BlockThreat - Week 28, 2022
PREMINT | Uniswap | Mixers
This week featured two attacks targeting DeFi users. The massive Uniswap airdrop phishing attack was successful enough to call attention of CZ and other crypto celebrities. Unfortunately, a quick check of your wallets will likely show a dozen unknown tokens sent as part of previous airdrop campaigns. Following a series of DNS hijacking in June, attackers managed to compromise PREMINT server itself and post a malicious approval contract to steal users’ tokens. Not fun at all and once again reinforces the need for stronger wallet-side defenses to protect us.
Let’s dive into the news and be sure to check out the Job Listings section in case you get inspired to make blockchain security your career. Premium Indicators section has attacker addresses for all of the hacks below.
DeFi Security Summit in Stanford, CA on August 27-28.
2022 Q2 Web3 Security Report by Beosin.
Massive airdrop scam campaign targeting Uniswap LPs tricks steals $8M from 74K+ wallets.
On July 17, 2022 PREMINT users lost $400K after interacting with a malicious contract on the compromised project website.
20 years of payment processing problems by Kaimi.
On Writing Secure Smart Contracts by Matthew Di Ferrante.
Flashbots: Kings of The Mempool by noxx.
Two Novel Crypto Wallet Exploits, Explained by Immunefi.
Fill out the Job Posting Form to share available positions with thousands of BlockThreat subscribers.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.