Greetings!

A tough week for the crypto ecosystem with almost $25M stolen across 9 incidents. Compromises were across the widest spectrum of vectors ranging from classic smart contracts weaknesses to insider threat to web2 infrastructure hacks. Let’s dive into some of the more notable hacks, but first a note from our sponsors Audit Wizard! With tools like AI-generated PoCs, rapid Foundry testing, code graphing, function tracing this all-in-one smart-contract security platform can really supercharge your auditing powers. Check it out!

Audit Wizard enables developers and auditors to find bugs in smart contracts. Import a project to scan for vulnerabilities, visualize functions, chat with AI about security concerns, and more.

Built by security engineers, Audit Wizard is an easy, one-click solution for finding bugs in web3 code. Sign up for free here!

Let’s start with the worst compromise last week that cost Curio almost $16M. Governance token holders were granted access rights to a function which could make a delegatecall to a malicious contract.

Super Sushi Samurai was hit with an ERC-404 transfer weakness we discussed in the BlockThreat - Week 7, 2024 issue. The attacker was able to drain $4.6M from the protocol. Luckily, it turned out to be a whitehat rescue to a flaw that would have been imminently exploited by bad actors.

Even more web3 users were drained this week after Layerswap’s GoDaddy DNS account was hijacked to expose them to a phishing kit.

On the bright side malicious insider who stole $900K from TICKER was thoroughly doxxed and referred to law enforcement by ZachXBT! Let’s just hope French courts don’t pull another “code is law” ruling and let this criminal walk free.

The premium version of the newsletter includes detailed exploit information, PoC code, and indicators on the incidents discussed above as well as private key theft from AirDAO, insufficient function access control from ARK, more arbitrary external call exploitation in Dolomite, competitors targeting MintDefense, and others.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Oh and be sure to check out my talk on who are the bad actors including their tactics, backgrounds, and steps you can take to defend against them.

Let’s dive into the news!