BlockThreat - Week 28, 2022
PREMINT | Uniswap | Mixers
Hey folks,
This week featured two attacks targeting DeFi users. The massive Uniswap airdrop phishing attack was successful enough to call attention of CZ and other crypto celebrities. Unfortunately, a quick check of your wallets will likely show a dozen unknown tokens sent as part of previous airdrop campaigns. Following a series of DNS hijacking in June, attackers managed to compromise PREMINT server itself and post a malicious approval contract to steal users’ tokens. Not fun at all and once again reinforces the need for stronger wallet-side defenses to protect us.
Let’s dive into the news and be sure to check out the Job Listings section in case you get inspired to make blockchain security your career. Premium Indicators section has attacker addresses for all of the hacks below.
Events
DeFi Security Summit in Stanford, CA on August 27-28.
News
2022 Q2 Web3 Security Report by Beosin.
Scams
Massive airdrop scam campaign targeting Uniswap LPs tricks steals $8M from 74K+ wallets.
Hacks
On July 17, 2022 PREMINT users lost $400K after interacting with a malicious contract on the compromised project website.
Research
20 years of payment processing problems by Kaimi.
Crypto Mixer Usage Reaches All-time Highs in 2022 With Nation State Actors and Cybercriminals Contributing Significant Volume by Chainalysis.
On Writing Secure Smart Contracts by Matthew Di Ferrante.
Flashbots: Kings of The Mempool by noxx.
Two Novel Crypto Wallet Exploits, Explained by Immunefi.
Job Listings
Halborn is hiring for a variety of engineering and marketing roles. To apply, visit https://halborn.com/careers/.
Fill out the Job Posting Form to share available positions with thousands of BlockThreat subscribers.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.