Greetings!

Feed Every Gorilla project got attacked twice in just two days. Could the second attack (and another ~$2M in losses) have been prevented since it used the same exploit vector? This week also featured yet another cross-chain bridge compromised, more phishing attacks (sorry Seth), and a mass NFT Discord compromise after a popular bot got hacked. Oh and be sure to check out another detailed account of a North Korean actor trying to land an inside job at a DAO.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

News

• U.S. issues charges in first criminal cryptocurrency sanctions case.

• Terra creator Do Kwon faces prosecution in South Korea.

• Indexed Finance hacker refuses to give back his millions.

• TRM Labs along with Circle, Binance, AAVE, and others launched Chainabuse, a crowdsourced aggregator of cryptocurrency scams.

• Ethereum raises bug bounty to $250K ahead of merge.

Scams

• Phishing scam uses Beeple’s Twitter to steal $400k in crypto and NFTs.

• Actor Seth Green is on Twitter trying to reclaim a stolen Bored Ape.

• Fake crypto sites lure wannabe thieves by spamming login credentials.

• Elon Musk deep fakes promote new BitVex cryptocurrency scam.

• North Korean scammer/hacker job application thread.

Hacks

• On May 15, 2022 FEG project list $1.3M on BSC chain due to insufficient function parameter and reward manipulation vulnerabilities.

• On May 16, 2022 FEG project got attacked again and lost another $1.9M using similar exploit to the above on BSC and Ethereum chains.

• On May 17, 2022 Mee6 bot compromise led to post fake mint phishing messages on Discord servers of Axie Infinity, Moonbirds, and others.

• On May 18, 2022 QANplatform bridge lost $650K in what appears like a signature service compromise.

• On May 18, 2022 Feminist Metaverse project list $540K as a result of a reward manipulation exploit.

• On May 21, 2022 bDollar lost $730K in a price manipulation exploit. Curiously the exploit was frontran by an MEV bot.

Vulnerabilities

• Wormhole patched a critical uninitialized proxy vulnerability after it was responsibly disclosed by satya0x for which he received a $10M reward.

Malware

• In hot pursuit of ‘cryware’: Defending hot wallets from attacks.

• Sysrv Botnet Expands and Gains Persistence.

Contests

• Hats Finance CTF challenge and solution.

• More EVM puzzles by daltyboy11.

Research

• Security Analysis of DeFi: Vulnerabilities, Attacks and Advances.

• A New Era of State-Backed DeFi Blackhats Is Upon Us by Immunefi.

• Wait, It's All Layer Zero? by Laurence Day.

• Simple Security Toolkit a collection of practical security-focused guides and checklists for smart contract development, assembled by the Nascent team.

• Secureum Bootcamp Epoch∞ - May RACE #6.

• Exploit weak PRNG in smart contract with a PoC by Halborn.

• Smart Contract Vulnerability — Rollback Vulnerability by TriathonLab.

• The collision of traditional security and Web3 IPFS security by Knownsec.

Premium Content