BlockThreat - Week 29, 2022
Audius | Coinbase | EvilNum | North Korea
Lot’s of law enforcement news this week with Department of Justice staying busy going after crypto scammers, insider traders, and warning the industry about the latest threats. Twitter account takeovers have spiked once again likely related to the massive 5.4M account dump.
An unfortunate but curious exploit multi-stage exploit happened to Audius involving governance contract takeover and subsequent token theft. Check out the detailed post-mortem below and a shout out to samczsun for helping the team limit the total damage.
From the fun department, EthCC has ended and featured a number of interesting talks including a few blockchain security related. I’ve added those in the Media section to save you time searching through the entire event. Oh and be sure to study tincho’s detailed dive into EVM transactions. Should make for a fun interview question.
Let’s dive into the news and be sure to check out the Job Listings section in case you get inspired to make blockchain security your career. Premium Indicators section has attacker addresses for all of the hacks and scams below.
Justice Department Seizes and Forfeits Approximately $500,000 from North Korean Ransomware Actors and their Conspirators related to the earlier advisory on the Maui Ransomware strain.
Three Charged In First Ever Cryptocurrency Insider Trading Tipping Scheme. The investigation was triggered by a tweet by user @cobie identifying an Ethereum address purchasing tokens hours before listing on Coinbase.
My Big Coin Founder Convicted of Cryptocurrency Fraud Scheme. Randall Crater faces decades in jail for lying about gold backed asset to investors.
FBI PSA: Scammers Target and Exploit Owners of Cryptocurrencies in Liquidity Mining Scam. Victims are presented with a fake returns on a dashboard enticing them to continue investing until scammers run off with all of the collected funds.
US Withdraws Request to Extradite BTC-e’s Vinnik From France, Lawyer Sees ‘Deceitful Maneuver’.
S.Korea prosecutors raid crypto exchanges, offices for Luna investigation.
A number of Twitter accounts were compromised over the past few weeks to promote crypto scams. The spike may be related to 5.4M Twitter accounts becoming available on the darknet market. Excellent investigation by Nass points to the same threat actor and identifies good leads for LE.
Analysis of Recent NFT Discord Hacks Shows Some Attacks Are Connected by TRM Labs.
Catching a scammer by tracking down his mom a thread by shaman4646.
On July 16, 2022 Impermax Finance lost $6K to private key theft which appears to be part of a larger campaign netting bad actors at least $300K stolen from users across Ethereum, BSC, Polygon, Optimism, and other chains.
On July 23, 2022 Audius lost $6M after an attacker took advantage of a storage slot collision to reinitialize governance and other contracts.
Chia Network reissues asset tokens and requests users to upgrade in response to a critical vulnerability discovered by Trail of Bits.
Balancer patched a DoS vulnerability after it was responsibly disclosed by k_besic.
Proofpoint report on EvilNum malware to target cryptocurrency and DeFi industry. The malware campaign uses ISO, Word, and LNK files for delivery.
EthernautDAO has been regularly posting challenges on their Twitter account. Here is the Car Market and Vending Machine solutions by StErMi.
EthCC 2022 - Patrick Ventuzelo - State of the Art of Ethereum Smart Contract Fuzzing in 2022.
EthCC 2022 - Georgios Konstantopoulos-Foundry, a portable, fast and modular toolkit for Ethereum application.
EthCC 2022 - Rebecca Rettig - Regulation of DeFi Across the Globe.
Forta Roundtable - @DeFi_Dad, @TalBeerySec, @hushedfeet, @cseifert,
What happens when you send 1 DAI by tincho.
A Historical Collection of Reentrancy Attacks by pcaversaccio.
BadReveal by Sayfer discusses a class of vulnerability affecting NFT launches.
Common smart contract vulnerabilities thread by Adrian Hetman.
Intro to Smart Contract Security Audits: Randomness by SlowMist.
A Survey on EOSIO Systems Security: Vulnerability, Attack, and Mitigation.
Damn Vulnerable Cairo Contract by Joran Honig.
Halborn is hiring for a variety of engineering and marketing roles. To apply, visit https://halborn.com/careers/.
Fill out the Job Posting Form to share available positions with thousands of BlockThreat subscribers.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.