Hi folks,
A rare week without dozens of new compromises and scam campaigns. A great time to update your calendars with a number of great blocksec events below and catch up on the latest tools and research to help prevent your project from ever appearing in the hacks section. Speaking of, there was a single price manipulation exploit on the Solana network with an unfortunate $3.5M loss. Scammers are now placing malicious addresses in DAO governance proposals and also getting really sneaky crafting honeypot contracts on Tron. Be careful out there!
Let’s dive into the news and be sure to check out the Job Listings section in case you get inspired to make blockchain security your career. Premium Indicators section has attacker addresses for all of the hacks and scams below.
Events
August 26, 2022 - DeFi Security 101 - Stanford, CA.
August 27-28, 2022 - DeFi Security Summit - Stanford, CA.
August 29-31, 2022 - SBC ‘22 - Stanfard, CA.
August 31-September 1, 2022 - Blockchain Security Summit 2022.
News
$2 Million and Counting: How Dozens of Pro-Russian Groups Are Using Cryptocurrency Donations to Fund the War in Ukraine by Chainalysis.
The 15-year-old boy who stole $24 million in cryptocurrency by El Pais.
Scams
Tron wallet honeypot scams abuse spending permissions to trick users into sending TRX by Tal Be’ery.
Reports of airdrops using fake event logs to gain legitimacy by PancakeSwap.
Osmosis reporting on a number of scam governance proposals.
Hacks
On July 28, 2022 Nirvana Finance lost $3.5M in a price oracle manipulation attack.
Vulnerabilities
Moonbeam patched a critical funds theft vulnerability thanks to a responsible disclosure by pwning.eth.
Strips Finance patched a market manipulation vulnerability reported by Amber Group.
Malware
Luca Crypto Stealer Source Code Leaked by Cyble.
Research
How To Use Foundry To PoC Bug Leads, Part 2 by cergyk.eth.
Shedding smart contract storage with Slither by Troy Sargent, ToB.
Black-box attacks on white-box ECDSA by Ledger.
Tools
evm-trace - a fast and correct Python library to work with EVM traces by banteg.
evm-translator - an open-source library to interpret EVM transactions.
ApeWorx 0.4.0 released.
Job Listings
Halborn is hiring for a variety of engineering and marketing roles. To apply, visit https://halborn.com/careers/.
Fill out the Job Posting Form to share available positions with thousands of BlockThreat subscribers.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Premium Content
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.