BlockThreat - Week 14, 2023
MEV | GDAC | SushiSwap | Euler | Riide
It’s never a dull week in blockchain security! This week we have witnessed a new class of exploits involving a malicious Ethereum node baiting and exploiting MEV bots. The malicious node was slashed but not before getting away with $25m. Speaking of MEV bots, SushiSwap got hacked again. A whitehat researcher wanted to try and rescue funds only to lose to fast acting bots which did all of the “rescuing”. Luckily most of the drained funds have been returned by good actors in the space.
Detailed indicators for all the above hacks are in the premium section below.
How about some positive news? Euler Finance managed to recover most of their stolen assets, Genesis Market was shut down, DeFi Security Summit is once again upon us in 2023, and I have an excellent selection of latest research and tools for all of you smart contract hacking, blockchain sleuthing, and security building needs.
Let’s dive into the news, but first a note from our sponsors and friends at Redefine! From transaction analytics to smart contract monitoring and due diligence they are building exactly the products needed to defend users against blockchain threats.
dApprovals by Redefine is the most advanced and secure way to manage your approvals in one place. It allows you to see and control all your active approvals and risk insights across multiple chains.
Try it free here:
DeFi Security Summit 2023 - July 15th, 16th - Paris, France.
Ongoing $2.1m scam token campaign targeting Binance-Peg BUSD owners.
On April 2, 2023 multiple MEV bots lost $25m on Ethereum network due to an exploit by a malicious proposer which baited bots with a specially crafted transaction and constructed a block which drained them.
On April 9, 2023 GDAC, a South Korean cryptocurrency exchange, lost $13m across Ethereum, Bitcoin, and Wemix networks in a hot wallet compromise.
On April 9, 2023 SushiSwap suffered an exploit where $3.3m were stolen as a result of a function parameter injection vulnerability. The exploitation frenzy was started by a botched whitehat hack by a researcher which was quickly picked up by MEV bots to drain the protocol. Luckily MEV bots and block builders are currently working on returning the majority of stolen funds.
Enzyme patched a critical access control vulnerability thanks to a responsible disclosure by rootrescue using Immunefi platform.
CryptoClippy Speaks Portuguese by Unit 42.
CosmWasm Security Dojo by Oak Security.
The Euler Story by DavidHQ documents his journey through the hack.
The Dark Forest thinking for bug bounties thread by Adrian Hetman.
Web3 Project Security Practice Requirements by SlowMist.
AMM Market Manipulation by Joran Honig.
How to Ensure Web3 Users Are Safe from Zero Transfer Attacks by OpenZeppelin
The Case For Improving Crypto Wallet Security - Anatomy Of A Modern Day Crypto Scam by Viktor Chuchurski.
How Does Tornado Cash Work? by Zellic.
Breaking Pedersen Hashes in Practice by Paul Bottinelli.
Structuring a function-level invariant by Proxy.
Proposed ERC4626 inflation attack defenses study by bytes032.
SlotMachine(tool) & EVM Storage Management by Zeroknots.
Fuel VM Binary Analysis by Jtriley.
Revoke Safe Module - A Gnosis Safe Module to delegate to an another account to revoke on your behalf token allowances for an exploited address.
ZeroMEV - MEV front-running explorer.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.