BlockThreat - Week 19, 2022
GoDaddy | Coinzilla | Etherscan | UST | RedLine
I hope you got some rest last week, because this one was brutal. GoDaddy compromise resulted in DNS takeovers of multiple DeFi projects. Malicious Coinzilla ads phished users across Etherscan, CoinGecko and other highly trusted resources. $40B LUNA/UST meltdown triggered a chain halt to prevent governance attacks and caused additional $56M+ in losses across DeFi projects with faulty stablecoin price oracles.
This week did not have too much traditional smart contract exploitation as attackers find it easier to target web2 infrastructure. If you are not already including infra and 3rd party dependencies in your threat model, then now is the time. Oh and be on the lookout for job applications coming from North Korea.