BlockThreat - Week 2, 2023
LendingHub | Midas Capital | BRA Token | North Korea | Harmony | Wormhole
Greetings!
Yet another Mailchimp compromise likely targeted crypto companies including Solana. We should learn more in the next few days as more disclosures surface. In the meantime, please be more vigilant with your mail box! On the DeFi side we have a few usual price oracle and reward manipulation bugs including a relatively novel read-only reentrancy exploit used to target Midas Capital.
The crypto spring also brought back Harmony and Wormhole attackers from hibernation which started moving stolen assets to exchanges and Ethereum network respectively. Luckily the community noticed and quickly alerted CeXs which were able to freeze some of the assets. Even more great news, tincho just published a new release of the Damn Vulnerable DeFi! So be sure to check it out while sharpening your skills with papers in the research section.
Let’s dive into the news, but first a note from our sponsors at Chainalysis! I’m pretty excited about the upcoming annual crypto crime report so be sure to checkout the preview link below:
Illicit Crypto Transaction Volume Reaches ATH of $20.1B
For the second year, illicit crypto transaction volume hit an all-time high of $20.1 billion in 2022. 44% of this activity was associated with sanctioned entities in a year when OFAC launched some of its most ambitious crypto sanctions yet. Check out more crypto crime stats from Chainalysis now >
News
OpenZeppelin is accepting nominations for the Top 10 Blockchain Hacking Techniques in 2022.
North Korea’s Lazarus group moved 41K ETH ($63.5M) from the Harmony bridge compromise to Binance, Huobi, and OKX using Railgun Project. Some of the exchanges collaborated to freeze $3M of the stolen assets; however, bad actors to still got away with a sizable profit.
Wormhole attackers also started moving assets from the compromise worth $3M to Ethereum network.
European police takes down call centers behind cryptocurrency scams.
Scams
MetaMask warns of new 'Address Poisoning' cryptocurrency scam.
Fake Token Trendy: The Next Millionaire is You by opang and X-explore.
Analysis for CirculateBUSD Project Rugpull, Loss of $2.27 Million! by Numen Cyber Labs.
On the Trail of the Squid Game Scammers by TRM Labs.
Report of a new NFT scam using fake transfer events by 0xCygaar.
DeFiHackLabs Academy - User Awareness Series.
Hacks
On January 7, 2023 multiple arbitrage bots took advantage of bad price oracle data on Mycelium platform, which resulted in $300K losses to LPs.
On January 10, 2023 BRA token lost $225K due to a reward calculation bug.
On January 11, 2023 Roe Finance lost $80K in a price manipulation exploit. Interestingly, an MEV bot kept on frontrunning attacker’s transactions.
On January 11, 2023 UF DAO lost $90k in a reward calculation vulnerability across eight EVM chains.
On January 11, 2023 Mailchimp compromise resulted in the potential theft of mailing lists belonging to 133 accounts including the one belonging to Solana.
On January 12, 2023 LendingHub lost $6M due to a misconfiguration which left a deprecated token contract live, which allowed attackers to arbitrage them.
On January 15, 2023 Midas Capital lost $654K due to a relatively new kind of a read-only reentrancy vulnerability.
Vulnerabilities
Most Governance Contracts Have an Upcoming Vulnerability We Should All Pay Attention To by Ease.
Multiple reports of a vulnerability in CoinMarketCap airdrop mechanism.
Google Chrome “SymStealer” Vulnerability by Imperva.
Malware
Malware Targeting Crypto Wallets Detected In Crypto Trading Forum by Safeguard Cyber.
Contests
Damn Vulnerable DeFi v3 Release by tincho.
Media
Community Workshop with Riley Holterhus (Spearbit)
Sense Finance $50k Bug Bounty Walkthrough with 0xRudraPratap (Immunefi).
Research
Disassembling EVM Bytecode (the Basics) by Dr. David J Pearce.
A Low-Level Guide To Solidity's Storage Management by DeGatchi.
Vulnerable Spots of Lending Protocols by Daniil Ogurtsov (MixBytes).
DeFiHackLabs Academy - Onchain Debugging Series.
ERC4337 Sample VerifyingPaymaster Signature Replay attack by Taek Lee.
Vanity Addresses - The only safe way to do permissionless multichain deployments by foobar.
Top 10 DeFi Exploits for training by bytes032.
Code smells that often lead to vulnerabilities by Owen (Guardian).
Vulnerability hunting heuristics by Daniel (Guardian).
Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting.
Sharpening Ponzi Schemes Detection on Ethereum with Machine Learning.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Premium Content
Indicators
BRA Token Attackers
BSC: 0xe2ba15be8c6fb0d7c1f7bea9106eb8232248fb8b
BSC: 0x67a909f2953fb1138bea4b60894b51291d2d0795
Roe Finance Attackers
Ethereum: 0xe2ba15be8c6fb0d7c1f7bea9106eb8232248fb8b
Ethereum: 0x3a5b7db0be9f74324370fbd65b75850a5c82d176
Ethereum: 0x67a909f2953fb1138bea4b60894b51291d2d0795
Midas Capital Attackers
Polygon: 0x1863b74778cf5e1c9c482a1cdc2351362bd08611
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.