BlockThreat - Week 21, 2023
Jimbos | CS | Fintoch | Inferno Drainer
This week more than $8.5m were stolen from various DeFi projects on BSC, Arbitrum, and Polygon chains. Price oracle and reward manipulation continue being top attack vectors. A major scam have finally exited with $31.6m while FBI is warning job applicants to be wary of accidentally joining a phishing farm.
Detailed indicators for the above and other incidents this week are available in the premium section below.
Some truly fascinating vulnerabilities were patched thanks to responsible disclosures in several major projects such as KyberSwap, Celer, Polygon zkEVM, and others. It’s great news on the one hand; however, but it teaches us that even the most audited code is never bug free.
This week’s edition also features the latest and greatest in blockchain security research, so I hope you enjoy some downtime by learning how to find vulnerabilities before the bad actors do. Let’s dive into the news!
Crypto hacks down 70% in Q1 2023 by TRM Labs.
Interview With a Crypto Scam Investment Spammer by Brian Krebs.
Fintoch exit scammed with $31.6m by ZachXBT.
On May 22, 2023 LunaFi lost $35k in a reward manipulation exploit.
On May 23, 2023 CS Token lost $714k in a price oracle manipulation exploit.
On May 23, 2023 Local Traders lost $120k due to insufficient function access controls.
On May 24, 2023 GPT Token lost $155k in a reward manipulation exploit.
On May 26, 2023 Patricia exchange announced theft of bitcoin. No additional details are available about the compromise.
On May 28, 2023 Jimbos Protocol lost $7.5m in a price oracle manipulation exploit.
Saving $100M at risk in KyberSwap Elastic by 100 Proof.
Polygon patched a critical vulnerability in zkEVM which breaks L2 migration thanks to a responsible disclosure by iczc.
Election Fraud? Double Voting in Celer’s State Guardian Network by Felix Wilhelm.
Aleo patched an inflation and chain halting bugs thanks to responsible disclosure by Federico LambdaClass.
New Info Stealer Bandit Stealer Targets Browsers, Wallets by TrendMicro.
Yul & Memory Intro | Yul Exploit! by Owen Thurm.
Exploiting Precision Loss via Fuzz Testing by Dacian.
The Ultimate Guide To Reentrancy by Immunefi.
The EVM Handbook by noxx3xxon.
Solidity Attack Vectors Compilation by 0xprinc.
Solidity compiler metadata analysis thread by RareSkills.
ChaosNet - testnet with autonomous actors by ApeWorX.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.