BlockThreat - Week 30, 2022
Nirvana | Osmosis | Tron | Luna Stealer
A rare week without dozens of new compromises and scam campaigns. A great time to update your calendars with a number of great blocksec events below and catch up on the latest tools and research to help prevent your project from ever appearing in the hacks section. Speaking of, there was a single price manipulation exploit on the Solana network with an unfortunate $3.5M loss. Scammers are now placing malicious addresses in DAO governance proposals and also getting really sneaky crafting honeypot contracts on Tron. Be careful out there!
Let’s dive into the news and be sure to check out the Job Listings section in case you get inspired to make blockchain security your career. Premium Indicators section has attacker addresses for all of the hacks and scams below.
August 26, 2022 - DeFi Security 101 - Stanford, CA.
August 27-28, 2022 - DeFi Security Summit - Stanford, CA.
August 29-31, 2022 - SBC ‘22 - Stanfard, CA.
August 31-September 1, 2022 - Blockchain Security Summit 2022.
Reports of airdrops using fake event logs to gain legitimacy by PancakeSwap.
Osmosis reporting on a number of scam governance proposals.
On July 28, 2022 Nirvana Finance lost $3.5M in a price oracle manipulation attack.
Strips Finance patched a market manipulation vulnerability reported by Amber Group.
Luca Crypto Stealer Source Code Leaked by Cyble.
How To Use Foundry To PoC Bug Leads, Part 2 by cergyk.eth.
Shedding smart contract storage with Slither by Troy Sargent, ToB.
Black-box attacks on white-box ECDSA by Ledger.
evm-trace - a fast and correct Python library to work with EVM traces by banteg.
evm-translator - an open-source library to interpret EVM transactions.
ApeWorx 0.4.0 released.
Fill out the Job Posting Form to share available positions with thousands of BlockThreat subscribers.