Greetings!
Busy week with 7 compromises netting more than $1.5M for bad actors. Clear attack patterns emerged this week with someone clearly specializing in one type of exploit to target as many protocols as possible. Let’s look at them more closely, but first a quick note from our sponsor Cyfrin!
Cyfrin is dedicated to helping scale smart contract security. Protocols looking for a private audit should reach out, but additionally, the team works on tools and platforms to scale security throughout the industry.
Cyfrin Updraft has the most watched smart contract development and security curriculum on earth. Cyfrin CodeHawks is the competitive audit platform for web3, for everyone from the started security researchers to the top bug hunting masters. Solodit is the audit report aggregator to help you learn the top attack vectors being reported today. Aderyn is the open-sourced rust-based static analyzer to help automatically detect bugs in your solidity codebase.
Multiple projects were exploited due to not properly protecting sensitive methods:
Perpy Finance - broken proxy deployed allowed arbitrary upgrades. $130K stolen.
Galaxy Fox - no source contract exposed internal method. $330K stolen.
Tsuru - arbitrary mint in the exposed onERC1155Received method. $410K stolen.
Tracing funds from Perpy and Tsuru attackers clearly shows they are the same actor which exploited two different projects using similar attack vectors. That’s interesting since it shows attackers specializing in a particular exploit type.
North Korean state actors have been busy with new malware variants and lures targeting crypto developers looking for the next gig. One such campaign utilized malicious code repos hosted on Github, Gitlab, Bitbucket, and others to entice victims to download and run malware as part of the interview “challenge”. Check out Phishing and Malware sections for more details.
The premium version of the newsletter includes additional coverage, PoCs, indicators for the above mentioned protocols as well as Bloom, OSN Token, GPU, and others.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Oh and be sure to check out Mitchell Amador’s retrospective on running the first and largest crypto bug bounty program for the last three years. Let’s dive into the news!