BlockThreat - Week 17, 2023
0vix | Merlin | North Korea | Hamas
A relatively quiet week with a couple of price oracle hacks worth about $2m and another $1.8m malicious insider case emptying liquidity from a backdoored protocol.
Detailed indicators for all the above incidents are in the premium section below.
In other news Hamas decided to discontinue Bitcoin as a donation mechanism based on how easy it got to identify their supporters while US DoJ charged yet another North Korean official responsible for mass cryptocurrency hacks and laundering operations.
North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies. The indictment provides details of North Korean actors obtaining jobs at cryptocurrency businesses using fake identities to facilitate money laundering and possible additional theft of assets.
Dark Web Price Index 2023. Crypto exchange accounts range from $20 to $2000+. The latter is for N26, Wirex, and Nuri exchanges.
On April 26, 2023 Merlin DEX project lost $1.8m after malicious insiders triggered a backdoor. The incident was interesting because it was previously audited by CertiK which offered compensation to its victims.
On April 28, 2023 ForTube lost $80k in a price oracle manipulation exploit.
Fuzzing Vyper Contracts Using Foundry by Parsely.
Common fork bugs curated by YAcademy.
Lending/Borrowing DeFi Attacks by Dacian.
Web3 Security Talks curated by YAcademy.
Decentralized Finance Threat Matrix by Manifold Finance.
MEV related threats mega thread by Rober Miller.
Exploration of MEV Latencies by 0xTaker.
Time, slots, and the ordering of events in Ethereum Proof-of-Stake by Georgios Konstantopoulos, Mike Neuder.
Blockchain Large Language Models used to detect anomalous transactions.
How to Calculate Funds at Risk by Immunefi.
Formal verification and symbolic execution thread by Patrick Collins.
Generic Ethereum contract web interfaces thread by Daniel Luca.
ChainFuncs - a simple script,simplify some cli operations using cast.