About $1.5m were stolen from DeFi projects this week. July 11, 2023 alone had three attacks throughout the day. Rodeo Finance hack was interesting as it followed a relatively minor hack last week which likely pointed attackers to a weak codebase.
Jump Cloud compromise is the one to watch out for as North Korean APTs continue both direct and indirect attacks to target the cryptocurrency ecosystem. Let’s hope their true targets were not affected.
The week was filled with legal news. Crema Finance attacker arrested in a one of the first indictments involving a DeFi protocol. Be sure to check out the indictment document linked below for a detailed play by play of the hack illustrating increased investigative capabilities by the law enforcement.
It seems not a week goes by without another wallet hack. Klever wallet users were hit with private key leaks due to a weak PRNG used in an older version of the software.
On the lighter side, Euler attacker is now saying that he is cooling off in a French jail while Ethscriptions got hit with a silly logic error bug by an attacker who didn’t even bother masking their exchange account.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
News
North Korean hackers breached a Jump Cloud to steal crypto using a sophisticated spear-phishing campaign according to the incident report.
Arkham Intelligence Rolls Out Crypto Data Marketplace. The platform was reportedly doxxing its users for months before the launch.
A 20-year-old Argentinian behind the $200m Euler hack says he’s now in a Paris jail.
Amazon Senior Security Engineer Indicted in $9M Crypto Heist. According to the indictment, Shakeeb Ahmed perpetrated an $8.8m hack of a DEX (Crema Finance Compromise) by manipulating protocol transaction fees.
Investor who lost $740K to Ontario's Crypto King among 5 men charged with kidnapping him.
Founder of crypto lender Celsius Network pleads not guilty to fraud charges.
DOJ accuses 25-year-old OpenSea spoofer of stealing $450,000 worth of NFTs and crypto.
Crypto Crime Mid-year Update: Crime Down 65% Overall, But Ransomware Headed for Huge Year Thanks to Return of Big Game Hunting by Chainalysis.
Police seize $100m+ from Multichain from founder’s sister following arrests and project seizing its operations.
FEI Protocol Discord server taken over by San Francisco Superior Court.
Scams
2,700 people tricked into working for cybercrime syndicates rescued in Philippines. Victims were forced to carry out cryptocurrency scams under the fear of heavy ransoms or being resold to other syndicates.
Uniswap Phishing Incident Analysis by CertiK. A highly profitable fake token airdrop campaign netting bad actors more than $8m.
Uniswap founder Hayden Adams suffers Twitter breach to promote a fake airdrop.
Blue (Jack) scammer investigation by ZachXBT. The bad actor drained more than $1.5m but couldn’t help flexing ill gotten gains on social media.
Soup (Dan) scammer investigation by ZachXBT. The Canadian scammer profited more than $1m by targeting crypto Discord with airdrop drainers and a fake Decrypt personae.
Reports of increased Twitter verified account phishing scams with one user losing $231k after visiting a malicious site.
Malware
The Spies Who Loved You: Infected USB Drives to Steal Secrets by Mandiant.
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto by Alessandro Brucato (Sysdig).
PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer by Wiz.
Media
Scraping Bits podcast by DeGatchi.
The Evolution of a Smart Contract Auditor: Insights from Pashov’s Journey with Johnny Time.
Research
A Case for the Defense by Trust Security.
Defusing DeFi Hacks: ERC 7265 by Quillaudits.
Intro to Smart Contract Security Audit — Signature Replay by SlowMist.
Evaluating blockchain security maturity by Trail of Bits.
Cryptocurrency & NFT OSINT by Fuzzing Labs.
Crypto Money Laundering Explained: Mixers and Privacy Wallets by Elliptic.
Batched requests feature in Metamask leaks all addresses to connected RPCs.
Tools
Caracal - a static analyzer tool over the SIERRA representation for Starknet smart contracts.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Premium Content
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.