This week featured a critical vulnerability in the Profanity vanity address generator which is bound to facilitate wallet theft for weeks to come as attackers crack any valuable wallets. The merge (and the launch of EthPoW) already brought its first victim which did not do sufficient chain validation, a centralized exchange fell for a massive price manipulation hack, while Binance made an error by crediting customers the wrong coin.

News

• Interpol issued red notice for Do Kwon following arrest warrant by South Korean Court. Do Kwon was last seen in Singapore.

• The Dutch police arrested a man for his role in laundering assets obtained in Electrum wallet phishing campaign.

• DoJ forms Digital Asset Coordinators (DAC) Network by tapping 150+ prosecutors to fight cryptocurrency crime.

• White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets.

• Botched Crypto Mugging Lands Three U.K. Men in Jail.

Scams

• Crypto giveaway scams continue to soar: the number of fake domains grows five-fold in H1 2022 report by Group IB.

• How Scammers Are Paying Nothing for Your NFTs by SlowMist.

• Scam Sniffer Database includes malicious domains and addresses.

Hacks

• On September 15, 2022 multiple wallets generated by a vulnerable Profanity tool were compromised with at least $3.3M in losses.

• On September 16, 2022 OmniBridge lost $286K in a transaction replay attack caused by insufficient chain validation logic.

• On September 18, 2022 GMX exchange $400K in a price manipulation attack.

Other Incidents

• On September 15, 2022 Binance incorrectly credited $19M worth of HNT tokens by incorrectly crediting MOBILE token deposits.

Vulnerabilities

• 1inch exposed a critical vulnerability in Profanity, an Ethereum vanity address generator, which may allow attackers to bruteforce private keys in about the same time as it took to generate the address much faster than expected.

• NFTX marketplace patched a vulnerability which could allow for NFT theft thanks to a responsible disclosure by ErrNil.

• StarkEx patched a double-spend vulnerability thanks to a responsible disclosure by Vlad Bochok.

• EIP-712 contracts with cached domain separator may be vulnerable to replay attacks.

Malware

• TeamTNT hijacking servers to run Bitcoin encryption solvers.

• A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities report by TrendMicro.

Contests

• Paradigm CTF 2022 Files and Solutions.

• I Am The Optimizor Gas Competition and a solution.

• Good Samaritan level on Ethernaut.

Media

• Solidity Security & how to change the bytecode of a deployed contract by Peter Robinson.

• How do Ethereum Mixing Services work? by Peter Robinson.

• Smart Contract Series Episodes 1, 2, 3, 4 by Nahamsec .

Research

• Who is Task Force Rusich – the ‘neo-Nazi paramilitary group’ sanctioned by OFAC yesterday? by TRM

• Building A PoC For The Uranium Heist by Immunefi.

• Ethereum PoS and PoW Security by Beosin.

• Fighting Sybils in Airdrops.

• Smart Contract Vulnerability Detection Technique: A Survey.

• Collaborative Learning for Cyberattack Detection in Blockchain Networks.

• Web3 Graveyard by Razzor.

• cETH Price Feed Incident: Post-Mortem by Compound.

Tools

• Circomspect - static analyzer and linter for the Circom and tutorial.

• Qiling Framework - advanced binary emulation network with EVM support and tutorial.

• Tornadoxxed address deanonymization tool.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content