BlockThreat - Week 14, 2022
StarStream | HospoWise | GymDefi | WonderHero | Hydra
Hello friends!
This week attackers started getting really creative with their NFT scams. Another price manipulation exploits brings $4M profit to the evildoer, a massive crackdown on Hydra darknet market, and yet another cloud-based malware installing cryptominers. On the bright side, we’ll dive into plenty of excellent video recordings, research papers, and explore many vulnerabilities behind a number of DeFi projects.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to support the newsletter and unlock the premium section with indicators, special reports, and searchable newsletter archives.
News
Germany takes down Hydra, world's largest darknet market followed by US sanctioning of Garantex Exchange and Hydra Dark Web Marketplace.
EU targets crypto wallets in latest round of Russia sanctions.
Solana Miami event evacuated and a bomb squad called after a security risk was detected during a routine sweep.
Crime
Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site article part of the upcoming Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg.
Scams
Attackers are using multi-sig wallets to deposits on exchanges and self-custody wallets.
KiwiSwap UX flaw abused to trick users into purchasing fake NFTs.
Ongoing phishing campaign using a fake approval revocation site.
Deep dive into NFT phishing campaign used to steal BAYC 3738.
Common NFT contract code contains a rugpull vulnerability.
Twitter Scammers Are Hijacking Verified Accounts for Fake Azuki NFT Airdrop.
Hacks
On April 4, 2022 HospoWise lost $260K after someone took advantage of a publicly exposed burn() function to manipulate a liquidity pair.
On April 7, 2022 Juno Network halted after an attacker exploited a known consensus vulnerability before developers had a chance to apply patches.
On April 7, 2022 WonderHero lost $320K due to a private key compromise.
On April 8, 2022 StarStream Finance lost $4M due to insufficient function access controls that allowed arbitrary function execution.
On April 10, 2022 GymDeFi lost $560K as a result of a price manipulation vulnerability in its LiquidityMigrationV2 contract.
Vulnerabilities
Convex Finance patched a vulnerability that could allow rugpulling of $15B in stored CRV assets after it was responsibly disclosed by OpenZeppelin.
Humble Finance identified an unknown vulnerability and asking users to remove liquidity.
CosmWasm fixed a critical address normalization vulnerability which could be used to bypass verification checks after it was responsibly disclosed by Halborn.
FiatDAO patched a vulnerability triggered when performing reward upgrades.
Frax patched a vulnerability that could allow massive slippages after it was responsibly disclosed by Daniel Von Fange.
Malware
New malware targets lambdas to mine crypto by Cado Security.
TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider.
Contests
Winners of the Underhanded Solidity Contest 2022. Congratulations Tynan Richards, Santiago Palladino, and Michael Zhu!
Media
Cryptocurrency Class 2022 - Security of Smart Contracts with Mudit Gupta and Taylor Monahan.
Future of DeFi Security Panel at FutureFi featuring RugDoc, CertiK, and Zokyo.
Research
Mixing detection on Bitcoin transactions using statistical patterns.
Transaction obfuscation thread by Edgar Arout.
Hackless migrates $4,000 in crypto from a hacked user wallet.
Tools
EVM Contract Draw by Daniel Von Fange.
Premium Content
Indicators
Hydra Marketplace Seizure Address
Bitcoin: 1EHBzucTdcpESQhR9TqDPoucJFRAVruChx