BlockThreat - Week 27, 2022
Yam | Omni | CuteBoi | PennyWise
Let’s start with DeFi. Governance attacks against DeFi projects can wreck projects if they are not careful or well monitored. Recall the Beanstalk hack earlier this year where an attacker flash loaned enough governance tokens to steal $182M. Luckily Yam Finance was able to catch a malicious proposal to take over project’s treasury by a well financed attacker before it was too late.
On the less fortunate side this week also had two hacks using very traditional vectors: Omni X reentrancy hack and BiFi signing server compromise. To help protection your projects from similar hacks this week’s research section features Certik’s quarterly web3 security report outlining key threats and plenty of smart contract security testing papers.
Multiple security vendors published reports on crypto stealer and crypto miner strains likely indicating new campaigns by bad actors such as the one targeting samczsun.
Let’s dive into the news and be sure to check out the Job Listings section in case you get inspired to make blockchain security your career. Premium Indicators section has attacker addresses for all of the hacks below.
Reports of an NFT minting scam draining users’ wallets.
On July 8, 2022 BiFi signing server compromise resulted in the theft of $2.3M.
Synthetix patched a vulnerability in its reward calculation logic thanks to a responsible disclosure by thunderdeep14.
How To Use Foundry To PoC Bug Leads, Part 1 by Immunefi.
Cross-chain testing on Foundry by hexonaut.
‘Code is Law’ is no Defense for Blackhat Hacking by Immunefi.
Fill out the Job Posting Form to share available positions with thousands of BlockThreat subscribers.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.