Greetings!

Almost $10M were stolen this week across 9 incidents. Traditional security issues like malicious insiders continue plaguing the ecosystem such as the case of HTX where several employees backdoored exchange’s wallet to steal 10K+ mnemonic phrases.

DNS Hijackings also picked up once again with Kelp and dYdX exposing their users to drainers as a result of the compromise. If you are a $1M+ project you should migrate Godaddy, Squarespace, Namecheap, and other discount (and frequently compromised) registrars to something a bit more securite like Cloudflare immediately!

Behind most private key compromises are usually well executed spear phishing campaigns. Unfortunately, this was the case for MonoSwap which lost $1.3M after one of their developers downloaded a malicious video conference app (KakaoCall). Be careful out there and don’t let a single compromised wallet and/or developer result in losses of assets.

Blockchain-wide exploits are rare but devastating. Casper Network suffered one this week where access control issue in chain’s contract installer allowed bad actors to drain 13 accounts for about $6.7M in assets. The network reacted by pausing the consensus mechanism which is now a favorite mitigating action by newer chains.

The premium edition of the newsletter contains additional details for the aforementioned compromises as well as MonoSwap, DeltaPrime, Gemini, Spectra, and others. Oh and be sure to check DeltaPrime’s post-mortem for another good incident response and negotiation case-study.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!

News

• Bitfinex hacker Heather Morgan spotted at Bitcoin Conference 2024.

• Gemini reaches settlement with IRA Financial Trust over $36M exploit.

• Kraken Returns Bitcoin to Customers of Mt. Gox 10 Years After Hack.

Crime

• UK hacker jailed over $900K Coinbase login scam.

• Comrades in Crime - Exploring the Russian-speaking illicit crypto ecosystem by TRM.

• He Was an Online Drug Lord. Now He’s a Crypto Entrepreneur. The story of Blake Benthall and Silk Road 2.0.

• Forcount crypto scheme promoters plead guilty to wire fraud conspiracy.

• The SEC bungled a crypto lawsuit. Then came an alleged kidnapping in Dubai - and questions about $400 million of investor funds.

• Georgia Man Sentenced to Prison for Cryptocurrency Computer Fraud.

• Authorities Unravel the Sinaloa Cartel’s Connection to Chinese Money Launderers by TRM.

Policy

• Why The Supreme Court’s Attack On Federal Agencies Is A Boon For Crypto.

• Federal Reserve Board drops enforcement action against Silvergate.

• Russia to allow crypto payments in international trade to counter sanctions.

• HSBC Australia Blocks Payments to Crypto Exchanges.

Phishing

• How a North Korean Fake IT Worker Tried to Infiltrate Us by KnowBe4. Also be sure to read the FAQ for additional details and resources.

• How to Spot Fake Zoom Links Scammers Are Using to Steal Your Crypto.

• Beginner’s Guide to Web3 Security: Risk of Wallet Being Maliciously Multi-Signed by SlowMist.

• Metis, Renzo Discord Hacked by Scammers Promising Rewards.

• SAT20’s X account compromised to spread malware.

• Permit phishing attack results in theft of $4.69M in Pendle tokens.

• InfernoDrainer victim lost $150K worth of Mog on Base chain.

• Cunning Phishing in the Dark Forest by SlowMist covers an ongoing fake venture capital scam to trick users into install malware.

Scams

• Disperse? What is it? How's it related to many scams? by Blockfence.

• ETHTrustFind - Rekt. $2M+ rug pull.

• Community Alert: @Sorta_Finance is likely to exit scam on Arbitrum in the future so do not use the protocol by ZachXBT

Malware

• Misconfigured Selenium Grid servers abused for Monero mining.

• The tap-estry of threats targeting Hamster Kombat players.

Media

• Coinbase CISO breaks down common crypto scam tactics and how to protect yourself.

Research

• Security risk analysis of FunC language in TON blockchain smart contracts by ExVul.

• A critical security vulnerability in Berachain that could potentially drain all liquidity pools by Frank Zhang. Additional context limits the impact to tokens sent accidentally to the vulnerable contract.

• Anyone can Access Deleted and Private Repository Data on GitHub by Truffle Security.

• Retrieval Augmented Generation Integrated Large Language Models in Smart Contract Vulnerability Detection.

• Blockchain Takeovers in Web 3.0: An Empirical Study on the TRON-Steem Incident.

• Try Catch and all the ways Solidity can revert.

• Edited Forked Code: A Sin And A Goldmine for Smart Contract Auditors.

Tools

• Introducing Eclair, a fast and easy-to-use Solidity interpreter by Daniel Perez.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content