BlockThreat - Week 12, 2022
Cashio | Veve | One Ring | PYE | Revest | North Korea | Compound Finance
Know your enemy. This week’s report feature several threat intelligence profiles on threat actors targeting cryptocurrency users and exchanges. Scammers are focusing on NFT campaigns targeting high value individuals. A massive compromise of Cashio with ~$48M lost. Oh and please patch your Chrome browser now.
News
Russia is considering accepting Bitcoin for energy trading to lower its dependency on dollars and euros.
Microsoft’s threat intelligence report on the LAPSUS$ group reveals group targeting cryptocurrency exchange users.
Google’s threat analysis report on North Korean threat actors using Chrome 0day to target cryptocurrency exchanges as part of Operation AppleJeus.
Mandiant’s threat report on multiple North Korean groups such as APT38, CryptoCore, and Bureau 325 targeting cryptocurrency exchanges.
Crime
Frosties NFT operators arrested over $1.1 million 'rug pull' scam.
Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison.
Scams
Twitter airdrop scam robs Bored Ape Yacht Club fans of valuable NFTs.
Anatomy of an NFT Phishing Scam by TRM.
Anatomy of an NFT art scam: How the Frosties rug pull went down.
Phishing
On March 22, 2022 Arthur Cheong, founder of DeFiance Capital, lost $1.76M as a result of a spear phishing campaign with a wallet stealing malware.
Hacks
On March 21, 2022 One Ring Finance lost $1.45M due to a flash-loan assisted exploit manipulating its token price.
On March 22, 2022 Veve shutdown its NFT marketplace after reports of large scale theft of gems.
On March 23, 2022 Cashio lost whopping $48M after an attacker discovered an infinite minting exploit. Interestingly, the attacker returned stolen funds to all accounts under $100K.
On March 24, 2022 PYE lost $2.6M after carelessly commenting out swap function’s access requirement.
On March 27, 2022 Revest Finance got exploited with a reentrancy vulnerability which resulted in a $2M loss.
Vulnerabilities
TrueUSD and Compound Finance silently patched their contracts after ChainSecurity discovered a vulnerability in handling contracts with multiple entry points which could be used to manipulate Compound markets.
GearBox patched a function parameter injection vulnerability after it was responsibly disclosed by Nnez.
Minswap patched its Cardano contracts after receiving a report about an infinite NFT mint vulnerability.
Google issued an emergency Chrome Browser update to patch a vulnerability used to steal crypto by North Korean actors.
Malware
Research
Ethereum Fraud Detection with Heterogeneous Graph Neural Networks.
Collaborative Learning for Cyberattack Detection in Blockchain Networks.
Tools
ApeWorX - a framework for Web3 Python applications and smart contract.