Lightning - Flood and Loot
- Bitcoin Lightning - Pinning
- Bitcoin Lightning - Spamming Payment Micropayments
- Block Forger DoS
- Block Mining Finney Attack
- Block Mining Rae Attack
- Block Mining Timejack Attack
- Block reordering Attack
- Blockchain nIngestion
- Blockchain network Lacks Hash Capacity
- Blockchain Network Partitioning Attack
- Blockchain Peer Flooding Attack
- Blockchain Peer Flooding Attack Slowloris Variant
- Blockchain Reorganization Attack
- Blockchain Weak Sources of Randomness
- Consensus 34% Attack
- Consensus 51% Attack
- Consensus Attack
- Consensus Attack Against PoS
- Consensus Attack Against PoW
- Consensus Delay Attack
- Consensus Majority Attack
- Credential Stuffing
- Cryptomining
- Cryptomining Malware
- Data Corruption
- Dictionnary Attack
- Distributed-Denial-of-Service Attack
- DNS Attacks
- DoS against Ethereum 2.0 validator to trigger penalty for being offline
- Double Spending Attack
- Download of Data Without Integrity Check
- Dusting Attack
- Eclipse Attack
- EOS RAM Vulnerability
- ERC20 Token Transfer to Self Token Address (and possibly other tokens)
- Ethereum Solidity Prior to 0.5.0 View Promise Not Enforced
- Evil Maid Attack
- Failure to Update
- Fixed Consensus Termination
- Flash Loans
- Flawed Blockchain Network Design
- Fork-after-withhold Attack
- Freeloadinng
- Front Running
- Front Running Displacement
- Front Runningn Insertion
- Front Running Mempool
- Front Running Oracle
- Front Running Suppression
- Frozen ether
- Gas Limit DoS on the Blockchain Network via Block Stuffing
- Hard Fork Software Update
- Hash Functions
- Homomorphic Encryption
- Identity and Access Management Overview
- Immutable Bugs
- Implementation of Something They Should Use a Standard Library For
- Indistinguishable Chais
- Insecure API Connections
- Insider Threat
- Leading Ether to Arbitrary Address
- Long-Range Attack
- Lost Ether in The Transaction
- Long-Range Attack
- Lost Ether in The Transaction
- Majority Attack
- Malfunctioned MSP
- Malicious Mining
- Malicious Web Extensions
- Membership Service Provider Attacks
- Mirroring
- Multi-Factor Authentication (MFA)
- Multiple Signatures
- Namespace Squatting on Internal Packages
- Network Routing Attacks
- Non-existent Accounts
- Nothing at Stake
- On-Chain Data Confidentiality
- Orphan Blocks
- Parity Multisig Wallet Attack
- Permissioned Blockchain MSP DoS
- Phishing Attack
- Pool Hopping
- Private Key Leakage Attack
- Public Peer Selection
- Replay Attack
- Requirements of Keeping Real World PII Data Associated With Crypto Wallet Addresses
- Ring Signatures
- RPC Call Vulnerability
- Selfish Mining Attack (Block Withholding Attack)
- SIM Swap
- Single perspective Validation
- Smart Contract Use of Outdated Compiler Version
- Smart Contract Access Control - Smart Contract Initiatlization
- Smart Contract Arbitrary Jump With Function type Variable
- Smart Contract Assert Violation
- Smart Contract Authorization through tx.origin
- Smart Contract Block values as a proxy for time
- Smart Contract Call Depth Attack
- Smart Contract Call to Unknown Function via fallaback()
- Smart Contract Code With No Effects
- Smart Contrat Cross-Function Race Condition
- Smart Contract Default Fallback Address Attack
- Smart Contract Delegate Call Injection
- Smart Contract Delegate Call to Untrusted Callee
- Smart Contract Disordered Exceptionns
- Smart Contract DoS
- Smart Contract DoS with Block Gas Limit
- Smart Contract DoS with Failed Call
- Smart Contract DoS wit Unbounded Operations
- Smart Contract DoS With Unexpected Revert
- Smart Contract Erroneous Constructor Name
- Smart Contract Erronenous Visibility
- Smart Contract Ehter Lost in Transfer
- Snart Contract Ether Lost to Orphan Addresses
- Smart Contract Etherum Gasless Send
- Smart Contract Floating Pragma
- Smart Contract Forcibly Sending Ether to a Contract
- Smart Contract has undocumented "onlyOwner" termination function or other capability
- Smart Contract Hash Collisions with Multiple Variable Length Arguments
- Smart Contract Immutable Bugs
- Smart Contract Incorrect Constructor Name
- Smart Contract Incorrect ERC20 Implementation
- Smart Contract Incorrect Function State Mutability
- Smart Contract Incorrect Inheritance Order
- Smart Contract Insufficient Gas Griefing
- Smart Contract Integer Iverflow and Underflow
- Smart Contract Keeping Secrets
- Smart Contract Lack of Address Key Binding
- Smart Contract Lack of Proper Signature Verification
- Smart Contract Manipulation Balance
- Smart Contract Message Call with Hardcoded Gas Amnout
- Smart Contrat Mishandled Exceptions
- Smart Contract Missing Protection Against Signature Replay Attacks
- Smart Contract Presence of Unused Variables
- Smart Contract Race Conditions
- Smart Contract Rentrancy Race Condition
- Smart Contract Requirement Violation
- Smart Contract Right-To-Left-Override Control Character (U+202E)
- Smart Contract Shadowing State Variables
- Smart Contract Short Address Attack
- Smart Contract Signature Malleability
- Smart Contract Source Code Unavailable for review
- Smart Conrtact Stack Size Limit
- Smart Contract State Variable Default Visibility
- Smart Contract Time Related Issues
- Smart Contract Timestamp Dependency
- Smart Contract Transaction Order Dependence
- Smart Contract Transaction Ordering Dependency (TOD)
- Smart Contract Typecasts
- Smart Contract Typographical Error
- Smart Contract Unchecked Call Return Value
- Smart Contract Unchecked Return Values
- Smart Contract Underpriced Opcodes
- Smart Contract Unencrypted Private Data On-Chain
- Smart Conrtact Unexpected Call Return Value
- Smart Contract Unexpected Ether Balance
- Smart Contract Uninitialised Storage Pointer
- Smart Contract Unpredictable State
- Smart Contract Unprotected Ether Withdrawaal
- Smart Contract Unprotectedt SELFDESTRUCT Instruction
- Smart Contract Unprotected Suicide
- Smart Contract Upgradeable Contract
- Smart Contract Usage of "continue" in "do-while"
- Smart Contract Use of Deprecated Solidity Functions
- Smart Contract Weak Field Modifier
- Smart Contract Weak Sources of Randomness from Chain Attributes
- Smart Contract Write to Arbitrary Storage Location
- Smart Contract Function Default Visibility
- Soft Forks
- Sole Block Synchronisation
- Stealth Addresses
- Sybil Attacks
- Time Manipulation
- Timebomb
- Timejacking
- Transaction Flooding
- Transaction Malleability
- Two-Factor Authentication (2FA)
- Two-Factor Authentication (2FA) via Biometrics
- Two-Factor Authentication (2FA) via Email
- Two-Factor Authentication (2FA) via SMS
- Typo squatting on Spellcheck Names
- Uncle Block Rewards
- Uncle Forks
- Unlimited Incoming Connections
- Vector76
- Voice Assistant Attack
- Vote Token Trapping
- Vulnerabilities in Virtual Machines (EVM, JVM)
- Vulnerability to Malware
- Vulnerable Signature
- Wallet Theft
- Wallet Weak Seed Creation
- Zero Balance Accounts
- Failure to Remove Developer or Test Credentials or Addresses from a SmartContract
- XSS in Wallets and Smart Contract Interfacesvia Company Names/etc
Notable Blockchain Security Issues
- Exchange Hacks
- DeFi Hack
- 51% Attack
- Phishing
- Rugpull/Exitscam
- Ransomware
- SIM Swap
- Investment Scam
- High-Profile Doubler Scam
- Extortion
Wallet Security
- Fake Software Wallets
- Fake Hardware Wallets
SWC Registry - Smart Contract Weakness Classification and Test Cases
- SWC-100 | Function Default Visibility
- SWC-101 | Integer Ovweflow and Underflow
- SWC-102 | Outdated Compiler Version
- SWC-103 | Floating Pragma
- SWC-104 | Unchecked Call Return Value
- SWC-105 | Unprotected Ether Withdrawal
- SWC-106 | Unprotected SELFDESTRUCT Instruction
- SWC-107 | Reentrancy
- SWC-108 | State Variable Default Visibility
- SWC-109 | Uninitialized Storage Pointer
- SWC-110 | Assert Violation
- SWC-111 | Use of Deprecated Solidity Functions
- SWC-112 | Delegated to Untrusted Callee
- SWC-113 | DoS with Failed Call
- SWC-114 | Transaction Order Dependence
- SWC-115 | Authorization through tx.origin
- SWC-116 | Block values as a proxy for time
- SWC-117 | Signature Malleability
- SWC-118 | Incorrect Constructor Name
- SWC-119 | Shadowing State Variables
- SWC-120 | Weak Sources of Randomness from Chain Attributes
- SWC-121 | Missing Protection against Signature Replay Attacks
- SWC-122 | Lack of Proper Signature Verification
- SWC-123 | Requirement Violation
- SWC-124 | Write to Arbitrary Storage Location
- SWC-125 | Incorrect Inheritance Order
- SWC-126 | Insufficient Gas Griefing
- SWC-127 | Arbitrary Jump with Function Type Variable
- SWC-128 | DoS With Block Gas Limit
- SWC-129 | Typographical Error
- SWC-130 | Right-To_left-Override control character (U+202E)
- SWC-131 | Presence of unnused variables
- SWC-132 | Unexpected Ether balance
- SWC-133 | Hash Collisions With Multiple Variable Length Arguments
- SWC-134 | Message call with harcoded gas amount
- SWC-135 | Code With No Effects
- SWC-136 | Unencrypted Private Data On-Chain
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent