BlockThreat - Week 11, 2023
Euler | General Bytes | Poolz | ParaSpace | ChipMixer | MyAlgo
That was one crazy week for DeFi protocols, blockchains, and even a crypto ATM service. Where to begin? Euler $197M compromise puts it in a list of top 10 hacks of all times. An unfortunate introduction of unaudited code resulted in attackers methodically emptying its pools. Things got wild after attackers started sending ETH and getting a response from North Korean hackers involved in the Ronin hack. If reading a lecture in North Korea gets one a five year prison sentence, you can only imagine repercussions for sending $170K to a known threat actor group. I hope this obvious red herring attempt was worth it.
General Bytes, a maker of crypto ATM machines, that got so thoroughly hacked that they are now shutting down their cloud service offering. Poolz got hit with a now rare integer overflow exploit while ParaSpace narrowly avoided a $5M hack if not for attacker messing up transaction gas fees allowing BlockSec to rescue funds at risk!
Indicators for attackers involved in all of these hacks are in the Premium section below.
On the more positive side, ChipMixer has been shut down. End of an era! Multiple UTXO chains and Geth had to patch DoS vulnerabilities luckily without any asset losses.
Let’s dive into the news, but first a word from our sponsors Chainalysis!
The 2023 Crypto Crime Report is here!
Inside you’ll find 100+ pages of original data, research, and case studies on the most pressing topics in cryptocurrency-based crime, including:
Why 2022 set records for crypto hacking
How sanctions on Hydra, Tornado Cash, and others impacted the crypto crime ecosystem
The latest crypto money laundering tactics employed by cybercriminals
What crypto winter means for scammers
How cybersecurity enhancements have hurt ransomware attackers
MyAlgo issued preliminary findings for incident involving a large number of its web users pointing to CDN exploitation as the root cause of seed phrase and password compromise.
Indexed Finance hacker, Andean Medjedovic, has surfaced leading a nomadic lifestyle as a fugitive traveling around Europe.
The Rug Pull Report by CertiK.
All-Crypto-Wallet-Drainer-MetamaskUpdate wallet drainer by Cronos1402.
On March 13, 2023 Euler lost $197M due to a liquidation reward manipulation vulnerability. The exploit transaction was initially front-run by an MEV bot, but the hard-coded address only benefitted the attacker. Things got really wild when the attacker first sent 100 ETH to a random on-chain beggar and later sent 100 ETH to the Ronin Bridge exploiter address which in turn replied with an encrypted message which some suspect was to phish but more likely to just thank or even recruit the bad actor, Cuckoo’s Egg style. Euler attacker has since returned 3000 ETH back to Euler and continues communicating with Euler to send back what is not theirs to keep.
On March 15, 2023 Poolz Finance lost $650K in an integer overflow exploit.
On March 16, 2023 ParaSpace was unsuccessfully targeted with a reward manipulation exploit. BlockSec was able to detect attacker’s attempts and performed the attack themselves rescuing $5M in assets. On the fun side, the attacker reached out to BlockSec trying to recoup their gas expenses.
On March 17, 2023 General Bytes BATM management platform was compromised to take over individual ATM machines and to steal $1.8M.
BitGo Wallet Zero Proof Vulnerability by Fireblocks.
Geth patched a DoS vulnerability first discovered on Goerli Testnet.
Secret Network fixed privacy vulnerabilities in SNIP-20 tokens.
Kava Labs patched a bug that could allow unexpected liquidations.
Peeking at Reaper’s surveillance operations by Sekoia surveys APT37 (Reaper) C2 operation used in cyberespionage campaigns.
Web3 interview and audit process with Patrick Collins and Tincho.
Optimal Front Running Attacks & How to Stop Them by Max Resnick.
Blockchain Hacking Techniques 2022 by OpenZeppelin.
Reassessing USDC Risks by Gauntlet.
Hitchhiker’s Guide to Security with Emiliano Bonassi.
Ethereum Virtual Machine Language Design by jtriley.
ABI Encoding Deep Dive by ljmanini.
Cross-Contract Reentrancy explained by PsuedoPandit.
Understanding Block Timestamp Manipulation by NeptuneMutual.
Known problems of ERC-20 token standard by Dexaran.
Encrypted Mempools by Jon Charbonneau.
Pyrometer - security tool using a mix of symbolic execution, abstract interpretation, and static analysis.
Immunefi PoC Templates implemented in Foundry.
Paradigm Data Portal - public crypto datasets for researchers and tool builders.
Phalcon introduces a debugging feature.
General Bytes Attackers
Ethereum Classic: 0x8a9344be2ba8deaa2862eab0aab20c7cc36c432a