Hello friends!

This week attackers started getting really creative with their NFT scams. Another price manipulation exploits brings $4M profit to the evildoer, a massive crackdown on Hydra darknet market, and yet another cloud-based malware installing cryptominers. On the bright side, we’ll dive into plenty of excellent video recordings, research papers, and explore many vulnerabilities behind a number of DeFi projects.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to support the newsletter and unlock the premium section with indicators, special reports, and searchable newsletter archives.

News

• Germany takes down Hydra, world's largest darknet market followed by US sanctioning of Garantex Exchange and Hydra Dark Web Marketplace.

• EU targets crypto wallets in latest round of Russia sanctions.

• Solana Miami event evacuated and a bomb squad called after a security risk was detected during a routine sweep.

Crime

• Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site article part of the upcoming Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg.

Scams

• Attackers are using multi-sig wallets to deposits on exchanges and self-custody wallets.

• KiwiSwap UX flaw abused to trick users into purchasing fake NFTs.

• Ongoing phishing campaign using a fake approval revocation site.

• Deep dive into NFT phishing campaign used to steal BAYC 3738.

• Double-Your-Crypto Scams Share Crypto Scam Host.

• Common NFT contract code contains a rugpull vulnerability.

• Twitter Scammers Are Hijacking Verified Accounts for Fake Azuki NFT Airdrop.

Hacks

• On April 4, 2022 HospoWise lost $260K after someone took advantage of a publicly exposed burn() function to manipulate a liquidity pair.

• On April 7, 2022 Juno Network halted after an attacker exploited a known consensus vulnerability before developers had a chance to apply patches.

• On April 7, 2022 WonderHero lost $320K due to a private key compromise.

• On April 8, 2022 StarStream Finance lost $4M due to insufficient function access controls that allowed arbitrary function execution.

• On April 10, 2022 GymDeFi lost $560K as a result of a price manipulation vulnerability in its LiquidityMigrationV2 contract.

Vulnerabilities

• Convex Finance patched a vulnerability that could allow rugpulling of $15B in stored CRV assets after it was responsibly disclosed by OpenZeppelin.

• Humble Finance identified an unknown vulnerability and asking users to remove liquidity.

• CosmWasm fixed a critical address normalization vulnerability which could be used to bypass verification checks after it was responsibly disclosed by Halborn.

• FiatDAO patched a vulnerability triggered when performing reward upgrades.

• Frax patched a vulnerability that could allow massive slippages after it was responsibly disclosed by Daniel Von Fange.

Malware

• New malware targets lambdas to mine crypto by Cado Security.

• TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider.

Contests

• Winners of the Underhanded Solidity Contest 2022. Congratulations Tynan Richards, Santiago Palladino, and Michael Zhu!

• New defender level on Ethernaut CTF.

Media

• Cryptocurrency Class 2022 - Security of Smart Contracts with Mudit Gupta and Taylor Monahan.

• Future of DeFi Security Panel at FutureFi featuring RugDoc, CertiK, and Zokyo.

Research

• Identifying Security Risks in NFT Platforms.

• Mixing detection on Bitcoin transactions using statistical patterns.

• Transaction obfuscation thread by Edgar Arout.

• Hackless migrates $4,000 in crypto from a hacked user wallet.

Tools

• EVM Contract Draw by Daniel Von Fange.

• Compile Explore EVM.

Premium Content

Indicators

Hydra Marketplace Seizure Address
Bitcoin: 1EHBzucTdcpESQhR9TqDPoucJFRAVruChx