Know your enemy. This week’s report feature several threat intelligence profiles on threat actors targeting cryptocurrency users and exchanges. Scammers are focusing on NFT campaigns targeting high value individuals. A massive compromise of Cashio with ~$48M lost. Oh and please patch your Chrome browser now.

News

• Russia is considering accepting Bitcoin for energy trading to lower its dependency on dollars and euros.

• Microsoft’s threat intelligence report on the LAPSUS$ group reveals group targeting cryptocurrency exchange users.

• Google’s threat analysis report on North Korean threat actors using Chrome 0day to target cryptocurrency exchanges as part of Operation AppleJeus.

• Mandiant’s threat report on multiple North Korean groups such as APT38, CryptoCore, and Bureau 325 targeting cryptocurrency exchanges.

Crime

• Frosties NFT operators arrested over $1.1 million 'rug pull' scam.

• Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison.

Scams

• Twitter airdrop scam robs Bored Ape Yacht Club fans of valuable NFTs.

• Anatomy of an NFT Phishing Scam by TRM.

• Anatomy of an NFT art scam: How the Frosties rug pull went down.

Phishing

• On March 22, 2022 Arthur Cheong, founder of DeFiance Capital, lost $1.76M as a result of a spear phishing campaign with a wallet stealing malware.

Hacks

• On March 21, 2022 One Ring Finance lost $1.45M due to a flash-loan assisted exploit manipulating its token price.

• On March 22, 2022 Veve shutdown its NFT marketplace after reports of large scale theft of gems.

• On March 23, 2022 Cashio lost whopping $48M after an attacker discovered an infinite minting exploit. Interestingly, the attacker returned stolen funds to all accounts under $100K.

• On March 24, 2022 PYE lost $2.6M after carelessly commenting out swap function’s access requirement.

• On March 27, 2022 Revest Finance got exploited with a reentrancy vulnerability which resulted in a $2M loss.

Vulnerabilities

• TrueUSD and Compound Finance silently patched their contracts after ChainSecurity discovered a vulnerability in handling contracts with multiple entry points which could be used to manipulate Compound markets.

• GearBox patched a function parameter injection vulnerability after it was responsibly disclosed by Nnez.

• Minswap patched its Cardano contracts after receiving a report about an infinite NFT mint vulnerability.

• Google issued an emergency Chrome Browser update to patch a vulnerability used to steal crypto by North Korean actors.

Malware

• Crypto malware in patched wallets targeting Android and iOS devices.

• Conti Ransomware V. 3, Including Decryptor, Leaked.

Research

• Ethereum Fraud Detection with Heterogeneous Graph Neural Networks.

• EVM Deep Dives: The Path to Shadowy Super Coder - Part 3.

• Analyzing Tornado Cash Transactions.

• A Brief Analysis of Ether Active Data Sync.

• Collaborative Learning for Cyberattack Detection in Blockchain Networks.

Tools

• ApeWorX - a framework for Web3 Python applications and smart contract.

Premium Content