Welcome to the first edition of BlockThreat in 2023!

We are kicking off the new year with a number of excellent annual blockchain security reports from Immunefi, CertiK, Slowmist, and others. Devastating phishing attacks resulted in $4M+ in losses from various individuals.

On the more positive side, this week also features a number of research articles on novel tools and techniques for on-chain analysis. Bug bounty reports helped patch vulnerabilities in Uniswap and multiple Polkadot chains.

In other news, Helix CEO’s brother learned the hard way that stealing crypto from IRS to spend on strippers and luxury condos may not have been his best life decision.

News

• Crypto Losses in 2022 by Immunefi.

• Hack3d - The Web3 Security Report - 2022 by CertiK.

• Blockchain Security and AML Analysis Report - 2022 Annual by SlowMist.

• Global Web3 Security & AML Report - 2022 by Beosin.

• $49 Billion Lost in Crypto in 2022 by DeFiYield Security.

• Why NFTs on Magic Eden Are Unintentionally Displaying Porn, 'Big Bang Theory' Images.

• Balancer is asking LPs to urgently remove tokens for several pools.

Crime

• Brother of Criminal Bitcoin Mixing CEO Pleads Guilty to Stealing 712 Bitcoins From IRS.

• Chinese criminal steals $4.1M in crypto from victim’s car.

• Hackers Hit Romanian Hospital, Demand Bitcoin Ransom.

Scams

• NFT influencer falls victim to cyberattack, loses $300K+ CryptoPunks.

• Nike’s RTFKT COO Loses His NFTs in Massive 'Hack'.

• Hackers steal $3.5M worth of digital assets from GMX whale.

• Fake NFTs listed under verified collections on Magic Eden marketplace.

Hacks

• On January 3, 2023 GDS lost $187K in a reward manipulation exploit.

Vulnerabilities

• Uniswap Universal Router Vulnerability Explained by Dedaub.

• Moonbeam, Astar, And Acala Library Truncation Bugfix Review — $1m Payout by Immunefi.

• Circom-Pairing: A Million-Dollar ZK Bug Caught Early by Veridise.

Malware

• Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL.

Contests

• Mr Steal Yo Crypto Wargame by 0xToshii.

• HappyNewYear CTF puzzle by Convergence Boy.

Media

• Bug Patterns in Solidity and Smart Contract Auditing with Yannis Smaragdakis at SmartCon 2022

Research

• Web3 Bug Bounty Hunter Thread by Adrian Hetman.

• matta.’s Ethereum security road-map.

• Formal Verification of Smart Contracts: Equivalence Checking of Uniswap Library by Truscova.

• Solidity Attack Vectors: — #1 Contract With Zero Code Size by Jesserc.

• Circumventing Layer Zero: Why Isolated Security is No Security by Krzysztof Urbański.

• TrueBlocks Recipe: Factories by Thomas Jay Rush.

Tools

• Guide to Web3 Data Tools by Web3 Data Degens.

• OnChain Transaction Debugging Tools Thread by SunSec.

• Getting Started with Phalcon 2.0 by BlockSec.

• Spook - Ethereum RPC request mixer using Nym network.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content