Hey friends!
It’s never a dull week in blockchain security! This week we have witnessed a new class of exploits involving a malicious Ethereum node baiting and exploiting MEV bots. The malicious node was slashed but not before getting away with $25m. Speaking of MEV bots, SushiSwap got hacked again. A whitehat researcher wanted to try and rescue funds only to lose to fast acting bots which did all of the “rescuing”. Luckily most of the drained funds have been returned by good actors in the space.
It’s been awhile, but another South Korean cryptocurrency exchange was compromised through a hotwallet hack. Victim type, location, and exploit vector are all preferred by their nuclear neighbors.
Detailed indicators for all the above hacks are in the premium section below.
How about some positive news? Euler Finance managed to recover most of their stolen assets, Genesis Market was shut down, DeFi Security Summit is once again upon us in 2023, and I have an excellent selection of latest research and tools for all of you smart contract hacking, blockchain sleuthing, and security building needs.
Let’s dive into the news, but first a note from our sponsors and friends at Redefine! From transaction analytics to smart contract monitoring and due diligence they are building exactly the products needed to defend users against blockchain threats.
dApprovals by Redefine is the most advanced and secure way to manage your approvals in one place. It allows you to see and control all your active approvals and risk insights across multiple chains.
Try it free here:
https://dapprovals.redefine.net
Events
DeFi Security Summit 2023 - July 15th, 16th - Paris, France.
News
Euler Finance recovered most of the stolen assets after intense on-chain and off-chain investigation and negotiations with attackers.
Inside the international sting operation to catch North Korean crypto hackers.
Crime
Judge Lets AT&T Off the Hook for Crypto Investor SIM Swap Attack.
Fraud Shop Genesis Market Shut Down in International Law Enforcement Operation, Sanctioned by OFAC.
Scams
“StreamJacking” - Hijacking Hundreds of YouTube Channels Per Day Propagating Elon Musk Branded Crypto Giveaway Scams by Nati Tal.
New Tactics and Trends about Zero Transfer Phishing Attacks by X-explore.
Ongoing $2.1m scam token campaign targeting Binance-Peg BUSD owners.
Hacks
On April 2, 2023 multiple MEV bots lost $25m on Ethereum network due to an exploit by a malicious proposer which baited bots with a specially crafted transaction and constructed a block which drained them.
On April 9, 2023 GDAC, a South Korean cryptocurrency exchange, lost $13m across Ethereum, Bitcoin, and Wemix networks in a hot wallet compromise.
On April 9, 2023 SushiSwap suffered an exploit where $3.3m were stolen as a result of a function parameter injection vulnerability. The exploitation frenzy was started by a botched whitehat hack by a researcher which was quickly picked up by MEV bots to drain the protocol. Luckily MEV bots and block builders are currently working on returning the majority of stolen funds.
Vulnerabilities
Enzyme patched a critical access control vulnerability thanks to a responsible disclosure by rootrescue using Immunefi platform.
Malware
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies by Trustwave.
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack by Kaspersky.
CryptoClippy Speaks Portuguese by Unit 42.
Contests
CosmWasm Security Dojo by Oak Security.
Media
Interview with Jackson Kelley by Mis4thr0pic.
Spearbit Community Seminar: Clober with Hickup.
Research
The Euler Story by DavidHQ documents his journey through the hack.
The Dark Forest thinking for bug bounties thread by Adrian Hetman.
Web3 Project Security Practice Requirements by SlowMist.
AMM Market Manipulation by Joran Honig.
Precision Loss Errors - Solidity computations can lead to some devious loss of precision errors by Dacian.
Signature Replay Attacks - Common vulnerabilities leading to signature replay attacks by Dacian.
Re-Entrancy Attacks - How real-world smart contracts are exploited via re-entrancy attacks by Dacian.
Building a smart contracts fuzzer for fun and profit by Jat.
Security Audit Series: What Is a Precompiled Contract Vulnerability? by Beosin.
How to Ensure Web3 Users Are Safe from Zero Transfer Attacks by OpenZeppelin
The Case For Improving Crypto Wallet Security - Anatomy Of A Modern Day Crypto Scam by Viktor Chuchurski.
How Does Tornado Cash Work? by Zellic.
A Comprehensive Survey of Upgradeable Smart Contract Patterns.
OpenSCV: An Open Hierarchical Taxonomy for Smart Contract Vulnerabilities.
Smart Contract and DeFi Security: Insights from Tool Evaluations and Practitioner Surveys.
Everything You Wanted to Know About Symbolic Execution for Ethereum Smart Contracts (But Were Afraid to Ask) by Palina Tolmach.
Breaking Pedersen Hashes in Practice by Paul Bottinelli.
Structuring a function-level invariant by Proxy.
Proposed ERC4626 inflation attack defenses study by bytes032.
Tools
SlotMachine(tool) & EVM Storage Management by Zeroknots.
Fuel VM Binary Analysis by Jtriley.
Revoke Safe Module - A Gnosis Safe Module to delegate to an another account to revoke on your behalf token allowances for an exploited address.
ZeroMEV - MEV front-running explorer.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Premium Content
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.