BlockThreat - Week 13, 2023
3CX | North Korea | Safemoon | Allbridge
Another week, another batch of “whitehat” hackers returning stolen assets following multi-million compromises. The Safemoon exploit was particularly concerning with a very obvious burn function access control bug. This should not have slipped through testing/deployment phases.
Multiple reports were released on North Korean actors which have been busy lately first with the supply chain attack targeting crypto business and later using cloud mining services to launder stolen crypto.
All of the indicators for the above hacks are in the premium section as always. Let’s dive into the news, but first a word from our sponsors Chainalysis!
The 2023 Crypto Crime Report is here!
Inside you’ll find 100+ pages of original data, research, and case studies on the most pressing topics in cryptocurrency-based crime, including:
Why 2022 set records for crypto hacking
How sanctions on Hydra, Tornado Cash, and others impacted the crypto crime ecosystem
The latest crypto money laundering tactics employed by cybercriminals
What crypto winter means for scammers
How cybersecurity enhancements have hurt ransomware attackers
APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations report by Mandiant covers new crypto laundering techniques.
Cryptocurrency crime and anti-money laundering report by Ciphertrace.
Decoding Kokomo Finance $4 Million Rug Pull by QuillAudits.
Si vis pacem, para bellum: Exploring MetaMask Phishing by ChainLight.
On March 28, 2023 Safemoon lost $8.9m after failing to restrict access to the burn function in a contract upgrade. Interestingly, the original attacker was front-run by an MEV bot also involved in last week’s Nuwa hack which promised to return stolen assets.
On March 29, 2023 UNMS lost $100k in a price oracle manipulation attack.
On March 30, 2023 Patricio Worthalter lost $3.83m in a spear phishing attack.
On April 1, 2023 Allbridge was targeting by two attackers using a price oracle manipulation attack. $570k were lost and about $470k were returned after one of the attackers turned “whitehat” following doxing.
Uniswap Vulnerability Disclosure by Nomoi.
Multiple CVEs in threshold cryptography implementations by Kudelski Security Research.
Cadence patched a node crash vulnerability thanks to a responsible disclosure by @bluesign.
New OpcJacker Malware Distributed via Fake VPN Malvertising by TrendMicro.
Numen Cyber CTF Writeups. Congrats teams ChainLight, KALOS, and AmberLabs!
Dev account honeypots thread by Daniel Luca.
Exploit Insurance to Raise Your Payout by Robert Forster.
Foundry and hevm fuzzing thread by philogy.
Token Tester - test a variety of unconventional tokens against your smart contracts.
Keep reading with a 7-day free trial