Greetings!

Cryptocurrency wallets have always been targets for bad actors, but it seems that every month we learn of another major phishing or draining campaign. Atomic wallet is the latest such incident which already cost users $35m. The root cause of the compromise is still not known. Users continue getting their wallets drained even as developers attempt to minimize the impact. The scary part here is that the post-exploitation behavior points to North Korea.

Things are also not so good in the DeFi land. An unfortunate private key leak on unshETH project’s Github led to a spree of governance takeovers and a loss of $375k. Luckily the attacker was strongly “encouraged” to negotiate and so far restored the governance contract.

El Dorado Exchange hack is even stranger where the attacker not only stole $500k+ but also accused the project of building a backdoor. The wild west logic here is that “I stole from the users before the project owners could”. The attacker returned most of the stolen funds while keeping a nice $100k bounty for themselves. Not so altruistic after all.

Scammers have really outdone themselves this week by throwing a fake Uniswap event in China complete with western looking CEOs, live streams, and performers. But hey hey hey, it’s not like the first time this happened.

Detailed indicators for the above and other incidents this week are available in the premium section below.

Hope you enjoy this week’s edition. Let’s dive in!

News

• Crime boss linked to missing OneCoin scammer Ruja Ignatova shot dead.

• Bitcoin ATM targeted in Texas smash-and-grab.

Scams

• Fake Uniswap convention in China.

• MoonPay insiders pocketed $150 million weeks before CEO bought $38 million mansion.

• Attack Deep Dive: Soft Rug Pull by Forta.

• Top 5 crypto drainers you should know by SunSec.

• A drop in NFT phishing following Monkey Drainer departure by Tal Be’ery.

• Pink drainer learned new tricks such as using private sales on Blur to prevent frontrunning by 0xQuit.

Hacks

• On May 28, 2023 Baby Doge lost $137k in a price oracle manipulation exploit.

• On May 29 2023 El Dorado Exchange (EDE) lost $520k in a price oracle manipulation exploit. Curiously the attacker returned most of the assets after calling out a potential backdoor in the project.

• On May 31, 2023 unshETH lost $375k after leaking admin keys on their Github. After failing opsec, the attacker restored contract governance but still holding on to the stolen assets..

• On May 31, 2023 ERC20Token lost $115k in a price oracle manipulation exploit.

• On June 1, 2023 Cellframe lost $74k in a price oracle manipulation exploit.

• On June 1, 2023 DD Coin lost $126k in a price oracle manipulation exploit.

• On June 3, 2023 Atomic Wallet users lost more than $35m after their private keys were compromised. Stolen assets were swapped to bitcoin and sent to Simbad, a preferred mixer of North Korean actors.

Vulnerabilities

• Game of TRON: Critical 0-Day in TRON Multi-Signature Wallets by Elad Ernst (dWallet Labs).

• Beosin has discovered a vulnerability in the Circom verification library, identified as CVE-2023–33252.

• Stop the Chain! CosmWasm Stack Overflow by Felix Wilhelm (Jump)

• Reports of critical vulnerabilities in Magic Link wallet by holonym.

Malware

• Satacom delivers browser extension that steals cryptocurrency by Kaspersky.

Contests

• Foundry Yul Puzzles by deliriusz.

Media

• Using AI to find bugs in Solidity code by Ethereum Engineering Group.

• MEV TV: Open Source Bot Walkthrough with Robert Miller.

• Block V Guest Speaker: Ali - The multichain for auditors.

• Elliptic Curve Groups | Demystifying Cryptography Fundamentals for Developers (Part 2 of 3) by koalateectrl.

Research

• Exploiting governance with metamorphic proposals based on a case study of the recent Tornado Cash compromise by Peter Kacherginsky, Heidi Wilder Unit 0x.

• Typical vulnerabilities in lending and CDP protocols by kasimonagasaki.

• Checks While Hacks by 0xprinc is a collection of checks to point auditors toward possible vulnerabilities.

• Numerical Analysis - Security Tips and Tricks for DeFi Audits by Spearbit.

• Price & Reward Manipulation Attacks Distilled by Officercia.

• Immunefi Bug Bounty Writeups List by sayan011.

• Uniswap V3 TWAP: Assessing TWAP Market Risk by Omer Goldberg.

• Time to Bribe: Measuring Block Construction Market.

• Blockchain Censorship.

• Learn EVM Course by 0xMacro.

• The Dark Arts of Yul, Explained

Tools

• Etherescan introduced advanced transaction search and filters.

• EVM CFG - a fast and accurate CFG generator for EVM bytecode using symbolic stack analysis.

• Move Lint static detection tool to improve the security of Sui smart contract development through best practices.

• CheckTheChain - a ChatGPT plugin that lets AI do blockchain analysis.

• Pessimism is a public good monitoring service that allows for Optimism bedrock blockchains (Base Layer 2, Optimism) to be continously assessed for real-time threats using customly defined user invariant rulesets.

• Sothis is a tool for replaying historical state on a local anvil/hardhat testnet node.

• Ethereum MEV-Boost, validation pubkey, and other data sets.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content