Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 20, 2022
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 20, 2022

FEG | Wormhole | Chainabuse | Beeple | Mee6 | QANplatform

Peter Kacherginsky
May 26, 2022
∙ Paid
1

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 20, 2022
Copy link
Facebook
Email
Notes
More
Share

Greetings!

Feed Every Gorilla project got attacked twice in just two days. Could the second attack (and another ~$2M in losses) have been prevented since it used the same exploit vector? This week also featured yet another cross-chain bridge compromised, more phishing attacks (sorry Seth), and a mass NFT Discord compromise after a popular bot got hacked. Oh and be sure to check out another detailed account of a North Korean actor trying to land an inside job at a DAO.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.


News

  • U.S. issues charges in first criminal cryptocurrency sanctions case.

  • Terra creator Do Kwon faces prosecution in South Korea.

  • Indexed Finance hacker refuses to give back his millions.

  • TRM Labs along with Circle, Binance, AAVE, and others launched Chainabuse, a crowdsourced aggregator of cryptocurrency scams.

  • Ethereum raises bug bounty to $250K ahead of merge.

Scams

  • Phishing scam uses Beeple’s Twitter to steal $400k in crypto and NFTs.

  • Actor Seth Green is on Twitter trying to reclaim a stolen Bored Ape.

  • Fake crypto sites lure wannabe thieves by spamming login credentials.

  • Elon Musk deep fakes promote new BitVex cryptocurrency scam.

  • North Korean scammer/hacker job application thread.

Hacks

  • On May 15, 2022 FEG project list $1.3M on BSC chain due to insufficient function parameter and reward manipulation vulnerabilities.

  • On May 16, 2022 FEG project got attacked again and lost another $1.9M using similar exploit to the above on BSC and Ethereum chains.

  • On May 17, 2022 Mee6 bot compromise led to post fake mint phishing messages on Discord servers of Axie Infinity, Moonbirds, and others.

  • On May 18, 2022 QANplatform bridge lost $650K in what appears like a signature service compromise.

  • On May 18, 2022 Feminist Metaverse project list $540K as a result of a reward manipulation exploit.

  • On May 21, 2022 bDollar lost $730K in a price manipulation exploit. Curiously the exploit was frontran by an MEV bot.

Vulnerabilities

  • Wormhole patched a critical uninitialized proxy vulnerability after it was responsibly disclosed by satya0x for which he received a $10M reward.

Malware

  • In hot pursuit of ‘cryware’: Defending hot wallets from attacks.

  • Sysrv Botnet Expands and Gains Persistence.

Contests

  • Hats Finance CTF challenge and solution.

  • More EVM puzzles by daltyboy11.

Research

  • Security Analysis of DeFi: Vulnerabilities, Attacks and Advances.

  • A New Era of State-Backed DeFi Blackhats Is Upon Us by Immunefi.

  • Wait, It's All Layer Zero? by Laurence Day.

  • Simple Security Toolkit a collection of practical security-focused guides and checklists for smart contract development, assembled by the Nascent team.

  • Secureum Bootcamp Epoch∞ - May RACE #6.

  • Exploit weak PRNG in smart contract with a PoC by Halborn.

  • Smart Contract Vulnerability — Rollback Vulnerability by TriathonLab.

  • The collision of traditional security and Web3 IPFS security by Knownsec.

Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More