BlockThreat - Week 28, 2023
JumpCloud | Rodeo | Liberti | Klever | Arkham | Ethscriptions
About $1.5m were stolen from DeFi projects this week. July 11, 2023 alone had three attacks throughout the day. Rodeo Finance hack was interesting as it followed a relatively minor hack last week which likely pointed attackers to a weak codebase.
Jump Cloud compromise is the one to watch out for as North Korean APTs continue both direct and indirect attacks to target the cryptocurrency ecosystem. Let’s hope their true targets were not affected.
The week was filled with legal news. Crema Finance attacker arrested in a one of the first indictments involving a DeFi protocol. Be sure to check out the indictment document linked below for a detailed play by play of the hack illustrating increased investigative capabilities by the law enforcement.
It seems not a week goes by without another wallet hack. Klever wallet users were hit with private key leaks due to a weak PRNG used in an older version of the software.
On the lighter side, Euler attacker is now saying that he is cooling off in a French jail while Ethscriptions got hit with a silly logic error bug by an attacker who didn’t even bother masking their exchange account.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
North Korean hackers breached a Jump Cloud to steal crypto using a sophisticated spear-phishing campaign according to the incident report.
Arkham Intelligence Rolls Out Crypto Data Marketplace. The platform was reportedly doxxing its users for months before the launch.
Amazon Senior Security Engineer Indicted in $9M Crypto Heist. According to the indictment, Shakeeb Ahmed perpetrated an $8.8m hack of a DEX (Crema Finance Compromise) by manipulating protocol transaction fees.
FEI Protocol Discord server taken over by San Francisco Superior Court.
2,700 people tricked into working for cybercrime syndicates rescued in Philippines. Victims were forced to carry out cryptocurrency scams under the fear of heavy ransoms or being resold to other syndicates.
Uniswap Phishing Incident Analysis by CertiK. A highly profitable fake token airdrop campaign netting bad actors more than $8m.
Uniswap founder Hayden Adams suffers Twitter breach to promote a fake airdrop.
Blue (Jack) scammer investigation by ZachXBT. The bad actor drained more than $1.5m but couldn’t help flexing ill gotten gains on social media.
Soup (Dan) scammer investigation by ZachXBT. The Canadian scammer profited more than $1m by targeting crypto Discord with airdrop drainers and a fake Decrypt personae.
Reports of increased Twitter verified account phishing scams with one user losing $231k after visiting a malicious site.
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto by Alessandro Brucato (Sysdig).
Scraping Bits podcast by DeGatchi.
A Case for the Defense by Trust Security.
Defusing DeFi Hacks: ERC 7265 by Quillaudits.
Evaluating blockchain security maturity by Trail of Bits.
Cryptocurrency & NFT OSINT by Fuzzing Labs.
Batched requests feature in Metamask leaks all addresses to connected RPCs.
Caracal - a static analyzer tool over the SIERRA representation for Starknet smart contracts.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial