BlockThreat - Week 34, 2023
Tornado | Balancer | Kroll | Terra | STV | Snowball | BTC20Token
This week US DoJ charged two Tornado Cash founders with conspiracy to launder $1b in crypto assets stolen by North Korean Lazarus group. One of the developers was briefly jailed but released on bail. This will not impede North Korea hacking, but will prevent 95%+ of legitimate users from protecting their on-chain privacy.
BlockFi, FTX, and Genesis customer records were leaked in the Kroll, bankruptcy claims processor, compromise. Get ready for a mass wave of targeted phishing campaigns victimizing people who already got their life savings disappear.
More than $2.1m were stolen from the Balancer protocol which earlier alerted its liquidity providers about a critical vulnerability and urged users to pull their assets. Public disclosure of a vulnerability is a delicate balance between tipping off attackers and saving customer assets. Should they have hacked themselves after the first exploit transactions showed up on-chain?
Another $2.5m+ were stolen from crypto users with phishing attacks seemingly coming from everywhere: Google Ads, fake job posts, Telegram impersonators, etc. We still have a long road ahead protecting users and rebuilding trust in the ecosystem.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
On the bright side, we have a number of CTF and blockchain security conferences coming up in the next few months! It’s a joy to watch our community growing and sharin their knowledge openly. This week also features a few fantastic research papers like research into blockchain finality form Trail of Bits, massive DeFi root cause analysis database from SunSec, and many others.
Let’s dive into the news!
Paradigm CTF - October 28, 2023.
MetaTrust Web3 Security CTF - September 13, 2023.
TrustX organized by Secureum - November 13-14, 2023 in Instanbul, Turkey.
Web3 Security Conference organized by De.Fi - Oct 4, 2023 in Milan, Italy.
Breaking down the Top 50 DeFi hacks 2016-2022 by Halborn.
Reports of Google Adwords used to redirect users to crypto phishing sites which already cost one user $900k after visiting a malicious Celer Bridge Dapp.
A sophisticated phishing scam stole $1.5m from SOL Big Brain by impersonating a Telegram account of a portfolio management company.
DreamBus Botnet Resurfaces, Targets RocketMQ vulnerability by Juniper Networks.
Capture the Ether Solutions using Foundry by 0xraion.
Project SEKAI CTF 2023 Re-Remix Writeup by minaminao.
Blockchain Security Across The Development Lifecycle spaces by OpenZeppelin.
Preventative Security Tactics spaces by De.Fi.
Rust x Ethereum Day hosted by Paradigm includes a few security related talks.
The Engineer’s Guide to Blockchain Finality by Benjamin Samuels (Trail of Bits).
Typical vulnerabilities in AMM protocols by kasimonagasaki (Decurity).
A UI Flaw in Top Crypto Wallets We Need to Address by Coinspect.
Helping Curve Save $6m of User Funds by Addison Spiegel.
Ethereum Apocrypha by Shane Auerbach (smlXL).
Cross-Chain Security with LayerZero Labs by Ryan Zarick.
Top 5 duplicated issues of competitive audits thread by Patrick Collins.
Applied Elliptic Curve Cryptography by patrickd (Ventral).
Bonding curve explanation thread by 0xfave.
Solidity signature verification checklist by TheSchnilch.
How to not get rekt from MEV bots thread by Patrick Collins.
A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool— Part 1 by Antonio Viggiano (Oak Security).
Some rough impressions of Worldcoin by Matthew Green.
Rivet - a developer focused web3 wallet by Paradigm.
Cryogen - blockchain dataset management tool by banteg.
Version Detector - a library for runtime EVM version detection by Philogy.
Top 10 AI Tools for Smart Contract Auditors by Unsnarl.
Huff breakpoints for Foundry debugger by devtooligan.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.