Greetings!

A relatively quiet week with a couple of price oracle hacks worth about $2m and another $1.8m malicious insider case emptying liquidity from a backdoored protocol.

Detailed indicators for all the above incidents are in the premium section below.

In other news Hamas decided to discontinue Bitcoin as a donation mechanism based on how easy it got to identify their supporters while US DoJ charged yet another North Korean official responsible for mass cryptocurrency hacks and laundering operations.

News

• North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies. The indictment provides details of North Korean actors obtaining jobs at cryptocurrency businesses using fake identities to facilitate money laundering and possible additional theft of assets.

• Hackers are breaking into AT&T email accounts to steal cryptocurrency.

• Cleveland man who once sat in a bathtub full of cash after stealing $5 million in seized bitcoin sentenced to prison.

• Hamas armed wing announces suspension of bitcoin fundraising.

• Robin Hood hacker steals rich Russian crypto funds, gives to poor Ukraine.

• Dark Web Price Index 2023. Crypto exchange accounts range from $20 to $2000+. The latter is for N26, Wirex, and Nuri exchanges.

Scams

• On April 26, 2023 Merlin DEX project lost $1.8m after malicious insiders triggered a backdoor. The incident was interesting because it was previously audited by CertiK which offered compensation to its victims.

• Investigation and Analysis of Third-party Sources of Fake Web3 Wallets by SlowMist.

Hacks

• On April 28, 2023 0vix Protocol lost $2m in a price oracle manipulation exploit.

• On April 28, 2023 ForTube lost $80k in a price oracle manipulation exploit.

Malware

• New Atomic macOS info-stealing malware targets 50 crypto wallets.

Media

• Web3 Tutorial 23: Next level smart contract security with Diligence Fuzzing.

• Fuzzing Vyper Contracts Using Foundry by Parsely.

• Common fork bugs curated by YAcademy.

• Lending/Borrowing DeFi Attacks by Dacian.

• Web3 Security Talks curated by YAcademy.

• Decentralized Finance Threat Matrix by Manifold Finance.

• MEV related threats mega thread by Rober Miller.

• Exploration of MEV Latencies by 0xTaker.

• Time, slots, and the ordering of events in Ethereum Proof-of-Stake by Georgios Konstantopoulos, Mike Neuder.

• Demystifying Random Number in Ethereum Smart Contract: Taxonomy, Vulnerability Identification, and Attack Detection.

• Bitcoin Double-Spending Attack Detection using Graph Neural Network.

• Blockchain Large Language Models used to detect anomalous transactions.

Research

• How to Calculate Funds at Risk by Immunefi.

• Formal verification and symbolic execution thread by Patrick Collins.

Tools

• Generic Ethereum contract web interfaces thread by Daniel Luca.

• ChainFuncs - a simple script,simplify some cli operations using cast.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

Merlin

zkSync: 0x2744d62a1e9ab975f4d77fe52e16206464ea79b7
zkSync: 0xc0d6987d10430292a3ca994dd7a31e461eb28182