david wong

Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Ethernaut CTF walk through posted November 2017

This is a walk through of the Ethernaut capture-the-flag competition where each challenge was an ethereum smart contract you had to break.

I did this at 2am in a hotel room in Romania and ended up not finishing the last challenge because I took too long and didn't want to re-record that part. Basically what I was missing in my malicious contract: a function to withdraw tokens from the victim contract (it would have work since I had a huge amount of token via the attack). I figured I should still upload that as it might be useful to someone.

Well done! You've reached the end of my post. Now you can leave me a comment :)


You're awesome. Seriously. I've been following you and your blog since you initially posted something about Ethereum being hacked (which then resulted in the Classic fork). Your content and videos are so well-made and unique, thank you!

Care to include donation addresses? I prefer to stay anonymous, so maybe get yourself a Monero wallet and I'll buy you an apple juice? :) You should definitely check out Monero and the math behind it.


hey thanks! I'll have to think about a donation address one day :o)

I use Zcash but haven't yet tried Monero. It does look interesting though!


oh actually, if it's based on ring signatures, Michael Rosenberg explained a bunch of that to me :) he also wrote about it here: http://cryptoservices.github.io/cryptography/2017/07/21/Sigs.html


Thanks, great info. Keep me updated on your donation addresses!