Greetings!

We are a few weeks behind, but what a fascinating month it has been! At least $3.5M stolen this week across 8 incidents. The exact impact numbers are starting to get fuzzy due to the sheer number of attacks against smart contracts and their users, wallets, DNS infra hijacked, SSH servers hacked, and more. Let’s dive into a few of the more impactful case studies.

Regular readers of BlockThreat may get an impression that our young industry is extremely insecure with weekly reports of compromises, phishes, and rug pulls. The reality couldn’t be further from the truth! Our ability to publicly identify and openly discuss incidents has helped raise awareness and enhance security operations among new developers and users. We are learning fast! Attackers have to constantly shift their tactics as was evident by the recently published Top 10 DeFi Threats list.

Do you want to know how things are handled in the traditional security space? If we trust the almost weekly compromise notification letters that I receive by mail, then literally everything in web2 has been hacked or they don’t know about it yet. Let’s look at just one company in the news this week. AT&T, a 100+ year old $400B+ behemoth with an army of security professionals, managed to have two back to back breaches so far this year. In March, they lost 70M detailed customer records (names, social security, passcodes, etc.). This week we learned they once again lost call, text, and location records for ALL of the 110M customers back in April. It took 4 months to detect and finally decide to notify affected parties. So get ready for the latest wave of vishing.

In our world blockchain analytics companies would be hitting alarm bells minutes following the compromise, SEAL 911 activating a war room and tracking down bad actors to the darkest alleys, while the rest of the Crypto Twitter is busy dissecting the root cause and advising other projects. This is exactly what happened when someone hijacked another piece of critical web2 infrastructure - a domain registrar. CoinList was hit first with the Squarespace account hack and immediately took to twitter to alert the industry. The Security Alliance put together a list of other vulnerable projects and started working with their devs. In the meantime, Squarespace identified the wrong root cause and called the bug fixed even as domain hijacks continued.

It’s easy to be pessimistic about the state of blockchain security, but relative to web2 security we are doing just great!

The premium version of the newsletter contains detailed notes and indicators for Dough Finance, Minterest, OpSecCloud, Linking the World, GAX, OpSecCloud, Smart Bank Token, and other incidents.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

In other news, massage guns are a thing and increasingly used to cheat at “tapping” crypto games like Notcoin and Hamster Kombat.

Let’s dive into the news!