BlockThreat - Week 36, 2022
Avalanche | Nereus | New Free DAO | Gera
This week Avalanche patched a couple of critical vulnerabilities that could have been used to steal assets or shut down the whole network. Multiple DeFi projects were also exploited with well known bugs as well as more sophisticated reward vulnerability bugs for a total of $3.3M. Following up on Tornado Cash sanctions multiple companies decided to fight back OFAC’s overreach with well written open letters and law suits. Let’s dive into the news!
Tornado Cash Updates
Defending Privacy in Crypto by Coinbase.
Base Layer Neutrality by Paradigm.
Compromised The Sandbox Instragram used to direct users to a phishing site.
On August 22, 2022 Shiba Inu leaked AWS credentials in its public repo.
On September 5, 2022 Zoom Protocol lost $61K as a result of a price oracle manipulation vulnerability.
On September 7, 2022 Nereus Finance lost $371K in a price oracle manipulation attack.
On September 7, 2022 Gera Token reported its private keys were compromised which resulted in $1.48M losses.
On September 8, 2022 New Free DAO reward manipulation exploit resulted in $1.25M in losses.
On September 8, 2022 Ragnarok token lost $42K due to insufficient access controls on the transferOwners function.
On September 9, 2022 Dark Pool on BSC lost $103K due to a bug in reward calculation.
Report on a memory overwrite vulnerability in OpenSea’s Wyvern Protocol by the BlockSec team.
Celer Bridge incident analysis by Coinbase Threat Intelligence offers an in depth analysis of the BGP hijacking attack and phishing contracts.
Hacking my Helium crypto miner by Wesley Neelen.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.