Beyond Private Keys: From Wallets and L2 to Supply Chains, How to Guard the Security Perimeter of Web3?

marsbitPublicado a 2026-07-09Actualizado a 2026-07-09

Resumen

Beyond Private Keys: Securing Web3's Expanding Attack Surface from Wallets to L2s and Supply Chains The crypto space faced a wave of security incidents in June, with over $75 million lost across 40 major attacks. These breaches highlighted risks beyond private key theft, exposing vulnerabilities across the entire user interaction chain. Wallet security was compromised not through stolen seed phrases, but via a critical flaw in the Cardano wallet SecondFi's signing implementation. This bug allowed attackers to potentially derive private keys from publicly visible signature data, emphasizing that wallet security depends on correct cryptographic implementation, ideally in open-source, auditable code. Layer-2 networks also revealed complex trust chain risks. Attacks on legacy Aztec deployments exploited inconsistencies in proof systems, showing that a valid zero-knowledge proof is only as secure as its underlying rules. Another attack on Taiko's SGX-based prover stemmed from a leaked signing key and inadequate verification checks. Furthermore, a technical glitch halted Base's block production, underscoring that L2 security encompasses network availability and reliable user exit paths as much as asset safety. Finally, the Polymarket incident demonstrated that even audited smart contracts are not immune. A compromised third-party supplier led to a malicious script being injected into the platform's frontend, resulting in user fund losses. This "supply chain attack" shows that t...

The crypto world experienced a series of security incidents spanning multiple areas in the month of June that just passed.

According to the latest monthly security report released by PeckShield, there were 40 significant hacking incidents in June, resulting in total losses of approximately $75.87 million. More alarmingly, these attacks were not concentrated on a single type of attack vector. Instead, they covered vulnerabilities across wallet signature implementation flaws, L2 protocol weaknesses, and third-party service supply chain attacks, with multiple lines of defense being breached within the same month.

As Web3 security risks expand from single entry points to the entire on-chain interaction path, every user is compelled to reconsider a question: Are my crypto assets still secure?

I. Beyond Private Keys: The Importance of Wallet Underlying Signature Implementation

The security incident that occurred on the Cardano ecosystem wallet SecondFi in June serves as the most direct example.

SecondFi is the successor to the Cardano ecosystem wallet Yoroi. Between June 21st and 23rd, attackers transferred approximately 16 million ADA from some SecondFi user addresses, involving about 374 wallets, valued at around $2.4 million at the time of the incident. SecondFi subsequently stated that emergency measures protected an additional approximately 129 million ADA potentially at risk.

The most unique aspect of this incident is that affected users did not actively hand over their seed phrases to the attackers. The problem lay in the wallet's underlying signature implementation. According to analysis by the security firm BlockSec, it incorrectly derived the signature nonce from the public transaction message, omitting the secret nonce prefix required by the standard implementation.

This meant that whenever users signed transactions using an affected version of the wallet, the public signature data posted to the chain would expose information sufficient to deduce the private key of the address. Therefore, attackers did not need to hack the user's phone or obtain the seed phrase; they only needed to analyze the public on-chain data to potentially recover the signing private key corresponding to the address.

From the user's perspective, the wallet was still functioning normally—after all, no pop-up leaked the seed phrase, passwords weren't cracked, and transactions were indeed initiated by the user. However, from a cryptographic standpoint, as long as the user's address had generated some valid signatures through the affected version, the public transaction and signature data could potentially help attackers deduce the address's signing private key.

Ultimately, wallet security also depends on whether private keys are generated correctly, whether signatures are performed strictly according to cryptographic standards, and whether these critical codes can be externally audited and verified. This is also the importance of keeping core wallet components open-source.

Of course, this is an implementation flaw specific to a particular wallet version, not a universal issue with all self-custody wallets. Taking imToken's TokenCore as an example, its core code repository is publicly hosted on GitHub, covering underlying wallet functions such as key management, address derivation, and transaction signing.

While open-source does not necessarily mean the code is entirely free of vulnerabilities, nor does it mean users can completely abandon vigilance, for the most sensitive cryptographic and signature components within a wallet, open-source at least provides an important premise: security researchers, developers, and the community can inspect the code, reproduce issues, and conduct continuous testing, rather than having to trust an unverifiable black box.

For ordinary users, this type of incident also corresponds to a few more practical security principles.

  • First, wallets should always be downloaded through official websites or official app stores, and security updates should be applied promptly.
  • Second, it's not advisable to keep all assets in the same wallet used for daily interactions. Large, long-term assets can be stored using hardware wallets or separate cold wallets, isolated from hot wallets frequently connected to DApps.
  • More importantly, once a wallet officially confirms a vulnerability at the key generation or signature implementation level, simply importing the same seed phrase into another wallet typically does not solve the problem;

Because after importing the same set of seed words into another wallet, the addresses and private keys that were already exposed will not change. Affected assets need to be transferred to a new address that has never signed through the vulnerable version. For ordinary users, a more reliable approach is usually to follow the official emergency procedure to create an entirely new wallet and seed phrase, and then complete the asset migration, rather than repeatedly importing or manipulating the original address themselves.

II. L2 is Not Just "Cheaper Ethereum," It's Also a Complex Chain of Trust

Beyond wallets, multiple incidents in June also point risks towards increasingly complex L2 systems.

On June 14th and 18th, two legacy Rollup deployments related to Aztec were successively attacked, resulting in combined losses of approximately $4.35 million.

It is important to note that the attacks targeted legacy deployments of Aztec Connect that were already in a deprecated state; this is not equivalent to the current Aztec Network mainnet itself being attacked. However, the issues exposed by both incidents are highly instructive for the entire ZK Rollup field.

In one incident, the attacker exploited an inconsistency between the number of transactions and the actual processed data, causing the system to record a deposit internally within the proof while bypassing the corresponding balance deduction process on L1.

The other incident stemmed from a missing constraint in the zero-knowledge proof circuit. The system validated a proof that was formally valid but did not ensure that the private state tree used by the proof was completely consistent with the public state root on Ethereum used for actual settlement. The attacker could therefore generate proofs around a forged state tree and extract assets from the L1 contract.

Such problems are difficult to summarize with the traditional notion of "whether there is a specific line of vulnerable code in the contract." After all, zero-knowledge proofs can prove that a certain computation process conforms to established rules, but the premise is that the rules themselves are correct and complete. If developers forget to constrain a critical variable, the proof may still be mathematically valid but prove a result inconsistent with the actual settlement state.

The subsequent security incident involving Taiko exposed another type of L2 trust chain risk.

On June 22nd, Taiko's SGX-based proof verification process was exploited, causing losses of approximately $1.7 million. According to BlockSec's analysis, the attacker used an SGX enclave signing private key that had once been committed to a public GitHub repository, while also exploiting a flaw in the on-chain verification contract that did not reject DEBUG mode Enclaves, registering a malicious prover as a legitimate instance.

The attacker then forged L2 state proofs, causing the contract on Ethereum to accept a non-existent L2 state, ultimately extracting assets from the bridge funds. In essence, this happened because the key used to sign the trusted execution environment was made public, and the remote attestation rules did not fully check the runtime environment attributes, ultimately causing a proof that was "attested" to lose its originally intended meaning of trustworthiness.

Meanwhile, Base experienced consecutive halts in mainnet block production on June 25th and 26th. Base stated in a post-mortem analysis that both interruptions stemmed from the same block construction logic flaw: a failed transaction did not correctly clean up previously recorded state, causing subsequent transactions to have Gas incorrectly calculated and leading to the generation of a block containing invalid state transitions. As other nodes could not accept this block, the network ultimately stopped progressing. Base stated that chain integrity was not compromised during the incident, and user funds remained safe.

This was not an asset theft or external attack but a technical failure affecting network availability and recovery capability. However, from a broader security perspective, availability itself is part of the L2 security model.

Because for users, whether a chain is secure depends not only on whether hackers can forge assets, but also on whether blocks can be produced continuously, cross-chain bridges can function normally, nodes can recover quickly, and whether users still have a feasible exit path when the system fails.

Therefore, when using L2, users should not only compare fees and airdrop expectations. For L2s that are smaller, newly launched, or whose security mechanisms are still rapidly evolving, try to avoid storing large amounts of assets beyond actual usage needs for extended periods. Before bridging, confirm the use of the official bridge and understand withdrawal times, pause mechanisms, and emergency exit methods. If encountering network halts, bridging abnormalities, or official security warnings, do not repeatedly submit transactions or continue bridging assets.

A more prudent approach is to manage assets of different purposes and risk levels separately, rather than placing all liquidity on the same L2, the same cross-chain bridge, or the same exit mechanism.

III. Even If the Contract Isn't Hacked, Third-Party Services Can Bring Attacks to Users

If the issues with wallets and L2 still occur within relatively low-level technical components, then the Polymarket incident illustrates that the web frontend, closest to the user, can also become a fund entry point.

On June 25th, Polymarket stated that a third-party vendor they used was compromised. Attackers used this to inject malicious scripts into the Polymarket frontend accessed by some users.

According to statistics from security agencies and on-chain analysts, the incident resulted in approximately $3 million in user asset losses, involving about 11 wallets. The stolen funds were subsequently bridged from Polygon to Ethereum and exchanged for approximately 1,893 ETH. However, Polymarket later stated that it had removed the affected dependency and would fully reimburse affected users.

The key to this incident is that users might still be visiting the correct Polymarket domain name. Existing disclosures have not pointed to vulnerabilities in Polymarket's core smart contracts. The main problem lay in a third-party frontend dependency loaded by the webpage.

This also serves as a mirror. Today, most Web3 applications do not run entirely on-chain. The webpages users see, such as trading interfaces, still heavily rely on traditional internet infrastructure and third-party software packages. If any one of these dependencies is attacked, it could cause a legitimate website to display incorrect information to users, replace receiving addresses, or induce wallets to sign malicious transactions.

Therefore, "the URL is correct" does not necessarily equate to "all code loaded at this moment is secure." "The contract has been audited" also does not mean the entire interaction path between the user and the contract is risk-free. Faced with these types of frontend and supply chain attacks, ordinary users find it difficult to independently inspect every piece of code loaded by a webpage, but they can still limit potential losses by reducing single-interaction permissions:

  • Use a dedicated DApp interaction wallet: Avoid directly connecting long-term savings wallets to various DeFi, NFT, prediction market, and airdrop websites. Keep only funds intended for recent use in the daily interaction wallet. Even if the frontend or authorizations have problems, the scope of impact is relatively limited.
  • Pay attention to the actual operation before signing, not just the webpage button: The webpage may say "Login," "Claim," or "Confirm Order," but this does not mean the signature popping up in the wallet is for the same action.
  • When anomalies appear on a webpage, do not rely on inertia to continue operations: If a page suddenly asks to re-import a seed phrase, download an additional plugin, or displays transaction content inconsistent with the webpage description, pause the interaction. Confirm the situation through the project's multiple official channels, and check or revoke historical authorizations no longer in use.

From the perspective of wallet products, this also means the role wallets undertake is changing.

It should not be just a tool for storing private keys and popping up signature windows. It also needs to help users understand transaction intent, identify abnormal authorizations, display asset changes as much as possible, and provide sufficiently clear warnings before high-risk interactions occur.

But wallets cannot eliminate all risks for users. A more realistic security model involves wallets, protocols, L2s, third-party service providers, and users working together to reduce the attack surface, rather than placing all responsibility on any single party.

Final Words

In the past, it was often said, "Whoever holds the private key holds the on-chain assets."

This statement still holds true, but it does not cover the entire process from "generating transaction intent" to "completing on-chain settlement" for user assets. Today, Web3 security is no longer just about protecting a set of seed words; it's about protecting the entire path from wallet key generation, transaction display, signature execution, to network verification and final settlement.

Of course, this does not mean users need to stay away from all on-chain interactions. For users, truly effective security habits mean separating asset purposes, risk levels, and interaction scenarios for management: long-term assets emphasize isolation, daily interactions use small amounts, unfamiliar DApps get low authorization, and high-risk operations require more verification.

After all, when security risks expand from a single point to an entire chain, a user's defense must also upgrade from simply protecting a private key to a comprehensive set of habits.

For us all to reflect upon.

Criptos en tendencia

Preguntas relacionadas

QWhat was the significance of the SecondFi wallet security incident in June?

AThe SecondFi wallet incident demonstrated that security risks can exist beyond just protecting the private key. The flaw was in the wallet's underlying signature implementation, specifically an error in deriving the signature nonce from public transaction messages without the required secret nonce prefix. This meant that every time a user signed a transaction with the affected wallet version, the public signature data exposed enough information for an attacker to potentially derive the address's private key, without needing to compromise the user's device or seed phrase.

QWhat are the key security concerns for users when interacting with Layer 2 (L2) networks?

AKey L2 security concerns go beyond just transaction costs. Users must consider the entire trust chain, including the correctness and completeness of zero-knowledge proof circuit constraints, the security of trusted execution environment keys (like SGX), and the network's availability and recovery mechanisms. Incidents have shown that vulnerabilities can allow asset theft through state inconsistencies or fake proofs. Furthermore, network halts due to logic bugs impact availability. Users are advised to not store large amounts of assets on newer or smaller L2s, use official bridges, understand withdrawal mechanisms, and diversify assets across different chains and bridges.

QHow did the Polymarket incident illustrate the risks of third-party service or supply chain attacks?

AThe Polymarket incident showed that even if a DApp's core smart contracts are secure and users visit the correct website, their funds can be at risk through compromised third-party frontend dependencies. In this case, an attacker compromised a third-party service provider used by Polymarket and injected malicious scripts into the website's frontend for some users. This allowed the attacker to steal funds by manipulating the transaction approval process, highlighting that the security of the entire user interaction path—not just the contract—is critical.

QWhat practical security habits does the article recommend for ordinary Web3 users?

AThe article recommends several practical security habits: 1) Always download wallets from official sources and keep them updated. 2) Separate assets: use hardware wallets or independent cold wallets for large, long-term holdings, and use a separate hot wallet for daily DApp interactions with limited funds. 3) For compromised wallets, migrate assets to a completely new wallet/address, not just import the seed phrase elsewhere. 4) Use isolated DApp interaction wallets to limit exposure. 5) Carefully review transaction details in the wallet pop-up before signing, not just the website button. 6) Pause and verify if a website behaves abnormally. 7) Diversify assets across different L2s and bridges.

QHow has the role of a wallet evolved according to the article's perspective on Web3 security?

AThe article argues that a wallet's role is evolving beyond just a tool for storing private keys and signing transactions. To address expanded security boundaries, wallets now need to actively help users understand transaction intent, identify abnormal authorization requests, display asset changes clearly, and provide clear warnings before high-risk interactions. However, wallets cannot eliminate all risks alone. A more realistic security model requires collaboration between wallets, protocols, L2 networks, third-party service providers, and users to collectively reduce the attack surface.

Lecturas Relacionadas

Zuckerberg Begins Betting on Prediction Markets, While Asian Countries Still View Them as Gambling

Mark Zuckerberg is backing prediction markets, with Meta developing its own app "Arena," signaling major tech validation. This industry now sees over $14 billion in monthly volume. These markets function as binary contracts (payout $1 if an event occurs, $0 if not), with trading prices reflecting real-time event probabilities. Results are settled by oracles. Prediction markets originated from informal political betting and academic experiments like the Iowa Electronic Markets. Their core mechanism relies on "skin in the game"—participants risk their own money, making aggregated information more reliable than polls or expert opinions. They have proven accurate in forecasting areas like monetary policy, elections, and market events. While Western markets are integrating them into regulated financial systems, many Asian jurisdictions still classify them as gambling, leading to regulatory divergence. This stance creates three major issues for Asia: regulatory arbitrage and capital outflow, loss of informational sovereignty as valuable social data accumulates offshore, and a lack of user protection within a formal framework. The article argues that Asia's focus should shift from blocking these markets to responsibly harnessing the data they generate within a regulated system. The current avoidance of discussion cedes leadership and advantages to foreign entities.

Foresight NewsHace 12 min(s)

Zuckerberg Begins Betting on Prediction Markets, While Asian Countries Still View Them as Gambling

Foresight NewsHace 12 min(s)

Robinhood Chain Goes Viral in One Week: Memes Drive Traffic, Stablecoins Support TVL

Robinhood Chain, an Arbitrum-based Layer 2 network launched on July 1st, experienced explosive growth in its first week. While meme coin hype drove user activity, stablecoin deposits fueled its surge in Total Value Locked (TVL). The chain's rapid adoption was driven by multiple factors. CEO Vlad Tenev reversed his initial stance, endorsing the chain for meme coins despite its original focus on Real-World Assets (RWA). The integration of the popular Solana-based launchpad Pump.fun significantly lowered the barrier for meme trading. Furthermore, the prediction market application World announced a migration from Solana to Robinhood Chain. Meme coin mania, led by tokens like CASHCAT, generated massive trading volume, with daily active addresses skyrocketing from near zero to hundreds of thousands. However, the primary driver of the chain's TVL, which soared past $234 million, was a major institutional deposit. Ethena injected approximately $50 million in stablecoins into the Morpho lending protocol, which underpins Robinhood's Earn product, accounting for the bulk of locked value. This highlights two concurrent narratives: retail-driven meme speculation boosting transactions, and institutional stablecoin deposits building foundational liquidity. In contrast, the chain's flagship RWA offerings, like tokenized stocks, remain a minor part of the ecosystem at around $12.8 million. The first week demonstrates a path where speculative trading and yield-seeking capital provide initial momentum, while the core RWA vision is still in early development.

Foresight NewsHace 1 hora(s)

Robinhood Chain Goes Viral in One Week: Memes Drive Traffic, Stablecoins Support TVL

Foresight NewsHace 1 hora(s)

Trading

Spot

Artículos destacados

Cómo comprar AR

¡Bienvenido a HTX.com! Hemos hecho que comprar Arweave (AR) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Arweave (AR) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Arweave (AR)Después de comprar tu Arweave (AR), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Arweave (AR)Tradear fácilmente con Arweave (AR) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

726 Vistas totalesPublicado en 2024.12.11Actualizado en 2026.06.02

Cómo comprar AR

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de AR (AR).

活动图片