Open in app

Sign in

Write

Sign in

Coinspect Security
Coinspect Security

57 Followers

Home

About

Aug 29

A UI Flaw in Top Crypto Wallets

Coinspect discovered a vulnerability in over 27 software wallets which could allow malicious websites to deceive users into sending all their funds to attackers. The root cause was a lack of input validation that allowed arbitrary text, including empty lines and Unicode characters, to be displayed as part of the signature request. This flaw made it feasible for attackers to craft and present misleading messages that appeared as genuine elements of the wallet’s user interface.

Ethereum

1 min read

A UI Flaw in Top Crypto Wallets
A UI Flaw in Top Crypto Wallets
Ethereum

1 min read


May 17

Time-locked Recovery

In crypto, recovery, and backup strategies are as crucial as the security measures safeguarding the wallets. So instead of a system where secrets leave the protection of a secure enclave or secure element chip, it’s feasible to design systems where a second set of keys can recover funds when needed…

Wallet

2 min read

Time-locked Recovery
Time-locked Recovery
Wallet

2 min read


May 16

A Challenge in Verifying Hardware Wallet Security

Bitcoin, Ethereum, and other blockchains use the ECDSA algorithm for transaction signatures. A crucial aspect of ECDSA’s security is the use of a random number in each signature it generates. However, if this number isn’t genuinely random — for instance, if it’s repeated or if attackers can predict it due…

Security In Crypto

5 min read

A Challenge in Verifying Hardware Wallet Security
A Challenge in Verifying Hardware Wallet Security
Security In Crypto

5 min read


May 15

SNaP Attack: Cracking Ethereum’s Synchronizing Node Random Generator

Massimiliano Taverna and Kenneth G. Paterson published "Snapping Snap Sync: Practical Attacks on Go Ethereum Synchronising Node", a paper uncovering flaws in Ethereum networks (only PoW chains, pre Merge) that could trick a node into syncing with a malicious chain, enabling an attacker to craft an arbitrary Ethereum state for…

Ethereum

6 min read

SNaP Attack: Cracking Ethereum’s Synchronizing Node Random Generator
SNaP Attack: Cracking Ethereum’s Synchronizing Node Random Generator
Ethereum

6 min read


Mar 18

Addressing Rumors and Recommendations Following the MyAlgo Wallet Hack

A high-impact hack recently targeted MyAlgo, a web-based Algorand wallet, affecting thousands of users. Our team at Coinspect has voluntarily collaborated with the wallet provider in a good-faith effort to identify the root cause. We are proud to say we identified one particular attack that matches the incidents reported. …

Algorand

3 min read

Addressing Rumors and Recommendations Following the MyAlgo Wallet Hack
Addressing Rumors and Recommendations Following the MyAlgo Wallet Hack
Algorand

3 min read


Feb 14

Dissecting Ethereum delegated staking from a security perspective — Part 2

Welcome to our second article on Security Considerations for Ethereum Delegated Proof of Stake (DPoS) platforms. As we explored previously, there are multiple security challenges associated with delegated staking, nearly all related to the excessive trust expected by staking platforms. In this post, we’ll delve into what led us to…

Ethereum

5 min read

Dissecting Ethereum delegated staking from a security perspective — Part 2
Dissecting Ethereum delegated staking from a security perspective — Part 2
Ethereum

5 min read


Dec 12, 2022

Learn EVM Attacks release

We at Coinspect are excited to announce the release of our new code repository, learn-evm-attacks! This repository is an educational resource for anyone who wants to learn more about Ethereum Virtual Machine (EVM) exploits and vulnerabilities. We have reproduced more than 30 attacks on EVM chains: most of them actually…

Security

1 min read

Learn EVM Attacks release
Learn EVM Attacks release
Security

1 min read


Dec 9, 2022

Dissecting Ethereum delegated staking from a security perspective — Part 1

As the number of platforms offering delegated Ethereum validators as a service grows, so does the interest in evaluating its associated risks. This post aims to help users interested in these services, as well as professionals reviewing or building such platforms. We will discuss the risk associated with: The high-trust…

Ethereum

6 min read

Dissecting Ethereum delegated staking from a security perspective — Part 1
Dissecting Ethereum delegated staking from a security perspective — Part 1
Ethereum

6 min read


Oct 13, 2021

Tempus Smart Contract Audit

In September 2021, Tempus engaged Coinspect to perform a third-party source code review of the smart contracts that comprise ther on-chain derivatives marketplace. No high-risk vulnerabilities that would result in stolen users funds were identified. However, one medium-risk issue (high impact, but low likelihood) was reported that could impact user funds if current security assumptions change in the future. Another medium-risk issue was reported related to the power the pool owners possess to update fees without constraints and that could be abused to harm users if the account were compromised.

Security Services

1 min read

Tempus Smart Contract Audit
Tempus Smart Contract Audit
Security Services

1 min read


Apr 30, 2021

Incognito Ethereum Bridge Audit

In February 2021, Incognito engaged Coinspect to perform a source code review of the smart contracts that comprise the Incognito-Ethereum bridge. The main contracts are: IncognitoProxy: stores beacon and bridge committee members of the Incognito Chain, and other contracts can query this contract to check if an instruction is confirmed on the Incognito Chain. Vault: responsible for deposits and withdrawals; it holds assets (Ether or ERC20 tokens) and emits events that the Incognito Chain interprets as minting instructions; and when presented with a burn proof created over at the Incognito Chain, it releases the assets back to the user.

Smart Contracts

1 min read

Incognito Ethereum Bridge Audit
Incognito Ethereum Bridge Audit
Smart Contracts

1 min read

Coinspect Security

Coinspect Security

57 Followers

Security for a Decentralized World

Following
  • Paradigm

    Paradigm

  • Exactly Protocol

    Exactly Protocol

  • SlowMist

    SlowMist

  • BlockSec

    BlockSec

  • SatoshiLabs

    SatoshiLabs

See all (51)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams