Greetings!

Just a few DeFi incidents this week with the majority of losses coming from the Socket’s bridge compromise. $3.3M stolen from users who appoved their tokens to the contract as a result of an arbitrary call vulnerability in a newly introduced route. The protocol went through the usual ransom negotiation to return about 70% of assets when accounting for recent market moves. The ransom appears to be significantly more than the usual 10%. Let’s hope this doesn’t become the new norm.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

HTX and Manta Network were hit with DDoS attacks with the latter attacked during a token issuance event.

X compromises continue along with now regular airdrop phishing campaigns leading to more user losses. A single user lost $4.2M to a permit-based phishing campaign.

Trezor’s 3rd party support portal was compromised which leaked PII on 66,000 customers. Was this yet another victim of Retool hack on August 29, 2023 or beginning of another cloud compromise wave?

Let’s dive into the news!

Events

• Top 10 Blockchain Hacking Techniques of 2023 - Submissions Open!

News

• BlockSec’s Retrospective on DeFi Protocol Security in 2023.

• Bug in Ethereum client affects 8% of the network.

• Inside the Harmony spat over a bug that created $2.2m in tokens.

• Genesis Global Trading to pay $8 million in settlement after New York's regulator found cybersecurity failings.

Crime

• Laundromats and VPNs: How China’s Crypto Traders Are Evading the Rules.

• Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat by UNODC dives into international cryptocurrency mule network, underground exchanges, and other criminal networks.

• CFTC charges digital asset platform over 'pig butchering' scheme.

• Europol says alleged crypto miner made millions from stolen electricity.

• Denver pastor behind alleged crypto scam says $300k home remodel was God’s idea.

Phishing

• Rocket Pool X account compromised to push a phishing link.

• Check Point Research alerts on a new NFT airdrop campaign.

• $4.2M drained from a user with a permit-based phishing kit.

Policy

• US GAO performed ‘0 analysis’ for crypto report on evading sanctions — Coinbase exec.

• South Korea to follow US example on crypto mixers with potential sanctions.

Malware

• Cracked software beats gold: new macOS backdoor stealing cryptowallets by Kaspersky.

• CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign by Trend Micro.

• Containerised Clicks: Malicious use of 9hits on vulnerable docker hosts by Cado Security.

Media

• DSS Monthly - Ethereum Client Security.

• OpenSense - Web3 Security Contests with Milotruck.

Research

• Ethereum Smart Contract Auditor's 2023 Rewind by Patrick Drotleff.

• Trust Wallet's Fomo3D Summer: Fresh Discovery of Low Entropy Flaw From 2018 by p0n1 and outoflegend (SecBit).

• Mr Steal Yo Crypto - Jpeg Sniper by Proxy.

• Rounding Bugs: An Analysis by Robert Chen (OtterSec).

• Certora vs Echidna: a case study on invariant testing in eBTC by Nicanor (All things fuzzy).

• Web3 Data Tools and Tips - 2024 Annual Guide by Andrew Hong. Indexers, Explorers, Query engines, Data Transformations, and ZK reverse ETL - the key components you need to understand to navigate crypto data.

• Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technical Support Scams.

Tools

• 0xHacked - A trustless war room for whitehats.

• Solana Revoker by GoPlus.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content