On June 20, a cybersecurity firm disclosed a critical vulnerability in Kraken's systems, leading to a $3M bug bounty reward. This vulnerability allows a malicious attacker to initiate a deposit on the system and receive funds in their account without fully completing the deposit.

On June 10, UwuLend suffered a major loss of $19.4 million by an oracle manipulation attack. The oracle determined prices by the conditions of multiple Curve pools. The attacker can manipulate the pool states by executing large trades with borrowed tokens.

On June 2, Velocore's L2 DEX lost over $6.8 million due to an exploit across its pools on Linea and zkSync. The absence of permission verification on Velocore's Balancer-style CPMM contract enabled an attacker to manipulate fee calculations, resulting in a loss of liquidity.

Notable exploits in June 2024 resulted in a total cost of $29.2 million. The most severely affected entity in June 2024 was UwuLend, which incurred a loss of $19.4 million. The details of each attack can be found in the reply.

Our CEO, Sitthinut Haruanpuach, moderated BUIDL HOUR, providing vital insights to support new builders in marketing, technical aspects, and grants. We appreciate the invitation from @W3X_NW and @Gm2Social.

6/ Another factor involves biometric (fingerprint, face, or retina) scanning which is "something you are" commonly used for door access, often combined with a keycard or passcode for two-step access.

5/ This adds an extra layer of security by confirming that you have the physical device in your possession (something you have) in addition to entering a password (something you know). This method is commonly used on cryptocurrency exchanges that require both for login.

4/ Authenticator application is a widely used application among cryptocurrency enthusiasts. It generates random numbers on your device for verification purposes.

3/ For example, if you use two-factor authentication and someone else knows your password, they still won't be able to access your account. They'll need to have another factor in place to log into your account.

2/ Two-factor authentication is designed to prevent unauthorized access by requiring both factors, reducing the risk if one factor is stolen.

1/ Two-factor Authentication (2FA) can be applied to any system, whether online or offline. It requires two different types of factors for authentication: something you know, something you have, and something you are.

7/ On May 31, the largest hack since 2022 occurred. Approximately 4502 $BTC (around $304M) was stolen from the DMM Bitcoin hot wallet. This hack is now the third-largest cryptocurrency theft in Japan's history, following the 2018 Coincheck hack. https://t.co/GKoQV4fpgQ

6/ The minted $GALA was exchanged for up to 100 $ETH, equivalent to approximately $21.8M.

5/ On May 21, 5 billion $GALA was illicitly minted.

4/ On May 17, the private key of AlexLab was compromised, resulting in the exploiter taking over as the admin of the vault associated with the ALEX liquidity pool and stealing approximately 4.3 million worth of digital assets.

3/ The attacker manipulated the exchange rate of the $VELO market with zero suppliers, increased the collateral value, and then borrowed a significant amount of assets (AKA: Donation Attack). This allowed the attacker to siphon off ~$20 million worth of $WETH, $VELO, and $USDC.

2/ On May 16, Sonne Finance added the $VELO market through a DAO proposal which can be executed by anyone once the governance period ends.

1/ On May 1, Pike Finance was exploited, resulting in a loss of 99,970.48 ARB, 64,126 OP, and 479.39 ETH (~$1.6M). The attacker can upgrade the vulnerable contract without admin access, enabling them to gain the owner's permission and drain the funds.

Notable exploits in May 2024 resulted in a total loss of $351.7 million. The primary cause was the theft of a private key. The most severely affected entity in May 2024 was DMM Bitcoin, which incurred a loss of $304 million. The details of each attack can be found in the reply.

📣InspeX - Event Partners of BUIDL Hour with Metis x Conflux and Web3 X! 🔥W3X is thrilled to announce InspeX (@InspexCo) as an event partner for BUIDL Hour, a key highlight of the Web3 X event series! 🎯Founded in 2021, InspeX is a team of seasoned cybersecurity experts with