BlockThreat - Week 35, 2022
KyberSwap | Bill Murray | Rug Pull Finder | Coinbase | ShadowFi
A busy week with BSC projects getting picked off one after another with flash loans and reward manipulation bugs. Yet another front-end compromise of KyberSwap continues the alarming trend of bad actors targeting vulnerable web2 infrastructure. Scammers continue getting creative with new schemes to entice users with phishing sites and malware. Coinbase messed up exchange rates triggering a bank run in Georgia. OptiFi and Compound managed to lock up their stablecoin and ETH markets respectively which shows that the DeFi ecosystem is still fragile enough with plenty of assets getting lost even without evildoers.
Let’s dive into the news!
Tracking down phishing crew identities part 2 with ZachXBT.
On August 29, 2022 DDC lost $104K in a reward manipulation exploit.
On August 31, 2022 Cupid lost $78K in a reward manipulation exploit.
On September 2, 2022 ShadowFi lost $300K due to an exposed burn function.
On September 4, 2022 DAO Officials lost $581K in a reward manipulation exploit.
On August 29, 2022 OptiFi accidentally froze 661K USDC.
Report on Nitrokod crypto miner impersonating Google translate desktop by Check Point Research.
ModernLoader RAT used to distribute crypto stealer and miner analysis by Cisco Talos.
Analysis of Sharkbot banking and crypto stealer posing as a fake Android AV app by FoxIt.
Web3 project security practices thread by Damian Rusinek.
Blockchain bridges security & common cross-chain vulnerabilities by Jakub Zmysłowski.
Cairo and StarkNet Security by ctrlc03.
Categorized Code4rena reports by Tomosuke0930.
ZIION VM by Halborn is a one stop blockchain and smart contract security distribution with 100+ tools.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.