Security

Since 2026, DeFi security incidents have demonstrated concurrent patterns involving protocol vulnerabilities, front-end hijacking, and approval phishing. Drawing on this year's notable security cases, this article provides a systematic overview of Wallet layering, approval management, signature verification, and emergency response procedures, enabling regular users to build a practical and reusable on-chain security risk control system.

To strengthen blockchain application security, the Ethereum Foundation has introduced a new audit grant program. Through financial support and partnerships with professional institutions, the program reduces the cost threshold for Developers to perform security audits. In this article, you'll learn how the program works, the criteria for participation, and its broader implications for the crypto industry.

CoW Swap has suspended its services following a DNS hijacking incident targeting its frontend website. While the core protocol remains unaffected, this event underscores the persistent security risks facing DeFi frontends. In this article, we will examine the attack mechanism, the scope of its impact, and recommended preventive strategies.

Recently, an address contamination attack has targeted Squads multi-signature Wallet users. While no Assets have been lost, the attack could mislead users through interface manipulation and prompt incorrect actions.

With the ongoing growth of the Solana ecosystem, security concerns are becoming more critical. In response, the Solana Foundation has launched several new security programs, such as the STRIDE security framework and the SIRN incident response network. Additionally, developers are being offered security tools and support to strengthen the ecosystem's overall defense and transparency.

The Solana Foundation has introduced two comprehensive security frameworks, STRIDE and SIRN, encompassing protocol evaluation, around-the-clock threat monitoring, incident emergency response, and formal verification. This article offers a thorough analysis of how these initiatives influence the Solana DeFi ecosystem, security governance, and the path toward institutional adoption.

Aave is entering a new phase of node restructuring. With Aave V4 going live, Horizon progressing, and core service providers being replaced one after another, Aave is not simply undergoing a protocol upgrade; it is experiencing a comprehensive system overhaul focused on governance, Risk Control, and institutional capabilities. This article breaks down the critical variables that will define Aave’s future.

The essence of this attack lies in the creation of the market (soToken), where the attacker performed the first collateral minting operation with a small amount of the underlying token, resulting in a very small "totalSupply" value for the soToken.

In this in-depth research, we will examine recent high-profile events, get to the bottom of this sneaky attack, and provide you with the knowledge you need to protect your digital assets.

Recently, several Web3 participants have lost funds from their accounts due to downloading a fake Chrome extension that reads browser cookies. The SlowMist team has conducted a detailed analysis of this scam tactic.

Fully Homomorphic Encryption (FHE) represents the cutting edge of privacy protection technology. It offers exceptional privacy safeguards and can be utilized in Web3 for securing transaction privacy, protecting AI data, and enhancing privacy in co-processing units.

Unlike Aptos, Sui, and Linera, which are all L1 public chains based on the Move language, the new generation Movement is focusing on L2. It has launched the first Ethereum L2 based on the Move language, aiming to leverage the underlying execution performance and security advantages of Move and further integrate the ecological advantages of EVM. This allows developers to launch Solidity projects on M2 without writing Move code.

OneBalance is a framework for creating and managing cross-chain accounts, enabling chain abstraction through an account-centric ecosystem. This article discusses how the OneBalance framework facilitates the transition of the Web3 ecosystem from a chain-centric to an account-centric model.

Recently, scams in the cryptocurrency space have become rampant, leading to losses of 4.6 billion dollars in 2023 and 500 million dollars already lost in early 2024. Common problems include vulnerabilities in DeFi protocols (like flash loan attacks and oracle manipulation), phishing websites, and fake airdrops. To protect yourself, enhance your security awareness, regularly check and revoke unknown authorizations, use cold wallets for most of your assets, and avoid clicking on unknown links or downloading unfamiliar plugins.

TeleportDAO and Eigen Labs recently co-authored a paper addressing the security and efficiency issues light nodes face in accessing and verifying on-chain data within Proof of Stake (PoS) blockchains. The paper introduces a novel solution that enhances the security and efficiency of light nodes in PoS blockchains through various measures such as economic incentives, insured pre-security mechanisms, customizable "programmable security," and cost-effectiveness.