Another week and yet another DNS attack this time tricking Gandi to give up control over domains serving Polygon and Fantom RPC endpoints. Luckily no funds were lost, but the compromise could have been used in combination with social engineering or other attacks to cause much more damage.

It is rare to see Solana hacks, but they seem to be a lot more painful such as the $326M Wormhole or the $50M Cashio compromises. This time Crema Finance almost lost all of $8.8M if not for the trend of hacked projects offering attackers to return stolen assets for a reward and a promise not to pursue criminal charges. Are these post-hack bounties a forcing function for projects to implement legitimate bug bounty programs?

If you are not already cautiously watching your mailbox following Mailchimp and HubSpot compromises you now have one more reason thanks to the recent leak by a Customer.io insider. Unfortunately these leaks will continue to happen leaving us in a perpetual state vigilance.

At last a PSA released by FBI warns of ever more sophisticated attempts of bad actors to gain employment now using deepfakes and stolen identities!

Let’s dive into the news! Oh and be sure to check out the new Job Listings section below for exciting opportunities in blockchain security space.

Events

• Paradigm CTF 2022 is scheduled to start on August 20th.

News

• FBI PSA: Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions.

• Hacker asks for 10 bitcoin for allegedly stolen data of a billion Chinese citizens including full name, address, national id, mobile, police, and medical records.

• British Army’s YouTube and Twitter accounts were hacked to promote crypto scams.

• DoJ cracks down on crypto fraud in flurry of criminal charges.

• FBI offers $100K for info on Crypto Queen's whereabouts in fraud case.

• EU Finalizes Crypto Anti-Money Laundering Rules, Walks Back Tracking of Private Wallets.

• The $100 Million Horizon Hack: Following the Trail Through Tornado Cash to North Korea by Elliptic.

Hacks

• On June 29, 2022 we learned about a malicious insider at Customer[.]io leaked email addresses for registered OpenSea customers.

• On June 29, 2022 insufficient function access control was used to steal $115K from MAD token contract.

• On June 29, 2022 Quint lost $130K in a reward manipulation exploit. Interestingly developers initially blocked reporters of the compromise.

• On July 1, 2022 Quixotic lost $185K after a recently upgraded contract failed to implement sufficient validation of function caller which allowed attackers to force sell fake NFTs. Attackers exchanged and moved stolen assets from Optimism to BSC to take advantage of Tornado Cash.

• On July 1, 2022 a social engineering attack on Gandi’s customer service resulted in DNS hijacking of Ankr’s Polygon and Fantom nodes.

• On July 3, 2022 Crema Finance initially lost $8.8M due to incorrectly generating rewards that were claimed by an attacker using flash loans. The attacker moved and exchanged stolen SOL to Ethereum network following the hack. Luckily the majority of stolen assets were returned for an $800K reward.

Vulnerabilities

• Port Finance fixed a racing condition vulnerability which allowed users to withdraw collateral without fully repaying borrowed funds thanks to a responsible disclosure by nojob.

Media

• Malicious Life Episode 174 - The “Cypherpunks” Who Invented Private Digital Money.

• Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!? by Joe Grand.

Research

• EVM Deep Dives: The Path to Shadowy Super Coder - Part 6.

• A Tool for Detecting Metamorphic Smart Contracts by a16z.

• DeFi Vulnerability Labs by SunSec.

• Rescuing compromised wallets using Flashbots by Santiago Palladino.

• How to sell an NFT to a buyer with a high price without the buyer's consent by BlockSec.

• The High School Files With t11s by Immunefi.

Job Listings

• Halborn is hiring for a variety of engineering and marketing roles. To apply, visit https://halborn.com/careers/.
  

  Fill out the Job Posting Form to share blockchain security opportunities at your company with thousands of BlockThreat subscribers.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content