California resident files a lawsuit against AT&T alleging that its employees helped to perpetrate a SIM-swap resulting in the theft of over $1.8 million, including crypto. California resident Seth Shapiro has filed a lawsuit against wireless service giant AT&T alleging that its employees helped to perpetrate a SIM-swap which resulted in the theft of over…
Read more
Some major issues must be resolved before blockchain voting becomes trustworthy, according to a new study. Nir Kshetri, a professor of management at the University of North Carolina, has suggested that before blockchain-based voting can be considered safe and trustworthy, some major issues must be resolved. In an article published on Oct. 18, Kshetri claims…
Read more
Europol released its 2019 Internet Organized Crime Threat Assessment report, which shows that crypto-ransomware remains a top threat. The European Union Agency for Law Enforcement Cooperation (Europol) released its 2019 Internet Organized Crime Threat Assessment (IOCTA) report. Crypto exchanges continue to be a magnet for hackers On Oct. 9, Europol presented its IOCTA report of…
Read more
The notorious North Korean hackers known as the Lazarus APT Group have created another malware targeting Apple Macs and cryptocurrency users. The notorious North Korean hackers known as the Lazarus APT Group have created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm. Apple Mac security specialist and principal security researcher at…
Read more
An investment arm of United States-based blockchain firm Algorand loses up to $2 million in crypto after its CTO’s phone was hacked. Algo Capital, an investment arm of United States-based blockchain firm Algorand, has lost roughly $1–2 million in Tether (USDT) stablecoins and Algorand (ALGO) tokens after its CTO Pablo Yabo’s mobile phone was compromised.…
Read more
Hackerone user reveals critical bug in MakerDAO’s planned Multi-Collateral Dai upgrade that could have resulted in a complete loss of funds for all Dai users.
MakerDAO, the decentralized organization that runs on Ethereum, has fixed a critical bug that could have resulted in a complete loss of funds for all Dai users.
On Oct. 1 HackerOne user lucash-dev disclosed a report that revealed a critical bug in MakerDAO’s planned Multi-Collateral Dai (MCD) upgrade. The bug could have allowed an attacker to steal all of the collateral stored in the MCD system – possibly within a single transaction, Lucash-dev said.
The bug was caught during the testing phase of the MCD upgrade and before any users had access to the system.
The report reveals that the attack was possible due to a complete lack of access control in a MakerDAO smart contract. The report reads:
“A lack of validation in the method flip.kick allows an attacker to create an auction with a fake bid value. Since the end contract trusts that value, it can be exploited to issue any amount of free Dai during liquidation. That Dai can then be immediately used to obtain all collateral stored in the end contract.”
Lucash-dev reported the security flaw via the HackerOne forum and received a $50,000 bounty from MakerDAO’s bounty program which was the first critical finding in the program.
Cointelegraph reported in September that blockchain-based employment platform Opolis received a developer grant from MakerDAO, which will allow them to bring MakerDao’s stablecoin DAI to Opolis’ blockchain-based employment platform for freelancers.
Richard Brown, head of community development at MakerDAO, explained that while the freelance and gig economy offers freedom to many, it does not come without its downsides, and added:
“Maker is looking forward to seeing how Dai can help de-risk this emerging workforce.”
