BlockThreat - Week 24, 2022
Inverse | FSwap | Solana | OpenSea | Metamask
Just a couple of exploits this week all using classic price manipulation vectors. What’s more concerning is a recently passed governance vote on the Solana network to essentially seize user’s assets. In the good news department, OpenSea bug bounty program yield two high risk vulnerabilities which were promptly patched. Metamask wallet has been strengthening itself against more traditional web2 vulnerabilities. Oh and be sure to check out the latest Darknet Diaries episode on the NiceHash compromise. Happy father’s day dads, let’s make this world a bit safer for our kiddos!
web3rekt database launched keeping track of blockchain incidents and scams dating as far back as 2012.
Cryptocurrency crime and anti-money laundering report by CipherTrace.
On June 13, 2022 FSwap lost $390K in a price manipulation attack taking advantage of its fee handling logic.
On June 18, 2022 Tether’s web infrastructure came under DDoS attack following an unsuccessful ransom demand.
OpenSea patched a critical vulnerability which could allow theft of offered WETH from users’ wallets thanks to a responsible disclosure by Gus.
OpenSea patched a vulnerability which could allow sellers to receive payments for Shared Storefront items they did not own. The vulnerability was responsibly disclosed by MevRefund.
Phantom wallet and Metamask patched a vulnerability which could expose secret recovery phrase after it was responsibly disclosed by Halborn.
MetaMask Clickjacking Vulnerability Analysis by SlowMist.
Hertzbleed is a new family of side-channel attacks which may allow attackers to extract cryptographic keys from remote servers.
Darknet Diaries - EP 119: Hot Wallets on the NiceHash hack by North Korea.
Algorand Rekeying Attacks by Coinspect.
When Invariants Aren’t: DAI’s Certora Surprise by Certora.
Tenderly update brings web3 actions, war room aid kit, sandbox, and other features.
ETHLIFT is a set of CLI tools intended to be use by smart contract developers for general tasks not covered at the moment by other CLI tools.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.