Greetings!

Nearly $14M was stolen across six incidents this week, with the Chinese crypto underground implicated in laundering DPRK-linked funds, and latest crypto phishing techniques including DKIM replay and Calendly spoofing attacks.

Let’s start with the relatively good news: most of that was stolen and later returned in a high-profile heist involving KiloEx. The $7.5M exploit was coordinated across multiple chains and abused the same insufficient function parameter validation to gain control over the protocol’s price-setting method. After manipulating prices and rapidly opening and closing ETH positions, the attacker quickly drained the protocol.

The silver lining? The attacker accepted a 10% bounty and returned the majority of the funds, thanks to efforts from SlowMist, SEAL 911, BlockSec, and others.

Now for the less happy stuff.

A private key compromise on zkSync cost a developer $5M from airdrop-related contracts. On the one hand, it’s good the damage was relatively contained. On the other—why wasn’t a multisig slapped on anything holding more than lunch money?

Then there’s R0AR, which lost $790K due to a backdoor snuck in by one of the developers. Yet again: how was this missed in both pre- and post-deployment audits?

Finally, the rest of the week was marked by alarm bells over Elusive Comet’s latest campaign—sneaking into Telegram chats, phishing emails, and luring victims into malfunctioning Zoom calls. Stay paranoid. Please be safe and review SEAL’s advisory.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Let’s dive into the news!

News

• Non-KYC exchange eXch to close down under money laundering scrutiny tied to Lazarus Group.

• Phantom Wallet Sued Over $500K Meme Coin Theft Linked to Alleged Security Flaw. Unlikely to succeed, but an interesting development if picked up as a trend by other crypto theft victims.

• Chinese chip used in bitcoin wallets is putting traders at risk. The article focuses on bugs/features in ESP32 chip that may allow remote private key theft from hardware wallets such as Blockstream.

• Major crypto exchanges suffer complications after AWS outage.

• Matra of Misfortune by Rekt. Explores a quiet cash out before the full meltdown the Mantra chain with $5B.

Crime

• China Is Fueling Crypto Crime, From North Korea to Mexican Cartels.

• Crypto Casino Founder Richard Kim Arrested After Gambling Away Investor Funds.

Policy

• China debates how to handle criminal crypto cache.

Phishing

• Google Spoofed Via DKIM Replay Attack: A Technical Breakdown. The technique was already used to target crypto folks.

• Crypto CEO Loses $100K in Zoom Call Hack by ‘ELUSIVE COMET’.

• X Account Takeover in One Click From Calendly/Calendar fake link by Louis Marquenet (Opsek).

• Mitigating ELUSIVE COMET Zoom remote control attacks by Trail of Bits.

• Beginner’s Guide to Web3 Security: Clipboard Risks by SlowMist.

• North Korean hackers target crypto devs with fake recruitment tests.

Malware

• Crypto Developers Targeted by Python Malware Disguised as Coding Challenges.

• Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers.

• What is Bitcoinlib, and how did hackers target it?.

Media

• Bountyhunt3rz - Episode 11 - merkle_bonsai.

Research

• Time-to-Hack: How fast vulnerable smart contracts get exploited? by Decurity. 49% of vulnerable smart contracts are exploited within the first 30 days after deployment, with many hacks occurring within just 7 days.

• NEAR Smart Contract Auditing: Accounts & Access Control by Elmedin Burnik (Sigma Prime).

• EthCluster: An Unsupervised Static Analysis Method for Ethereum Smart Contract.

• Enhancing Smart Contract Security Analysis with Execution Property Graphs.

• A Multi-Layered Security Analysis of Blockchain Systems: From Attack Vectors to Defense and System Hardening.

• Topological Analysis of Mixer Activities in the Bitcoin Network.

• From Data Behavior to Code Analysis: A Multimodal Study on Security and Privacy Challenges in Blockchain-Based DApp.

• WalletProbe: A Testing Framework for Browser-based Cryptocurrency Wallet Extensions.

• Clustering and analysis of user behaviour in blockchain: A case study of Planet IX.

• OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine.

• Malicious Code Detection in Smart Contracts via Opcode Vectorization.

Tools

• Recon VSCode Extension is now open source.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content