● 36 entries
Web3 & Blockchain
- 51% AttackAn attack where a single entity controls a majority of a blockchain's mining hash rate or staking power and uses it to rewrite history, double-spend, or censor transactions.
- Account Abstraction (ERC-4337)An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes.
- Address PoisoningAddress poisoning seeds a victim's transaction history with attacker-controlled lookalike addresses so they later copy-paste the wrong one and send funds to the attacker.
- Blockchain SecurityThe discipline of protecting distributed ledgers, their consensus mechanisms, smart contracts, and surrounding infrastructure from compromise, fraud, and theft.
- Clipboard HijackerA clipboard hijacker (crypto clipper) is malware that watches the OS clipboard and silently substitutes a victim's copied cryptocurrency address with one controlled by the attacker.
- Cold WalletA crypto wallet whose private keys are generated and stored on a device that is kept offline, so they are not exposed to remote network attackers.
- Cryptocurrency Mixer / TumblerA cryptocurrency mixer (or tumbler) pools and shuffles deposits from many users so that on-chain links between source and destination addresses are obscured.
- DeFiDecentralized Finance: financial protocols built from smart contracts on public blockchains that offer lending, trading, and other services without traditional intermediaries.
- Dust AttackA dust attack sends tiny amounts of cryptocurrency to many wallets so that, when the recipients later spend the dust, on-chain analysts can cluster and de-anonymize the addresses.
- EIP-712 SigningAn Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
- Flash Loan AttackA DeFi exploit that borrows a massive uncollateralised flash loan within one transaction to manipulate prices or governance and steal funds before the loan is repaid.
- Front-Running (Blockchain)On-chain trade abuse where an actor sees a pending transaction in the mempool and submits their own transaction first to profit from the predictable price impact.
- Hardware WalletA dedicated physical device that stores cryptocurrency private keys in a tamper-resistant secure element and signs transactions offline.
- Hot WalletA crypto wallet whose private keys reside on an internet-connected device, trading lower security for low-friction signing of frequent transactions.
- Inferno DrainerA 2022–2023 crypto-wallet-drainer-as-a-service that emptied tens of thousands of victims' wallets by phishing them into signing token-approval transactions on fake mint and airdrop sites, before shutting down in November 2023.
- Layer 2A scaling network that processes transactions off-chain while inheriting security from a base Layer 1 blockchain such as Ethereum or Bitcoin.
- Ledger WalletA hardware wallet line by French firm Ledger SAS that stores cryptocurrency keys inside a certified secure-element chip.
- MEV (Maximal Extractable Value)The profit that block builders, validators, or searchers can extract by reordering, inserting, or censoring transactions within the blocks they produce.
- Multisig WalletA cryptocurrency wallet that requires m-of-n signatures from independent keys to authorise a transaction, removing single-key compromise as a fatal failure.
- Nomad Bridge Hack (2022)An August 2022 attack on the Nomad cross-chain bridge where a single misconfigured trusted-root value allowed any user to copy-paste an existing withdrawal transaction with a different recipient — a chaotic ~$190 million crowd-drain.
- Oracle ManipulationAn attack that distorts the price or data feed used by a smart contract so the contract makes wildly wrong decisions about lending, liquidations, or settlement.
- Permit2 PhishingPermit2 phishing tricks an Ethereum user into signing a Uniswap Permit2 off-chain message that grants an attacker the right to transfer the victim's ERC-20 tokens.
- Recovery PhraseA list of 12 or 24 words generated under the BIP-39 standard that encodes the master seed of a cryptocurrency wallet and can restore all derived keys.
- Reentrancy AttackA smart-contract exploit where an external call lets the attacker re-enter the calling function before its state is updated, draining funds in a recursive loop.
- Ronin Bridge Hack (2022)A March 2022 attack on the Ronin Network bridge that drained ~$625 million in ETH and USDC — at the time the largest crypto bridge hack ever — attributed to North Korea's Lazarus Group via compromise of validator keys.
- Rug PullAn exit scam in which the developers of a crypto token, NFT collection, or DeFi protocol drain liquidity or treasury funds and disappear, leaving holders with worthless assets.
- Sandwich AttackA form of MEV in which an attacker places a buy order before a victim's pending swap and a sell order immediately after, profiting from the artificial price move they induce.
- Seed PhraseA human-readable list of 12 or 24 words (typically a BIP-39 mnemonic) that encodes the master secret from which all keys of a crypto wallet are derived.
- Signature Phishing (Web3)A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase.
- Smart Contract AuditAn independent security review of smart-contract source code, deployment configuration, and economic design to find vulnerabilities before launch or upgrade.
- Smart Contract SecurityThe practice of designing, reviewing, and operating on-chain programs so they cannot be exploited to steal funds, freeze logic, or violate intended business rules.
- Trezor WalletAn open-source hardware wallet line by SatoshiLabs that stores cryptocurrency seeds offline and signs transactions through a built-in screen and buttons.
- Wallet DrainerMalicious software or a phishing kit that tricks crypto-wallet users into signing transactions or approvals that hand over all valuable tokens and NFTs.
- WalletConnect SecurityThe security properties and known weak points of the WalletConnect open protocol, which lets dApps pair with mobile and hardware wallets over a relay network using QR codes or deep links to exchange signed messages.
- Wormhole Bridge Hack (2022)A February 2022 attack on the Wormhole cross-chain bridge between Solana and Ethereum that minted 120,000 wETH worth ~$326 million by exploiting a signature-verification flaw in the bridge's smart contract.
- ZK-RollupA Layer 2 scaling technique that batches transactions off-chain and posts a succinct zero-knowledge proof of their validity to the underlying Layer 1 blockchain.