Greetings!

This week Thoreum suffered an easily preventable exploit due to an incorrectly implemented transfer function which allowed infinite minting. Things were otherwise quiet with just a few <$100K hacks consisting of the usual price oracle and reward manipulation bugs.

U.S DoJ scared the heck out of the crypto community by teasing “a major international cryptocurrency action” which turned out to be a small exchange, Bitzlato, allegedly involved in laundering assets for Russian criminal gangs.

On the fun side, this week features a couple of contests such as cracking a bitcoin wallet and going on a quest exploring past DeFi hacks. Be sure to check them out in the Contests section below.

Let’s dive into the news, but first a note from our sponsors at Chainalysis with another preview of the upcoming annual crypto crime report!

How 2022’s Biggest Sanctions Designations Affected Crypto Crime

From Hydra and the Lazarus Group to Garantex and Tornado Cash, 2022 was a record-breaking year for crypto sanctions. Check out this latest research from Chainalysis as part of their annual Crypto Crime Report to learn how on-chain crime was impacted. Read more >

News

• French and US authorities arrested 5 individuals associated with Bitzlato exchange for money laundering. News of the arrests coincided with U.S. Treasury unsealing an arrest warrant targeting exchange’s founder, Anatoly Legkodymov, as well as a sanctions order. Binance was identified as a major counterparty responsible for $346M in transfers since 2018.

• Illegal Solaris darknet market hijacked by competitor Kraken.

• Philippine Authorities Rescue Alleged Victims of 'Crypto Trafficking Ring'.

• FBI Seizes Bitcoin From Overseas Scammers Who Posed as US Law Enforcement Officials.

• Raydium attackers moved $2.7M worth of ETH to Tornado Cash.

Scams

• Rinse and Repeat: Venture-Based Money Laundering in Web3 by CertiK.

Hacks

• On January 16, 2023 Omni Real Estate lost $70K due to a reward manipulation bug. ORT went practically to zero following the attack.

• On January 16, 2023 520 Token lost $11K in a price oracle manipulation attack.

• On January 17, 2023 Upswing lost $35K in a price oracle manipulation attack.

• On January 18, 2023 Quaternion lost $4K due to a reward manipulation bug.

• On January 18, 2023 Thoreum finance lost $580K by incorrectly implementing a transfer function which did not handle a scenario with identical source and destination transfers.

Vulnerabilities

• Abracadabra Cauldron V4 patched a reentrancy vulnerability which could be used to steal users’ tokens.

• Jeiwan reports an interesting bug caused by Uniswap SwapRouter’s handling of unspent ETH in partial swaps.

Malware

• Suspected APT-C-26 (Lazarus) organization conducts attack activity analysis through cryptocurrency wallet promotion information by 360 Threat Intelligence Center.

Contests

• Node Guardians - gamings quests through past exploits and rug pulls.

• Hunting Sats - wallet cracking context by Wasabi Wallet.

Media

• An Adversaries Approach to Smart Contracts by NahamSec.

Research

• An incomplete guide to stealth addresses by Vitalik Buterin.

• Diving Into Smart Contract Decompilation by Jonathan Becker.

• The Future of Threat Prevention in Web3 by Forta.

• Generating secure randomness on Ethereum using SNARKs by Aman Gottumukkala, Sina Sabet, Georgios Konstantopoulos (Paradigm).

• Beginner's Guide to Yul by Marq.

• Intro to Smart Contract Security Audit: DOS by SlowMist.

• Intro to Smart Contract Security Audit: Identifying Hidden Malicious Code by SlowMist.

• Interesting thread on Ethereum 1/64 rule by bytes032.

• Revisiting read-only reentrancy vulnerability by bytes032.

• Side Contract Commitment Attacks on Blockchains.

Tools

• Heimdall - advanced EVM toolkit for contract disassembly, decompilation, calldata decoding, and others.

• scrapyFi - scraper for Immunefi.

• Proof of Innocence - prove the source of your withdrawals on Tornado Cash.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

Thoreum Attackers

BSC: 0x7d1e1901226e0ba389bfb1281ede859e6e48cc3d
BSC: 0x1285fe345523f00ab1a66acd18d9e23d18d2e35c
BSC: 0x1ae2dc57399b2f4597366c5bf4fe39859c006f99