Greetings!

Mass X account compromises continue with SEC getting hacked resulting in volatile market movements. The reported attack vector was lack of 2FA and a sim-swapped phone number associated with the account. If only they followed the Twitter Security Self-Audit by the good folks at Security Alliance. Did you?

Solana network is experiencing a rise in drainer and airdrop phishing attacks all too familiar in the EVM world.

Only one notable and highly sophisticated DeFi compromise targeting Wise Lending lending protocol.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

A rare, relatively quiet week. Hope you can catch up on all of the excellent research articles in this week’s edition. Oh and be sure to check out an excellent talk on bug bounty programs and security researchers in traditional security to see where we are going as cryptocurrency becomes an integrated part of world’s financial systems.

Let’s dive into the news!

Events

• Curta CTF Puzzle by @ret2jazzy on Base - January 15th, 2024.

News

• SEC X account compromised with a post about Bitcoin ETP approval. The resulting bitcoin price fluctuation resulted in $300M worth of liquidations. FBI is now engaged to investigate the hack.

• Reported ‘transfer’ of $15B XRP was part of a failed exploit attempt.

• TrustSec team member HE1M and his spouse were caught cheating on the zkSync contest. Insider threat happens and HE1M was swiftly let go following an internal investigation. Are you on the lookout for bad actors in your midst?

• Web3 Hack Post-Mortem 2023 by Chainlight. Password: duediligence.

Crime

• Secret multimillion-dollar cryptojacker snared by Ukrainian police.

• ‘Bitcoin Rodney’ Pushed Crypto With Jamie Foxx and Rick Ross. Now He’s Under Arrest.

• Here’s Some Bitcoin: Oh, and You’ve Been Served! by Brian Krebs. A creative way to serve summons in OP RETURN, although unlikely to succeed.

• 19 Charged Worldwide In Global Cybercrime Investigation of the xDedic Marketplace.

Phishing

• Hacking AICoincom phishing operation by Chaofan Shou.

• Gold Rush on the Dark Web: Threat Actors Target X (Twitter) Gold Accounts by CloudSEK.

• CoinGecko's X account hacked, posts fraudulent token airdrop.

• Over $4 Million Stolen By Multiple Solana Wallet Drainers by Scam Sniffer.

• Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns by Mandiant.

• Apple iCloud: Doing this 1 thing can help stop hacks by Matt Gleason (a16z Crypto).

• Google Security Self-Audit by Security Alliance.

• Info-stealers can steal cookies for permanent access to your Google account by Pieter Arntz (Malwarebytes Labs).

Scams

• $32M Stolen: Over 1,300 Fake Tokens Rugged investigation by Pablo sabbatella (Blockfence).

• Narwhal Incident Report by CertiK.

• Before Profits Fade: Your Essential Guide to Inscription Fraud Prevention by BlockSec.

• Michael Saylor warns of deepfake crypto scams involving MicroStrategy.

• I got scammed or suspect scam on Ethereum. What to do?

Policy

• Elizabeth Warren slams SEC over decision to allow spot bitcoin ETFs, says crypto needs to follow anti-money laundering rules.

• AB 39 & SB 401: An Analysis Of Pending California Legislation For Bitcoin Exchanges.

Malware

• Apache Applications Targeted by Stealthy Attacker by Nitzan Yaakov, Assaf Morag (Aqua).

• You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance by Stiv Kupchik (Akamai).

• Decryptor for Babuk ransomware variant released after hacker arrested.

Media

• Zero to Hero Money Hacking Roadmap with Stephen Sims. Bug bounty programs, exploit markets, security researchers and other lessons from the traditional security world that has been doing this for decades.

• Immunefi <> Zellic <> Scroll on cybersec 2024 trends X Space by Immunefi.

• Video-Based Cryptanalysis: Recovering Cryptographic Keys from Device Using Video of Power LED by Etay Iluz , Ben Nassi (Ben-Gurion University of the Negev)

• Echidna Tutorial: #2 Fuzzing with Assertion Testing Mode by bloqarl.

• MEV Crash Course by Uttam Singh.

Research

• War & Peace: Behind the Scenes of Euler’s $240M Exploit Recovery by Michael Bentley (Euler).

• Permission denied - The story of an EIP that sinned by Trust Security.

• Beanstalk Insufficient Input Validation Bugfix Review by Immunefi.

• Astar Network Integer Truncation Error Bugfix Review by Immunefi.

• The Devil Behind the Mirror: Tracking the Campaigns of Cryptocurrency Abuses on the Dark Web.

• Security Review Readiness Guide by Spearbit.

• Solana dApp Security Roadmap by Rektoff.

• Exploring Solana: A Comprehensive Guide to Accounts, Tokens, Transactions, and Ensuring Asset Security by SlowMist.

• What Are Elliptic Curve Pairings? by Malte Leip (Zellic).

• Non-Atomic Arbitrage in Decentralized Finance.

Tools

• Wasmcov - Automated coverage analysis of WASM executables on embedded, blockchain, and other constrained environments.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content