BlockThreat - Week 12, 2023
Do Kwon | Swerve Finance | Euler | Nuwa
Just a few $100K or less DeFi hacks this week with an exception of the $1.3M attempted governance attack against Swerve Finance which in the end turned into a whitehat recovery. Identified attackers often start exhibiting whitehat tendences to avoid jail time. But as we have learned, it may be too late for some. Great job, Igor!
Speaking of “whitehats”, Euler hacker has been returning stolen funds especially after they became a possible phishing target by North Korea. More details in the research section.
Some good news, fugitive Do Kwon was finally caught in Montenegro while Zengo helped identify and patch multiple methods to detect and evade simulated transactions in Coinbase, Rabby, and other wallets. Oh and be sure to check out many excellent talks from ETH Dubai 2023.
All of the indicators for the above hacks are in the premium section as always. Let’s dive into the news, but first a word from our sponsors Chainalysis!
The 2023 Crypto Crime Report is here!
Inside you’ll find 100+ pages of original data, research, and case studies on the most pressing topics in cryptocurrency-based crime, including:
Why 2022 set records for crypto hacking
How sanctions on Hydra, Tornado Cash, and others impacted the crypto crime ecosystem
The latest crypto money laundering tactics employed by cybercriminals
What crypto winter means for scammers
How cybersecurity enhancements have hurt ransomware attackers
Crypto fugitive Do Kwon arrested in Montenegro after $40B TerraUSD collapse.
Canada’s Bankrupt ‘Crypto King’ Kidnapped, Tortured, Held for $3 Million Ransom.
Euler Finance Hacker Sends 51,000 Stolen Ether Back to Protocol after receiving a message from North Korea.
Starting on March 16, 2023 there were multiple attempts to empty $1.3M from a defunct Swerve Finance pool using a governance attack. Following a doxing and subsequent contact with the attacker, things were quickly resolved with the attacker encouraged to take the whitehat route.
On March 17, 2023 Anji Eco lost $37k in a price oracle manipulation exploit.
On March 19, 2023 Thunder Lands lost $70k on Avalanche and Polygon networks due to insufficient function access control.
On March 22, 2023 Nuwa lost $110k in a price oracle manipulation exploit.
On March 21, 2023 ASKACR lost $28k due to an incorrect reward calculation vulnerability.
ZenGo uncovers security vulnerabilities in popular Web3 Transaction Simulation solutions: The red pill attack.
Reentrancy Guard 2.0: How we could have stopped tens of millions of $ from being stolen, and accidentally made 2.5K$.
ETHDubai 2023 - Not So-Famous Solidity Attack Vectors, often missed/overlooked while Auditing! by Tejaswa Rastogi.
ETHDubai 2023 - Panel on Security with Mudit Gupta, Krinza Momin, Toghrul Maharramov, Torgin Mackinga, Andre Cronje, Igor Barinov, Omar Ganiev.
ETHDubai 2023 - Security Panel by @razzor_tweet, @KirsteinUri, @sarangparikh22, @buda_kyiv.
ETHDubai 2023 - CTF: Secure and audit Smart Contracts with Decurity auditing team [workshop] by Decurity.
ETHDubai 2023 - Decurity Session by Omar Ganiev.
ETHDubai 2023 - A stroll down the security tools zoo by Uri Kirstein.
ETHDubai 2023 - MEV and oracle manipulation in PoS Ethereum by Torgin Mackinga.
ETHDubai 2023 - How we can front run crypto exploits before they even happen by Alexander Seleznev.
A secret secure(?) communication channel for Ronin Bridge Exploiter and Euler Finance Exploiter by Inspex.
Uncovering the Twist Attack Vulnerability: Was This a Failed Scam by Ronin exploiter? by SlowMist.
The Compendium - vulnerability repository by theweb3hacker.
How To Consume Chainlink Price Feeds Safely by Abhishek Vispute.
Hacker Ecosystem Survey 2023 by Immunefi.
Can you pass The Rekt Test? by Trail of Bits.
Mispriced sandwiches Or: how one bot lost millions to a bug and led the highest proposer payments of all time by Robert Miller.
An introduction to maximal extractable value on Ethereum by EY.
BrokenToken - a tool designed to automatically test smart contracts that interact with ERC20 tokens for unexpected behavior that may result in exploits.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.