Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 1, 2024
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 1, 2024

CertiK | CoinsPaid | Gamma | Radiant | Channels | LootDAO

Peter Kacherginsky
Jan 12, 2024
∙ Paid
5

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 1, 2024
Copy link
Facebook
Email
Notes
More
1
Share

Greetings!

We begin our year with a mass X compromise of government, crypto, and even security companies’ accounts to spread crypto drainers.

PSA: Ongoing phishing campaign involving fake journalists directing victims to a Calendly-like phishing site designed to hijack X account permissions.

More than $18M were stolen this week across four incidents. Coinspaid suffered the largest losses in yet another hot wallet compromise worth $7.5M. Two protocols lost combined $4.75M to the well known rounding issue on newly deployed pools that many AAVEv2 forks fail to defend against. Gamma experienced an $6.18M price manipulation exploit due to insufficient price change controls.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!

News

  • Hack3d: The Web3 Security Report 2023 by CertiK.

  • Blockchain Security and Anti-Money Laundering Annual Report 2023 by SlowMist.

  • Annual Web3 Security Report 2023 by QuillAudits.

  • North Korean Hackers Stole $600 Million in Crypto in 2023 by TRM.

  • Hacker hijacks Orange Spain RIPE account to cause BGP havoc. Attacker continues posting about the compromise on X.

Crime

  • Russian crypto miner held hostage on Christmas day.

  • Founder of major Taiwanese crypto exchange ACE arrested for alleged fraud.

  • Chinese billionaire behind Himalaya Exchange indicted for $1B scheme.

Phishing

  • Reports of an ongoing LFG phishing attack using Solana-based drainers. One victim reported losing $125K.

  • AragonDAO lost $800K in a fake airdrop phishing attack.

  • Reports of an ongoing X phishing campaign targeting crypto related accounts as fake journalists sharing malicious Calendly links. The malicious phishing site requests full Twitter app permissions.

  • Hackers hijack govt and business accounts on X for crypto scams.

  • X users fed up with constant stream of malicious crypto ads.

  • CertiK X account phished using a malicious Calendly link described above.

  • Netgear, Hyundai latest X accounts hacked to push crypto drainers.

  • Mandiant's X account hacked by crypto Drainer-as-a-Service gang. Bad actors used Mandiant’s account to post a link to a Phantom wallet phishing site.

  • Crypto VC Polychain Capital confirms founder’s X account hacked.

Scams

  • Chief executive of collapsed crypto fund HyperVerse does not appear to exist.

  • Funds on MangoFarmSOL drained, community alleges rug pull.

Malware

  • Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices by Gabby Xiong (Fortinet).

Media

  • Echidna Tutorial: #1 Introduction to create Invariant tests with Solidity by bloqarl.

Research

  • Post Mortem on SUSHI and YFI Incident by dYdx.

  • Uniswap V4: Oracle hook with malicious owner by Damian Rusinek (Composable Security).

  • Echidna: Invariant Tests for AMM Contracts by Bloqarl.

  • A Guide to Crafting Robust Invariants by Chirag Agrawal and Antonio Viggiano.

  • Notes on Solidity with highlights of security caviats by Chinmay Farkya.

  • Architectural Design for Secure Smart Contract Development.

  • DApps Ecosystems: Mapping the Network Structure of Smart Contract Interactions.

  • Tag, you’re it: Signal tagging in Circom by Tjaden Hess (Trail of Bits).

  • zkEVM Bootcamp homework and notes by ustas.eth.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.


Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More