Blockchain Threat Intelligence

Share this post
BlockThreat - Week 16, 2022
newsletter.blockthreat.io

BlockThreat - Week 16, 2022

NBA | Zeed | AkuDreams | ENS | AAVE | Java

Peter Kacherginsky
Apr 28
Comment
Share

Dear readers,

We finally have a relatively calm week with just a few low value hacks and plenty of good news. For one last week hosted a number of fantastic talks at Trust X, a dedicated Ethereum security conference out of Amsterdam. It was great to present on the state of NFT security, but also to absorb so much great content! Hope you take some time this week to recharge and sharpen the saw before the next onslaught of hacks. Oh and be sure to check out Rivaill’s amazing exploit PoC repo in the Tools section below.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to support the newsletter and unlock the premium section with indicators, special reports, and searchable newsletter archives. ENS, Solana, AAVE and other projects patched critical vulnerability thanks to a well functioning bug bounty machine.


News

  • U.S. Treasury sanctions Russian cryptocurrency mining companies.

  • CISA Alert AA22-108A - TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies.

  • Hackers Are Stealing More Cryptocurrency From DeFi Platforms Than Ever Before report by Chainalysis.

  • Another 6 Members of Finiko Crypto Pyramid Arrested in Russia.

Scams

  • Ongoing phishing campaign on Terra using malicious Google Ads nets attackers $4.31M.

  • How Scammer Used Malicious Bookmark to Gain Access to Discords of NFT projects.

Hacks

  • On April 17, 2022 2omb Finance lost $81K due to a reward manipulation vulnerability.

  • On April 20, 2022 The Association NFT botched its NBA mint after an attacker was able to bypass the allowlist signature verification logic.

  • On April 20, 2022 Zeed Community lost $1M as a result of a reward manipulation vulnerability. Interestingly, the attacker self-destructed the exploit contract before they had a chance to extract the loot.

Other Incidents

  • On April 24, 2022 AkuDreams locked $34M in a series of bad contract decisions.

Vulnerabilities

  • Oracle patched a critical vulnerability in Java’s ECDSA implementation.

  • Solana fixed a rounding error that could drain up to 700M in its implementation of stable swap after it was responsibly disclosed by OtterSec.

  • Solana patched an account impersonation vulnerability in its Anchor framework after it was responsibly disclosed by Armani Ferrante.

  • Aave V3’s Price Oracle Manipulation Vulnerability reported by Hackxyk.

  • ENS Domain Spoofing Vulnerability reported by Hackxyk.

  • ENS patched a null byte injection vulnerability reported by lcfr.eth.

  • CosmWasm patched a consensus breaking vulnerability.

  • Solidly Exchange patched a griefing vulnerability reported by belbix.

Malware

  • Docker servers hacked in ongoing cryptomining malware campaign.

  • Collection of phishing email and messages by Taylor Monahan.

  • 360 Threat Intelligence Center report on Lazarus Word macro spear phishing malware designed to steal cryptocurrency.

Media

  • Trust X 2022 - Talk Recordings.

  • MEV Day 2022 - Talk Recordings and Slides.

  • OffensiveCon22 - Patrick Ventuzelo - Beaconfuzz.

  • The Dark Forest EP0: $1B Multichain Vulnerability & PoC Explained.

  • BlueHat IL 2022 - Tal Be'ery & Shalev Keren - Web3 Security: The Blockchain is Your SIEM.

Research

  • Latent Bugs in Billion-Plus Dollar Code by Dedaub on ERC777 reentrancy threats.

  • Exploring Eth2: Stealing Inclusion Fees from Public Beacon Nodes.

  • Web3 Security: Attack Types and Lessons Learned by Riyaz Faizullabhoy and Matt Gleason.

  • Exploring Security Practices of Smart Contract Developers.

  • Big Phish by Rekt explores nation state threat actors in DeFi space.

  • Programming DeFi: Uniswap V2. Part 4 by Jeiwan.

  • The EVM Handbook.

Tools

  • Crypto Vulnerability Hub by Rivaill is a collection of PoCs for DeFi incidents.

  • Solidity Fuzzing Boilerplate for Foundry and Echidna by PatrickD

Premium Content

Indicators

Terra Google Ads Phishing Address
Terra: terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x3

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2022 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing