Web3 projects lost over $2B to hacks in H1 2022

A report from CertiK finds that web3 projects lost over $2 billion to hacks in H1 2022—more than all of 2021 combined.

“2022 is already the most expensive year for web3 by far. From these numbers, 2022 is forecast to see a 223% increase in the funds lost to attacks when compared with 2021,” wrote CeriK in their report.

CertiK’s sobering report highlights the difficulties of an industry that pitches itself as returning to the decentralised ideals of web1 while...

Software supply chain attacks increased over 300% in 2021

We all knew there was an increase in software supply chain attacks in 2021, but a new study has quantified just how bad things got.

Argon Security – recently acquired by Aqua Security – published the latest edition of its annual Software Supply Chain Security Review this week.

The headline stat from Argon’s report that software supply chain attacks grew by more than 300 percent in 2021 compared to 2020.

Eran Orzel, Senior Director of Argon Customer...

Sonatype analysis reveals a 73 percent surge in open-source demand

A report from Sonatype has revealed a 73 percent surge in the demand for open-source despite a year of high profile vulnerabilities.

The growing use of open-source to keep up with the pace of modern development makes it a prime target for cybercriminals. We’ve seen this multiple times in practice over the past year with devastating attacks like that on SolarWinds even making national headlines for its widespread implications.

In fact, Sonatype’s report highlights a...

Codecov breach prompts fears of another SolarWinds-style hack

A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

"We are aware of the claims and we are investigating...

Microsoft: Over 1,000 developers contributed to SolarWinds hack

According to Microsoft’s analysis of the devastating SolarWinds hack, over 1,000 developers were involved.

The attack was described as “the largest and most sophisticated attack the world has ever seen,” by Microsoft president Brad Smith on US show 60 Minutes.

SolarWinds develops software to help businesses manage their networks, systems, and IT infrastructure. The company’s Orion solution is used by ~33,000 public and private sector customers.

In...

Decentralised platform Ethereum is hiring a dedicated security team for 2.0

The Ethereum Foundation is hiring a dedicated security team to ensure the next version of the decentralised platform is as robust as it needs to be.

A lot of money relies on the security of Ethereum. The explosion in DeFi (decentralised finance) means there is now $4.3 billion "locked up" in Ethereum apps – an increase of 442% over the past three months. Yet, this is tiny compared to the figures we could be discussing in a few years as DeFi growth continues and more use cases...