BlockThreat - Week 20, 2022
FEG | Wormhole | Chainabuse | Beeple | Mee6 | QANplatform
Feed Every Gorilla project got attacked twice in just two days. Could the second attack (and another ~$2M in losses) have been prevented since it used the same exploit vector? This week also featured yet another cross-chain bridge compromised, more phishing attacks (sorry Seth), and a mass NFT Discord compromise after a popular bot got hacked. Oh and be sure to check out another detailed account of a North Korean actor trying to land an inside job at a DAO.
Indexed Finance hacker refuses to give back his millions.
Ethereum raises bug bounty to $250K ahead of merge.
North Korean scammer/hacker job application thread.
On May 15, 2022 FEG project list $1.3M on BSC chain due to insufficient function parameter and reward manipulation vulnerabilities.
On May 16, 2022 FEG project got attacked again and lost another $1.9M using similar exploit to the above on BSC and Ethereum chains.
On May 17, 2022 Mee6 bot compromise led to post fake mint phishing messages on Discord servers of Axie Infinity, Moonbirds, and others.
On May 18, 2022 QANplatform bridge lost $650K in what appears like a signature service compromise.
On May 18, 2022 Feminist Metaverse project list $540K as a result of a reward manipulation exploit.
Wormhole patched a critical uninitialized proxy vulnerability after it was responsibly disclosed by satya0x for which he received a $10M reward.
A New Era of State-Backed DeFi Blackhats Is Upon Us by Immunefi.
Wait, It's All Layer Zero? by Laurence Day.
Simple Security Toolkit a collection of practical security-focused guides and checklists for smart contract development, assembled by the Nascent team.
Exploit weak PRNG in smart contract with a PoC by Halborn.
Smart Contract Vulnerability — Rollback Vulnerability by TriathonLab.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.