Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 34, 2023

BlockThreat - Week 34, 2023

Tornado | Balancer | Kroll | Terra | STV | Snowball | BTC20Token

Peter Kacherginsky
Sep 01, 2023
∙ Paid
2

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 34, 2023
Share

Greeting!

This week US DoJ charged two Tornado Cash founders with conspiracy to launder $1b in crypto assets stolen by North Korean Lazarus group. One of the developers was briefly jailed but released on bail. This will not impede North Korea hacking, but will prevent 95%+ of legitimate users from protecting their on-chain privacy.

BlockFi, FTX, and Genesis customer records were leaked in the Kroll, bankruptcy claims processor, compromise. Get ready for a mass wave of targeted phishing campaigns victimizing people who already got their life savings disappear.

More than $2.1m were stolen from the Balancer protocol which earlier alerted its liquidity providers about a critical vulnerability and urged users to pull their assets. Public disclosure of a vulnerability is a delicate balance between tipping off attackers and saving customer assets. Should they have hacked themselves after the first exploit transactions showed up on-chain?

Another $2.5m+ were stolen from crypto users with phishing attacks seemingly coming from everywhere: Google Ads, fake job posts, Telegram impersonators, etc. We still have a long road ahead protecting users and rebuilding trust in the ecosystem.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

On the bright side, we have a number of CTF and blockchain security conferences coming up in the next few months! It’s a joy to watch our community growing and sharin their knowledge openly. This week also features a few fantastic research papers like research into blockchain finality form Trail of Bits, massive DeFi root cause analysis database from SunSec, and many others.

Let’s dive into the news!

Events

  • Paradigm CTF - October 28, 2023.

  • MetaTrust Web3 Security CTF - September 13, 2023.

  • TrustX organized by Secureum - November 13-14, 2023 in Instanbul, Turkey.

  • Web3 Security Conference organized by De.Fi - Oct 4, 2023 in Milan, Italy.

News

  • Breaking down the Top 50 DeFi hacks 2016-2022 by Halborn.

  • Tornado Cash Devs Charged With Helping Hackers Launder $1B, Including Infamous North Korean Attacks.

  • Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Crypto Hack.

  • Terra warns users after hackers turn domain into a ‘phishing site’.

Scams

  • FTX Customers Hit by 'Withdrawal' Phishing Mails After SIM Swap Attack.

  • X users manipulated by ChatGPT bots to visit malicious crypto sites.

  • Reports of Google Adwords used to redirect users to crypto phishing sites which already cost one user $900k after visiting a malicious Celer Bridge Dapp.

  • Reports of fake crypto job posting used to spread wallet stealer malware.

  • Magnate Finance disappears with over $6 million in apparent 'rug pull'.

  • A sophisticated phishing scam stole $1.5m from SOL Big Brain by impersonating a Telegram account of a portfolio management company.

Malware

  • DreamBus Botnet Resurfaces, Targets RocketMQ vulnerability by Juniper Networks.

  • Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT by Cisco Talos.

Contests

  • Capture the Ether Solutions using Foundry by 0xraion.

  • Project SEKAI CTF 2023 Re-Remix Writeup by minaminao.

Media

  • Blockchain Security Across The Development Lifecycle spaces by OpenZeppelin.

  • Preventative Security Tactics spaces by De.Fi.

  • Rust x Ethereum Day hosted by Paradigm includes a few security related talks.

Research

  • The Engineer’s Guide to Blockchain Finality by Benjamin Samuels (Trail of Bits).

  • DeFi Hacks Analysis - Root Cause Analysis Part 2 by SunSec.

  • Typical vulnerabilities in AMM protocols by kasimonagasaki (Decurity).

  • A UI Flaw in Top Crypto Wallets We Need to Address by Coinspect.

  • Helping Curve Save $6m of User Funds by Addison Spiegel.

  • Ethereum Apocrypha by Shane Auerbach (smlXL).

  • Cross-Chain Security with LayerZero Labs by Ryan Zarick.

  • Smarter Contracts: Detecting Vulnerabilities in Smart Contracts with Deep Transfer Learning.

  • Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams.

  • A Large Scale Study of the Ethereum Arbitrage Ecosystem.

  • Aave v3 bug bounty part 1 and part 2 by StErMi.

  • Top 5 duplicated issues of competitive audits thread by Patrick Collins.

  • Applied Elliptic Curve Cryptography by patrickd (Ventral).

  • Bonding curve explanation thread by 0xfave.

  • Solidity signature verification checklist by TheSchnilch.

  • How to not get rekt from MEV bots thread by Patrick Collins.

  • A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool— Part 1 by Antonio Viggiano (Oak Security).

  • Some rough impressions of Worldcoin by Matthew Green.

Tools

  • Rivet - a developer focused web3 wallet by Paradigm.

  • Cryogen - blockchain dataset management tool by banteg.

  • Version Detector - a library for runtime EVM version detection by Philogy.

  • Top 10 AI Tools for Smart Contract Auditors by Unsnarl.

  • Huff breakpoints for Foundry debugger by devtooligan.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.


Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share