Dear Reader,

For more than 4 years, I have been dedicated to delivering top-quality content on the latest events and research in the field of blockchain security. As both the newsletter and the industry have grown, the demands and resources required to produce it on the weekly basis have increased as well.

The sections on Hacks and Vulnerabilities, in particular, require significant time and resources for curation and research. To ensure their continued high quality, I have made the decision to move them to the premium section of the newsletter and significantly expand their content. This change will provide auditors and bug bounty hunters with more detailed coverage to better understand novel exploitation vectors. Developers will also benefit from learning about attackers’ techniques and tactics to enhance their defenses.

You can see a free preview of what the above changes will look like below. To keep receiving news on hacks and vulnerabilities, please subscribe to the premium edition:

Please note that the rest of the newsletter, which includes threat intelligence on the latest events, research, competitions, tools, and other topics, will continue to be available to you free of charge with the same high quality of content that you have come to expect.

I value each and every one of you as we continue our journey together to build trust in the cryptocurrency ecosystem so that one day it would benefit billions. If you want to shape the future of BlockThreat please provide feedback here.

Let’s dive into the news!

News

• Russians charged with hacking Mt. Gox crypto exchange, running BTC-e. Full DoJ charges here.

• ‘Crypto millionaire’ found dead in Ozarks was involved in kidnapping.

• CFTC wins Ooki DAO case, setting precedent that DAOs can be held liable.

• Hacker drains Russian special services wallets, transfers funds to Ukraine.

• Chief Russian investigator accused of accepting record 1,032 bitcoin bribe.

• Kim Kardashian EMAX Suit to Proceed as Court Considers Updated Complaint.

• Google Cloud Cryptomining Protection Program offers $1 million for costly cryptomining attacks.

• Financial Crime in Cryptoassets Typologies Report 2023 by Elliptic.

Scams

• Demystifying Profit Sharing in Inferno Drainer by BlockSec.

• Pink Drainer steals $3M from multiple hack events including OpenAI CTO, Orbiter Finance by Scam Sniffer.

• Twitter hackers target high-profile accounts with phishing scam.

• Former US judge stole WW2 veteran’s savings for crypto.

• Ripping Off Professional Criminals by Fermenting Onions - Phishing Darknet Users for Bitcoins by Valtteri Lehtinen.

Malware

• Satacom delivers browser extension that steals cryptocurrency.

Contests

• SEETF 2023 Writeups by minaminao and Kaiziron.

Media

• The $200,000,000 Euler Hack by Junion.

• Elliptic Curve Pairings | Demystifying Cryptography Fundamentals for Developers (Part 3 of 3) by koalateectrl.

Research

• A Brief History of the Internet’s Biggest BGP Incidents by Doug Madory.

• Web3 Wallet Security Audit Upgrade by SlowMist.

• Unveiling Transaction Simulation Challenges: Blowfish Case Study by Tiago Assumpcao (Coinspect).

• Software wallets research series: EIP-712 implementation issue impacting 40+ vendors by Matias Sequeira (Coinspect).

• NFT attacks by Volodya provides a survey of common attack patterns.

• Typical vulnerabilities in LSD protocols by kasimonagasaki (Decurity).

• Smashing bugs using Certora Prover: A hands on approach to Formal Verification of Smart Contracts by Shanzson.

• SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts.

• An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts.

• Vulnerable Smart Contract Function Locating Based on Multi-Relational Nested Graph Convolutional Network.

• Read-only Reentrancy: In-Depth by OfficerCia.

• Understanding Signature Replay Attack by Neptune Mutual.

• What's inside a node? Malicious IPFS nodes under the magnifying glass.

• Buying Time: Latency Racing vs. Bidding in Fair Transaction Ordering.

• L2 MEV wat by Lisa A. maps out the current state of L2.

• Diff EVM-compatible chains by Matt Solomon compares chain properties such as presence of precompiles and predeploys.

• Gas Optimization in Ethereum Smart Contracts: 10 Best Practices by CertiK.

• Greedy-Mine: A Profitable Mining Attack Strategy in Bitcoin-NG.

• Demystifying ZKPs with Porter Adams.

Tools

• Introducing flood: a load testing tool for benchmarking EVM nodes by Paradigm.

• Introducing evm.storage — Increasing transparency and accessibility for EVM contracts by Dor (smlXL).

• Fuzzy DeFi repo by 0xNazgul contains fuzz properties for the current top five forked protocols

• Signature Malleability PoC by pcaversaccio.

• Octane - A ether-rs middleware for reth that bypasses JSON-RPC allowing for faster db queries by Sorella Labs.

• 4byte Collider - A simple script to find function signatures that have colliding 4byte selectors by zobront.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Hacks

UN Token Compromise

Date: June 6, 2023
Exploit Vector: Reward Manipulation
Impact: $26,000
Chain: BSC

Indicators:
BSC: 0xa247e81645d6b7fc800afecd836fef16f504d908
BSC: 0xf84efa8a9f7e68855cf17eaac9c2f97a9d131366

Exploit:
TX: 0xff5515…1c5b8b
PoC: UN_exp.sol

References:

• https://twitter.com/BeosinAlert/status/1666099182032265216

• https://twitter.com/darkgoforit/status/1666076349952593920

• https://twitter.com/MetaTrustAlert/status/1666104243441344512

Compounder Finance

Date: June 6, 2023
Exploit Vector: Price Oracle Manipulation
Impact: $30,000
Chain: Ethereum

Indicators:
Ethereum: 0x0e816b0d0a66252c72af822d3e0773a2676f3278 (ERC20Token Bank Attacker)

Exploit:
TX: 0xcff84c…6797b1

References:

• https://twitter.com/HypernativeLabs/status/1666330194708144129

Murati AI

Date: June 6, 2023
Exploit Vector: Reentrancy
Impact: $88,000
Chain: BSC

Indicators:
BSC: 0x8887a9387ee149a81a17145065a7b13132f732cd

Exploit:
TX: 0x354da2…64cd2a

References:

• https://twitter.com/HypernativeLabs/status/1666103050795204610

• https://twitter.com/PeckShieldAlert/status/1666110220404428800

Atlantis Loans

Date: June 10, 2023
Exploit Vector: Governance
Impact: $2,500,000
Chain: BSC

Indicators:
BSC: 0xeade071ff23bcef312dec938ece29f7da62cf45b

Exploit:
TX: 0x3b0df8…41d7e1

References:

• https://blog.solidityscan.com/atlantis-loans-hack-analysis-7f3fb2e295e0

• https://medium.com/neptune-mutual/understanding-atlantis-loans-exploit-3716f7e765b4

• https://rekt.news/atlantis-loans-rekt/

• https://twitter.com/numencyber/status/1667582488338890752

• https://twitter.com/PeckShieldAlert/status/1669659095866175489

• https://twitter.com/BeosinAlert/status/1667790854201962497

• https://twitter.com/BeosinAlert/status/1667790289946435584

Trust the Trident (SELLC)

Date: June 11, 2023
Exploit Vector: Price Oracle Manipulation
Impact: $100,000
Chain: BSC

Indicators:
BSC: 0x4beb05bf9bd4585ae2f4feb74112f18b423abb84
BSC: 0x0060129430df7ea188be3d8818404a2d40896089 (Galaxy NFT Attacker)

Exploit:
TX: 0xe968e6…23444b

References:

• https://twitter.com/PeckShieldAlert/status/1668151112569065472

• https://twitter.com/kalos_security/status/1668092971483561985

• https://twitter.com/CertiKAlert/status/1667949944936726531

• https://twitter.com/BeosinAlert/status/1667883722853711872

Other Incidents

Arbitrum

Date: June 7, 2023
Bug: Batch poster produced an invalid state
Impact: Chain Outage
Chain: Arbitrum

References:

• https://arbitrumfoundation.notion.site/arbitrumfoundation/June-7-2023-Batch-Poster-Outage-d49c50df42864c7b83521fd7aa5897f2

• https://twitter.com/ArbitrumDevs/status/1666549898408349696

Vulnerabilities

• Silo Protocol fixed interest manipulation vulnerability for markets with $0 deposits. The vulnerability was responsibly disclosed by konkodu through Immunefi platform and the patch verified by Certora.

  • https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8

  • https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-35de29bd934a

  • https://medium.com/certora/silo-finance-post-mortem-3b690fffeb08

• DFX Finance fixed a rounding error in the EURS token which used a non-standard decimal value.

• Xverse wallet patched an issue in its browser extension where users’ secret recovery phrases were stored unencrypted on a local machine.