Blockchain Threat Intelligence

Share this post
BlockThreat - Week 14, 2022
newsletter.blockthreat.io

BlockThreat - Week 14, 2022

StarStream | HospoWise | GymDefi | WonderHero | Hydra

Peter Kacherginsky
Apr 13
Comment
Share

Hello friends!

This week attackers started getting really creative with their NFT scams. Another price manipulation exploits brings $4M profit to the evildoer, a massive crackdown on Hydra darknet market, and yet another cloud-based malware installing cryptominers. On the bright side, we’ll dive into plenty of excellent video recordings, research papers, and explore many vulnerabilities behind a number of DeFi projects.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to support the newsletter and unlock the premium section with indicators, special reports, and searchable newsletter archives.


News

  • Germany takes down Hydra, world's largest darknet market followed by US sanctioning of Garantex Exchange and Hydra Dark Web Marketplace.

  • EU targets crypto wallets in latest round of Russia sanctions.

  • Solana Miami event evacuated and a bomb squad called after a security risk was detected during a routine sweep.

Crime

  • Inside the Bitcoin Bust That Took Down the Web’s Biggest Child Abuse Site article part of the upcoming Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg.

Scams

  • Attackers are using multi-sig wallets to deposits on exchanges and self-custody wallets.

  • KiwiSwap UX flaw abused to trick users into purchasing fake NFTs.

  • Ongoing phishing campaign using a fake approval revocation site.

  • Deep dive into NFT phishing campaign used to steal BAYC 3738.

  • Double-Your-Crypto Scams Share Crypto Scam Host.

  • Common NFT contract code contains a rugpull vulnerability.

  • Twitter Scammers Are Hijacking Verified Accounts for Fake Azuki NFT Airdrop.

Hacks

  • On April 4, 2022 HospoWise lost $260K after someone took advantage of a publicly exposed burn() function to manipulate a liquidity pair.

  • On April 7, 2022 Juno Network halted after an attacker exploited a known consensus vulnerability before developers had a chance to apply patches.

  • On April 7, 2022 WonderHero lost $320K due to a private key compromise.

  • On April 8, 2022 StarStream Finance lost $4M due to insufficient function access controls that allowed arbitrary function execution.

  • On April 10, 2022 GymDeFi lost $560K as a result of a price manipulation vulnerability in its LiquidityMigrationV2 contract.

Vulnerabilities

  • Convex Finance patched a vulnerability that could allow rugpulling of $15B in stored CRV assets after it was responsibly disclosed by OpenZeppelin.

  • Humble Finance identified an unknown vulnerability and asking users to remove liquidity.

  • CosmWasm fixed a critical address normalization vulnerability which could be used to bypass verification checks after it was responsibly disclosed by Halborn.

  • FiatDAO patched a vulnerability triggered when performing reward upgrades.

  • Frax patched a vulnerability that could allow massive slippages after it was responsibly disclosed by Daniel Von Fange.

Malware

  • New malware targets lambdas to mine crypto by Cado Security.

  • TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider.

Contests

  • Winners of the Underhanded Solidity Contest 2022. Congratulations Tynan Richards, Santiago Palladino, and Michael Zhu!

  • New defender level on Ethernaut CTF.

Media

  • Cryptocurrency Class 2022 - Security of Smart Contracts with Mudit Gupta and Taylor Monahan.

  • Future of DeFi Security Panel at FutureFi featuring RugDoc, CertiK, and Zokyo.

Research

  • Identifying Security Risks in NFT Platforms.

  • Mixing detection on Bitcoin transactions using statistical patterns.

  • Transaction obfuscation thread by Edgar Arout.

  • Hackless migrates $4,000 in crypto from a hacked user wallet.

Tools

  • EVM Contract Draw by Daniel Von Fange.

  • Compile Explore EVM.

Premium Content

Indicators

Hydra Marketplace Seizure Address
Bitcoin: 1EHBzucTdcpESQhR9TqDPoucJFRAVruChx

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2022 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing