Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 30, 2024
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 30, 2024

Casper Network | MonoSwap | DeltaPrime | HTX | Gemini | Spectra | dYdX | Kelp

Peter Kacherginsky
Aug 25, 2024
∙ Paid
3

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 30, 2024
Copy link
Facebook
Email
Notes
More
Share

Greetings!

Almost $10M were stolen this week across 9 incidents. Traditional security issues like malicious insiders continue plaguing the ecosystem such as the case of HTX where several employees backdoored exchange’s wallet to steal 10K+ mnemonic phrases.

DNS Hijackings also picked up once again with Kelp and dYdX exposing their users to drainers as a result of the compromise. If you are a $1M+ project you should migrate Godaddy, Squarespace, Namecheap, and other discount (and frequently compromised) registrars to something a bit more securite like Cloudflare immediately!

Behind most private key compromises are usually well executed spear phishing campaigns. Unfortunately, this was the case for MonoSwap which lost $1.3M after one of their developers downloaded a malicious video conference app (KakaoCall). Be careful out there and don’t let a single compromised wallet and/or developer result in losses of assets.

Blockchain-wide exploits are rare but devastating. Casper Network suffered one this week where access control issue in chain’s contract installer allowed bad actors to drain 13 accounts for about $6.7M in assets. The network reacted by pausing the consensus mechanism which is now a favorite mitigating action by newer chains.

The premium edition of the newsletter contains additional details for the aforementioned compromises as well as MonoSwap, DeltaPrime, Gemini, Spectra, and others. Oh and be sure to check DeltaPrime’s post-mortem for another good incident response and negotiation case-study.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More