In my previous presentations I have spoken about bridge vulnerabilities and how to exploit them by simple tools. This was an introduction to the core concepts of cryptocurrency hacking in a system where web2 and web3 are combined. This talk goes further into these exploitation techniques with a walk through of an imagined Web3/blockchain project which has the most common vulnerabilities present.
This talk covers:
– A full topology of a blockchain project and pointing our common points of vulnerabilities, common entry points for exploitation
– Exploiting a vulnerable Substrate node and breaching its ed25519/sr25519 private keys
– DoS attack against the network by resource intensive TX flood
– Social engineering users to sign transactions that actually steal all of their tokens
– Exploiting an ERC20-based smart contract with the stolen private key and stealing tokens
As a bonus, we will be hosting Crypto CTF Vol 9 Round 1 (cryptoctf.org) during HITBSecConf2022 – Singapore which will include challenges related to this presentation.