# Пов'язані статті щодо Security

Центр новин HTX надає останні статті та поглиблений аналіз на тему "Security", що охоплює ринкові тренди, оновлення проєктів, технологічні розробки та регуляторну політику в криптоіндустрії.

Exploit Wallet Converts Stolen Tokens Into 18,510 ETH And 1,548 BNB

An exploit-linked wallet has reportedly converted stolen assets into 18,510 ETH (approximately $30.83 million) and 1,548 BNB ($924,000). According to on-chain tracking data cited by WuBlockchain and Lookonchain, the attacker sold compromised "H tokens" to obtain these more liquid assets and still holds an additional 111.36 million H tokens worth about $14 million. This conversion into major cryptocurrencies like ETH and BNB is a common step after an exploit, as attackers move from illiquid, traceable tokens toward deeper, more liquid assets. This consolidation can signal potential next steps, such as moving funds through bridges or mixers, and complicates recovery efforts for security teams. While blockchain analysis provides real-time visibility into such transactions, the identity of the wallet controller often remains uncertain. The data serves as a valuable snapshot of fund movement, highlighting the role of on-chain monitors in tracking security incidents before official investigations are complete.

bitcoinist11 год тому

Exploit Wallet Converts Stolen Tokens Into 18,510 ETH And 1,548 BNB

bitcoinist11 год тому

FinChip Partners With CertiK To Establish Security Audit Standards for AI Skills Code Assets Trading

FinChip.AI, an AI infrastructure platform for AI Skill encapsulation and distribution, has announced a strategic partnership with blockchain security leader CertiK. The collaboration integrates CertiK's AI Skill Security Scan capability into FinChip's platform workflows for skill publication and review. Together, they aim to establish security audit standards for AI Skills as a new category of tradable "code assets," fostering a trustworthy and secure trading ecosystem. As AI Skills become packaged and tradable assets, verifiable security is essential. FinChip will embed CertiK's scanning API, using results and risk scores in its review processes, and a joint security certification badge will highlight audited Skills on the platform. Executives from both companies emphasized that security must be foundational in the AI Agent era and expressed commitment to deeper exploration at the intersection of AI and Web3 security.

TheNewsCrypto21 год тому

FinChip Partners With CertiK To Establish Security Audit Standards for AI Skills Code Assets Trading

TheNewsCrypto21 год тому

The Revelation from the Raydium Theft Incident: New DeFi Vulnerabilities Lurking in Forgotten Old Contracts

**Raydium Exploit Reveals DeFi's Hidden Risk: Forgotten "Zombie" Contracts** A recent attack on Raydium's deprecated V3 AMM pools resulted in a loss of approximately $1.34 million. The hacker exploited pools that were no longer supported by Raydium's current UI or SDK but remained fully functional and accessible on-chain. This incident highlights a critical, often overlooked category of risk in DeFi: inactive or legacy smart contracts that projects fail to properly decommission. Since March 2025, there have been at least 8 publicly reported attacks targeting such abandoned contracts, with total losses around $10.8 million. Including older pools and deprecated features, the count rises to 10 incidents with roughly $22.5 million in losses. These "zombie contracts" represent a lifecycle management failure rather than a code vulnerability, yet they are typically misclassified under general "code bug" categories in security reports, masking the true scale of the problem. The root cause is that projects often merely document a contract as "deprecated" without taking essential technical steps to secure it: withdrawing remaining assets, disabling external call functions, and implementing ongoing monitoring. These forgotten, under-monitored components become prime targets for attackers. To address this, the industry needs to recognize "zombie contracts" as a distinct risk category and establish standardized decommissioning protocols. Essential steps should include: 1) a formal retirement announcement, 2) removal of all front-end integrations, 3) withdrawal of locked assets, 4) disabling key contract functions, 5) ongoing security monitoring, 6) clear user communication, and 7) a post-mortem analysis. The value of a DeFi project lies not only in its current TVL but also in the security of its historical codebase, which has now become a new attack surface.

Foresight News23 год тому

The Revelation from the Raydium Theft Incident: New DeFi Vulnerabilities Lurking in Forgotten Old Contracts

Foresight News23 год тому

Helius CEO Says Crypto’s ‘Straw Houses’ Face Collapse As AI Raises The Stakes

Helius Labs CEO Mert Mumtaz warns that cryptocurrency is entering a critical security phase, demanding spaceflight-level rigor. He argues crypto's promise of irreversible execution can no longer tolerate the "sloppy" software standards of traditional web apps, where bugs can be patched. Instead, immutable financial code must be provably correct, akin to launching a spaceship. Mumtaz connects this to the historical "software crisis" and the need for formal verification. He criticizes the industry's "facade of decentralization"—reliance on admin keys and emergency interventions—which masks underlying fragility. AI is a dual catalyst: while it empowers attackers to find exploits faster, it also makes rigorous practices like formal verification, audits, and invariant checking more accessible at scale. This will trigger a "trial by fire" and "aggressive natural selection," separating robust "serious infrastructure teams" from fragile "straw house" protocols that may collapse. The ultimate goal is a crypto industry where demonstrable correctness and security are paramount, making it safer and more robust than centralized finance. Mumtaz's warning comes as AI models like Claude advance, compressing the time for both offensive and defensive security research in DeFi.

bitcoinist2 дні тому 09:02

Helius CEO Says Crypto’s ‘Straw Houses’ Face Collapse As AI Raises The Stakes

bitcoinist2 дні тому 09:02

Public Version of Mythos Officially Launched: Analyzing the Advantages and Limitations of AI Smart Contract Auditing

Publicly available Mythos, Anthropic's AI model, has officially launched, demonstrating both significant potential and limitations in smart contract security auditing. The article analyzes its capabilities through real-world cases. AI excels in identifying subtle, low-level vulnerabilities through pattern recognition and large-scale code screening. A key example is detecting a storage slot collision between a custom rewards mapping and a third-party library's ReentrancyGuard, a vulnerability easily missed in manual audits. In the recent Zcash incident, AI also rapidly discovered a critical soundness bug that had remained hidden for years. However, AI currently struggles with complex, interconnected scenarios. When tested on the Curve LlamaLend sDOLA exploit, which involved manipulating prices across multiple protocols (Curve pools, lending markets) to trigger liquidations, Fable 5 failed to identify the core cross-protocol attack vector. These scenarios require a deep understanding of DeFi economic models and multi-contract interactions. In conclusion, while AI tools like Mythos significantly boost efficiency in finding standardized, syntactic vulnerabilities, they cannot yet replace expert analysis for complex, business-logic, and cross-protocol attacks. An effective audit workflow combines AI's speed for initial screening with human expertise for in-depth, holistic analysis.

marsbit2 дні тому 08:06

Public Version of Mythos Officially Launched: Analyzing the Advantages and Limitations of AI Smart Contract Auditing

marsbit2 дні тому 08:06

Restoring Crypto Privacy: ZCASH (ZEC) Makes A Move After 50% Crash

Following a severe price crash of over 50% triggered by the discovery of a critical counterfeiting vulnerability in its Orchard privacy pool, Zcash (ZEC) is taking steps to restore confidence. The bug, found by a security researcher using AI, could have allowed undetected creation of fake ZEC tokens. Developers from the Zcash Open Development Lab (ZODL) and others quickly patched the flaw, helping the price rebound over 70%. However, Orchard's privacy features make it impossible to verify if any counterfeit tokens were actually created before the fix. To address this, key ecosystem groups including Shielded Labs and The Zcash Foundation have proposed a new system called Ironwood. Its primary goal is to restore users' ability to independently verify Zcash's total circulating supply. Once activated, node operators could confirm the supply hasn't been tampered with. The Ironwood proposal would also block any new coin minting in the Orchard pool and restrict fund movement through a controlled mechanism. This system could provide evidence on whether the vulnerability was ever exploited. If no excess ZEC attempts to leave the pool, it suggests no counterfeiting occurred. Any attempted exit of fake coins would be blocked and destroyed, publicly revealing any attack while protecting the legitimate supply.

bitcoinist06/11 05:02

Restoring Crypto Privacy: ZCASH (ZEC) Makes A Move After 50% Crash

bitcoinist06/11 05:02

IC3 Top Universities Collaborative Analysis: Is AI x Crypto the Real Future or Just a Narrative Bubble?

IC3 researchers from leading universities analyze the convergence of AI and crypto. They argue meaningful integration is still nascent, with hype often outstripping progress. The report frames AI as a "translation middleware" making blockchain accessible, while crypto serves as a "trust middleware" via tools like ZK proofs and TEEs for integrity, availability, and confidentiality. Two main directions are examined: 1) **Crypto x AI**: Using AI to enhance blockchain via analysis (fraud detection), algorithmic design, and AI oracles (with accuracy varying by task). New risks include AI-driven malicious smart contracts. 2) **AI x Crypto**: Using crypto to enhance AI via decentralized infrastructure (DePIN), data markets, agent micropayments, governance, and securing AI pipelines (training/federated learning, secure inference). The "Protected Pipeline" (Props) framework combines oracles and trusted computation for secure use of private data. Key challenges are highlighted: The industry must rigorously prove decentralized AI's cost competitiveness and crypto's utility for agent payments. Major research gaps include providing systemic security for autonomous agents and addressing novel threats like unstoppable AI agents. The report concludes by debunking five common misconceptions: blockchain cannot inherently detect AI content, solve algorithmic bias, grant true AI autonomy, ensure AI trustworthiness through mere transparency, or guarantee that decentralization is always cheaper for AI tasks. The field remains in an early, evidence-seeking phase.

marsbit06/11 00:12

IC3 Top Universities Collaborative Analysis: Is AI x Crypto the Real Future or Just a Narrative Bubble?

marsbit06/11 00:12

Anthropic Released the "Most Powerful Model," But Most People Can't Use It

In April, Anthropic launched a preview of its "Mythos" model, which was not publicly released due to its exceptional ability to autonomously discover high-risk zero-day vulnerabilities, posing a security threat if misused. It was restricted to a trusted group of security partners under "Project Glasswing." On June 10, Anthropic officially released Fable 5 and Mythos 5. They share the same underlying model but are distributed under different rules. Fable 5 is for general users, while Mythos 5 remains locked for trusted security partners. Benchmarks show Fable 5 leading in software engineering and long-task execution, with significant improvements in generating production-ready code. However, Fable 5 includes a safety classifier that automatically downgrades requests related to cybersecurity, biochemistry, or model distillation to the weaker Opus 4.8 model. This mechanism, while intended for safety, can affect the user experience and has faced criticism for being overly conservative. Pricing is another key point. Fable 5's API costs are double that of Opus 4.8. Furthermore, after a free trial period ending June 23, it will be removed from standard subscription plans, requiring users to purchase additional credits for access. This shift signals a move towards pay-as-you-go pricing for the most advanced capabilities. The strategy highlights a growing divergence in the AI industry: while some players like DeepSeek are drastically cutting prices, Anthropic is increasing them for its top-tier model, using cost as a filter for high-value users. The article suggests the AI market is stratifying, with commoditized capabilities becoming cheaper while premium, cutting-edge models command a significant price premium.

marsbit06/10 23:52

Anthropic Released the "Most Powerful Model," But Most People Can't Use It

marsbit06/10 23:52

The Quantum Threat Is Coming—Stellar Reveals Its Defense Strategy

The Stellar Development Foundation has released a Quantum Preparedness Plan, aiming to migrate the entire Stellar network to quantum-safe cryptography by the end of 2027. The urgency stems from quantum computers potentially using Shor's algorithm to crack the elliptic curve cryptography currently securing blockchains. A significant challenge identified is handling dormant accounts, where quantum attacks could derive private keys from public ones, risking account takeover. Stellar's structural advantage is that its account addresses are separate from signing keys. This allows users to add quantum-safe signers via existing operations without changing their address or moving assets, unlike most other blockchains. The migration will occur in phases: post-quantum signature verification for smart contracts in 2026, native support for classic accounts in 2027, and a future deprecation of the old Ed25519 standard. However, the plan notes that zero-knowledge proof systems on the network remain vulnerable and require further research.

bitcoinist06/10 18:02

The Quantum Threat Is Coming—Stellar Reveals Its Defense Strategy

bitcoinist06/10 18:02

Maelstrom’s Bitcoin Grants Hit 20 Months — 5 Developers, 4 Active, Here’s What They’ve Accomplished

Maelstrom, the family office of BitMEX co-founder Arthur Hayes, has published the first annual report for its Bitcoin Grant Program. Over a 20-month period beginning in October 2024, the program has supported five developers, with four currently active. They are paid monthly in Bitcoin, with grants capped at $400,000 per developer annually. Two developers focus on Bitcoin Core: **Rkrux** is a prolific code reviewer, working on MuSig2 and wallet descriptor modernization. **Stratospher** focuses on critical consensus and peer-to-peer network code, fixing bugs that could cause network splits. Two others advance Bitcoin privacy: **Benalleng** develops Payjoin, a protocol that breaks common surveillance heuristics, with integrations in several wallets. **Macgyver** works on Silent Payments, enabling reusable static addresses without on-chain reuse, driving wallet adoption and standardization. The program funds only open-source Bitcoin protocol work with no commercial ties. The report highlights this model as a direct, transparent way for successful industry participants to fund the essential, unglamorous development underpinning Bitcoin's security and privacy.

bitcoinist06/10 13:32

Maelstrom’s Bitcoin Grants Hit 20 Months — 5 Developers, 4 Active, Here’s What They’ve Accomplished

bitcoinist06/10 13:32

活动图片

Indepth Research

Project Updates