Blockchain Threat Intelligence

Share this post

BlockThreat - Week 27, 2022

newsletter.blockthreat.io

BlockThreat - Week 27, 2022

Yam | Omni | CuteBoi | PennyWise

Peter Kacherginsky
Jul 11, 2022
∙ Paid
Share this post

BlockThreat - Week 27, 2022

newsletter.blockthreat.io
Share

Let’s start with DeFi. Governance attacks against DeFi projects can wreck projects if they are not careful or well monitored. Recall the Beanstalk hack earlier this year where an attacker flash loaned enough governance tokens to steal $182M. Luckily Yam Finance was able to catch a malicious proposal to take over project’s treasury by a well financed attacker before it was too late.

On the less fortunate side this week also had two hacks using very traditional vectors: Omni X reentrancy hack and BiFi signing server compromise. To help protection your projects from similar hacks this week’s research section features Certik’s quarterly web3 security report outlining key threats and plenty of smart contract security testing papers.

Multiple security vendors published reports on crypto stealer and crypto miner strains likely indicating new campaigns by bad actors such as the one targeting samczsun.

Let’s dive into the news and be sure to check out the Job Listings section in case you get inspired to make blockchain security your career. Premium Indicators section has attacker addresses for all of the hacks below.

Scams

  • Reports of an NFT minting scam draining users’ wallets.

Hacks

  • On July 7, 2022 Yam Finance experienced a failed governance attack attempting to take over $3.1M in project’s treasury.

  • On July 8, 2022 BiFi signing server compromise resulted in the theft of $2.3M.

  • On July 10, 2022 Omni lost $1.4M due to a reentrancy vulnerability in its NFT trading platform.

Vulnerabilities

  • Synthetix patched a vulnerability in its reward calculation logic thanks to a responsible disclosure by thunderdeep14.

Malware

  • ”CuteBoi” Detected preparing a large-scale crypto mining campaign on NPM users by Checkmarx.

  • PennyWise Stealer: An Evasive Infostealer Leveraging YouTube To Infect Users by Cyble.

Research

  • The Web3 Security Quarterly Report Q2 2022 Edition by CertiK.

  • How to Steal $100M from Flawless Smart Contracts by Pwning.

  • How To Use Foundry To PoC Bug Leads, Part 1 by Immunefi.

  • Cross-chain testing on Foundry by hexonaut.

  • ‘Code is Law’ is no Defense for Blackhat Hacking by Immunefi.

Job Listings

  • Halborn is hiring for a variety of engineering and marketing roles. To apply, visit https://halborn.com/careers/.

    Fill out the Job Posting Form to share available positions with thousands of BlockThreat subscribers.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

Keep reading with a 7-day free trial

Subscribe to

Blockchain Threat Intelligence
to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2023 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing