Greeting!

I hope you got some rest last week, because this one was brutal. GoDaddy compromise resulted in DNS takeovers of multiple DeFi projects. Malicious Coinzilla ads phished users across Etherscan, CoinGecko and other highly trusted resources. $40B LUNA/UST meltdown triggered a chain halt to prevent governance attacks and caused additional $56M+ in losses across DeFi projects with faulty stablecoin price oracles.

This week did not have too much traditional smart contract exploitation as attackers find it easier to target web2 infrastructure. If you are not already including infra and 3rd party dependencies in your threat model, then now is the time. Oh and be on the lookout for job applications coming from North Korea.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

News

• Terra halted its blockchain to disable staking in order avoid governance attacks following a disastrous stablecoin depeg.

• Theft, Money Laundering, and NFT Market Manipulation Underline Importance of Safety and Compliance in Web3 report by Chainalysis.

• The rise of the crypto cop and a real shortage of them.

• North Korean IT workers are getting tech and crypto jobs online, US agencies warn.

• Coffeezilla, the YouTuber Exposing Crypto Scams article in The New Yorker.

• Crypto robber who lured victims via Snapchat and stole £34,000 jailed.

Phishing

• Users of Etherscan, CoinGecko, and other major crypto resources were targeted with targeted with a MetaMask phishing scam through JavaScript injected on the Coinzilla ad network.

Hacks

• On May 9, 2022 HoneySwap users lost $20K as a result of a domain hijacking attack which tricked users into sending tokens to the wrong address.

• On May 9, 2022 Ownly lost $30K as a result of a logic error in its unstaking function.

• On May 10, 2022 Neorder DAO lost $3.3M due the private key leak.

• On May 11, 2022 Blizz Finance and Venus protocol lost combined $21.8M after Chainlink LUNA price oracle started reporting an incorrect price.

• On May 11, 2022 Kava lost half of its value after its hardcoded UST price was used to generate lost of bad debt.

• On May 15, 2022 Scream Protocol lost $35M due by hardcoding fUSD stablecoin to $1 when it in fact lost its peg.

Vulnerabilities

• Solana patched a vulnerability in its implementation of the `sdiv` instruction which could lead to monetary losses after it was responsibly disclosed by the BlockSec Team.

• Sturdy patched a vulnerability in its fallback oracle configuration after it was responsibly disclosed by Nnez.

• Balancer patched a DoS vulnerability after it was responsibly disclosed through Immunefi.

• Geth patched a DoS vulnerability caused by a malicious p2p message.

Malware

• A Closer Look At Eternity Malware.

• Fake Pixelmon NFT site infects you with password-stealing malware.

• RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload.

Contests

• Stablecoin manipulation challenge by Hacxyk. Solution.

Research

• Review of Automated Vulnerability Analysis of Smart Contracts on Ethereum.

• EVM Deep Dives: The Path to Shadowy Super Coder 🥷 💻 - Part 5.

• Earn $200K by fuzzing for a weekend: Part 1 and Part 2.

• A Tale of Two Markets: Investigating the Ransomware Payments Economy.

Premium Content