BlockThreat - Week 16, 2022
NBA | Zeed | AkuDreams | ENS | AAVE | Java
Dear readers,
We finally have a relatively calm week with just a few low value hacks and plenty of good news. For one last week hosted a number of fantastic talks at Trust X, a dedicated Ethereum security conference out of Amsterdam. It was great to present on the state of NFT security, but also to absorb so much great content! Hope you take some time this week to recharge and sharpen the saw before the next onslaught of hacks. Oh and be sure to check out Rivaill’s amazing exploit PoC repo in the Tools section below.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to support the newsletter and unlock the premium section with indicators, special reports, and searchable newsletter archives. ENS, Solana, AAVE and other projects patched critical vulnerability thanks to a well functioning bug bounty machine.
News
U.S. Treasury sanctions Russian cryptocurrency mining companies.
CISA Alert AA22-108A - TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies.
Hackers Are Stealing More Cryptocurrency From DeFi Platforms Than Ever Before report by Chainalysis.
Another 6 Members of Finiko Crypto Pyramid Arrested in Russia.
Scams
Ongoing phishing campaign on Terra using malicious Google Ads nets attackers $4.31M.
How Scammer Used Malicious Bookmark to Gain Access to Discords of NFT projects.
Hacks
On April 17, 2022 2omb Finance lost $81K due to a reward manipulation vulnerability.
On April 20, 2022 The Association NFT botched its NBA mint after an attacker was able to bypass the allowlist signature verification logic.
On April 20, 2022 Zeed Community lost $1M as a result of a reward manipulation vulnerability. Interestingly, the attacker self-destructed the exploit contract before they had a chance to extract the loot.
Other Incidents
On April 24, 2022 AkuDreams locked $34M in a series of bad contract decisions.
Vulnerabilities
Oracle patched a critical vulnerability in Java’s ECDSA implementation.
Solana fixed a rounding error that could drain up to 700M in its implementation of stable swap after it was responsibly disclosed by OtterSec.
Solana patched an account impersonation vulnerability in its Anchor framework after it was responsibly disclosed by Armani Ferrante.
Aave V3’s Price Oracle Manipulation Vulnerability reported by Hackxyk.
ENS Domain Spoofing Vulnerability reported by Hackxyk.
ENS patched a null byte injection vulnerability reported by lcfr.eth.
CosmWasm patched a consensus breaking vulnerability.
Solidly Exchange patched a griefing vulnerability reported by belbix.
Malware
Docker servers hacked in ongoing cryptomining malware campaign.
Collection of phishing email and messages by Taylor Monahan.
360 Threat Intelligence Center report on Lazarus Word macro spear phishing malware designed to steal cryptocurrency.
Media
The Dark Forest EP0: $1B Multichain Vulnerability & PoC Explained.
BlueHat IL 2022 - Tal Be'ery & Shalev Keren - Web3 Security: The Blockchain is Your SIEM.
Research
Latent Bugs in Billion-Plus Dollar Code by Dedaub on ERC777 reentrancy threats.
Exploring Eth2: Stealing Inclusion Fees from Public Beacon Nodes.
Web3 Security: Attack Types and Lessons Learned by Riyaz Faizullabhoy and Matt Gleason.
Big Phish by Rekt explores nation state threat actors in DeFi space.
Programming DeFi: Uniswap V2. Part 4 by Jeiwan.
Tools
Crypto Vulnerability Hub by Rivaill is a collection of PoCs for DeFi incidents.
Solidity Fuzzing Boilerplate for Foundry and Echidna by PatrickD
Premium Content
Indicators
Terra Google Ads Phishing Address
Terra: terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x3