A relatively quiet week filled with multiple conferences and CTFs. DeFi Security Summit in particular was simply amazing and marked another milestone of just how much our industry have matured. Bad guys continue abusing deep fakes as part of scam campaigns while others practice more traditional rug pulls as described in the Scams section below. Only one DeFi compromise this week due to an error in calculating transfer rewards.

News

• NFTs and Financial Crime report by Elliptic.

• The Sleuths Who Protect Crypto From Hackers Are Raking in Money.

• LastPass developer systems hacked to steal source code.

Scams

• Mapping a Serial Rug Pull Scammer on Binance Smart Chain by Tuan Phan and Chad Friedman.

• Hackers Used Deepfake of Binance CCO to Perform Exchange Listing Scams

Hacks

• On August 23, 2022 KaoyaSwap lost $118K due to incorrectly calculating rewards on transfers.

Malware

• Crypto Miners Using Tox P2P Messenger as Command and Control Server

Contests

• CTF Lending by MrToph.

• Secureum A-Maze X CTF.

Media

• DeFi Security Summit Day 1 and Day 2 recordings.

Research

• DeFi Exploits: Trends, Patterns, and Lessons Learnt by Token Terminal.

• Signature malleability attacks by Daniel Von Fange.

• Reverse Engineering Solana with Binary Ninja by OtterSec.

• Why is Oracle Manipulation after the Merge so cheap? Multi-Block MEV by ChainSecurity.

• EEA EthTrust Security Levels Specification v1.

• An Automated Analyzer for Financial Security of Ethereum Smart Contracts.

• Cryptocurrency Class 2022 by Patrick McCorry.

Tools

• Tornado Withdrawal Dashboard

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators