thank you for joining us!

Breaking Web3: Exploitation Techniques for Cryptocurrency Hacking


August 25, 2022




Main Track

In my previous presentations I have spoken about bridge vulnerabilities and how to exploit them by simple tools. This was an introduction to the core concepts of cryptocurrency hacking in a system where web2 and web3 are combined. This talk goes further into these exploitation techniques with a walk through of an imagined Web3/blockchain project which has the most common vulnerabilities present.

This talk covers:

– A full topology of a blockchain project and pointing our common points of vulnerabilities, common entry points for exploitation

– Exploiting a vulnerable Substrate node and breaching its ed25519/sr25519 private keys

– DoS attack against the network by resource intensive TX flood

– Social engineering users to sign transactions that actually steal all of their tokens

– Exploiting an ERC20-based smart contract with the stolen private key and stealing tokens

As a bonus, we will be hosting Crypto CTF Vol 9 Round 1 (cryptoctf.org) during HITBSecConf2022 – Singapore which will include challenges related to this presentation.




David is a Web3 researcher and security expert that founded the largest crypto hacking competition in the world called CCTF. He is also the co-founder of QRUCIAL and has more than 10 years experience in IT penetration testing and got several global certifications. Since 2021 he is the Head Ambassador for Eastern Europe of Polkadot – a sharded protocol that enables blockchain networks to operate together seamlessly.

Other Talks in This Track