Contribute to Crypto Attacks Wiki

[evgenydmitriev]

This challenge aims to capture a wide range of contributions to the Crypto Attacks Wiki. To participate, submit a pull request that adds or modifies files in the attacks directory and request a review from this issue assignees. All submissions will be reviewed by the wiki maintainers, and additional changes to your pull request may be asked of you to bring your submission to the quality level of the rest of the wiki.

Submission ideas

• New pages
• Page placeholders with metadata
• Additions to existing pages
• Meaningful edits to existing content that fix typos, grammar, factual and stylistic errors, etc.

Submission Guidelines

Before committing to the wiki, please ensure your submission meets the following criteria:

• The attack is not already covered by existing posts and pending PRs
• File name - YYYY-MM-DD-entity-that-was-hacked.md
• Headers:

Header name	Required	Description	Example
date	yes	YYYY-MM-DD	2012-07-16
target-entities	yes	Entities that were targeted by the attackers. Multiple values allowed	Binance, Localbitcoins, Ethereum
entity-types	yes	General category describing targeted entity. Check existing ones in the examples and suggest yours if not present. Multiple values allowed	Custodian, DeFi, GameFi, Exchange, Wallet, Blockchain, Bridge, Yield Aggregator, Lending Platform, Stablecoin, Token, NFT
attack-types	yes	Common hacking technique, check existing ones in the examples and suggest yours if not present. Multiple values allowed	51%, Wallet Hack,Private Key Leak, Infrastructure Attack, Smart Contract Exploit, Flash Loan Attack, Phishing, Signature Verification Issue, Brute Force, Race Condition Exploit
title	yes	Article Title	BitGrail Hack Results in $170 Million Loss
loss	yes	Loss (In approximate USD equivalent at time of incident)	50000

• Focus on facts and numbers instead of vague phrases and value judgments (such as "huge losses", "important lesson"). Facts mostly include named entities (people, companies, places, addresses, etc.) Simply repeating what the attacked entity had to say is not enough. Try finding messages from those who spotted anomalies before any official announcements, 3rd party audits, statements from other entities, sources of structured data that show the impact of the attack on prices, volumes, hashrates, etc.
• Add markdown links directly to your text - help our fact-checking bot to verify claims found in your article.
• The timeline should use bullet points with dates; no significant events should be missing
• Default to bullet point structure with titles - this helps to keep the content concise and focused, and is essential for future attack modeling
• Only standard sections are allowed. The attack wiki requires the following sections:
  • Summary
  • Attackers (focus on the attackers, not what they did)
  • Losses
  • Timeline
  • Security Failure Causes

If the changes requested by reviewers are not addressed within a week, the PR will be considered stale and will be closed.

[sln-dns]

Thank you! Now I have got it :)

[sln-dns]

Could you please explain the fact-checking script? My pull request (#43 & #28) failed the check, but I couldn't understand the reason behind it. Could you provide guidance on what changes I need to make or suggest any specific sources I should link to? Thank you.

[jhirschkorn]

Could you please explain the fact-checking script? My pull request (#43 & #28) failed the check, but I couldn't understand the reason behind it. Could you provide guidance on what changes I need to make or suggest any specific sources I should link to? Thank you.

looking in to it.

[evgenydmitriev]

Fact checking bot has been fixed. It's not always accurate, but please pay attention to the comments it leaves in your pull requests.

[Rufus602]

2023-05-18-CryptoVault.md did not get review from github actions bot after submission. Is it okay?

[Yelenakov]

I would like to work for you

[jhirschkorn]

2023-05-18-CryptoVault.md did not get review from github actions bot after submission. Is it okay?

check the issue and address the comments/fixes

[Rufus602]

Rufus602:patch-2 (Liquid Global ) could you review please?

[JediFaust]

Added three reports by now ( BSC-Token-Hub, Terra-Classic and Africrypt ), with source links, could you review them please?

[jhirschkorn]

Added three reports by now ( BSC-Token-Hub, Terra-Classic and Africrypt ), with source links, could you review them please?

working it. thanks for your patience.

[JediFaust]

Thank you

[sln-dns]

I wanted to inquire about the status of the Challenge. It has been a week since the last activity, and I was wondering if there may be any reason for the delay, such as a vacation or any other circumstances. Could you kindly provide an update on whether the challenge is still ongoing?

Thank you for your attention and assistance. I look forward to hearing from you soon.

[evgenydmitriev]

@sln-dns please read up on the pull request processes. You have pr comments from 2 separate wiki reviewers that need to be addressed. The latest one was less than 24h ago.

[jhirschkorn]

We have received quite a number of excellent submissions, paid out thousands of $$$ in bounties, and hired @JediFaust to review and curate the submissions.

[jhirschkorn]

We are especially interested in submissions covering attacks on cryptocurrency custodians. Submissions in this area will be prioritized until further notice. @JediFaust.

[aholman0725]

@jhirschkorn What is the process to update an article?

[jhirschkorn]

@jhirschkorn What is the process to update an article?

like an article you already submitted you mean?

[aholman0725]

@jhirschkorn What is the process to update an article?

like an article you already submitted you mean?

@jhirschkorn On an article I've submitted and an article someone else has submitted.

[jhirschkorn]

@jhirschkorn What is the process to update an article?

like an article you already submitted you mean?
@jhirschkorn On an article I've submitted and an article someone else has submitted.

yea. just submit a new pr with the changes for review