Casper Network Details

    Organization Logo

    Casper Network

    employees • Financial Services

    Switzerland

    Industry

    Financial Services

    Security Incidents

    1

    The Casper Association is a not-for-profit organization based in Switzerland, tasked with the oversight and support of the Casper Network. Its primary purpose is to ensure the network's organic evolution and ongoing decentralization. The Casper Network operates with a membership model consisting of independent validators who run nodes and contribute to the network's functionality and security.

    Security Incidents

    Casper Network Breach of Jul 2024
    Severity Score
    Significant

    Type

    Zero-Day Exploit

    Summary

    On 26 July 2024, the Casper Network detected a security incident at approximately 05:00 UTC. The root cause, identified by 13:00 UTC the same day, was a vulnerability allowing contract installers to bypass access rights checks on urefs, granting unauthorized resource access. This exploit led to illicit transactions totaling around $6.7 million across 13 wallets.

    To mitigate the impact, a subset of validators paused consensus on 27 July 2024 at 07:50 UTC. This pause prevented further exploitation and allowed for the development and deployment of a solution to eliminate the vulnerability. To en...
    Show more

    Severity

    The cybersecurity incident on Casper Network was a significant attack due to the sophisticated nature of the vulnerability exploited, which allowed unauthorized token transfers and compromised customer data. Thirteen affected wallets experienced a total financial impact of USD 6.7 million in illicit transactions. Despite the swift and effective response by validators to pause the network and prevent further exploitation, the incident highlights a notable breach in access controls and data security. However, the successful neutralization of the vulnerability and confirmation that internal compa...
    Show more

    Impact

    The cybersecurity incident on Casper Network was a sophisticated attack exploiting a vulnerability that allowed malicious actors to bypass access rights on urefs, ultimately facilitating unauthorized token transfers. Customer data, specifically within 13 affected wallets, was compromised to the tune of USD 6.7 million worth of illicit transactions. Immediate, coordinated action by validators successfully paused the network to prevent further exploitation, ensuring no additional data loss or unauthorized access.

    While systems remained operational, a subset of validation processes was temporari...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos