BlockThreat - Week 37, 2022
Profanity | OmniBridge | GMX | Binance | Terra
This week featured a critical vulnerability in the Profanity vanity address generator which is bound to facilitate wallet theft for weeks to come as attackers crack any valuable wallets. The merge (and the launch of EthPoW) already brought its first victim which did not do sufficient chain validation, a centralized exchange fell for a massive price manipulation hack, while Binance made an error by crediting customers the wrong coin.
DoJ forms Digital Asset Coordinators (DAC) Network by tapping 150+ prosecutors to fight cryptocurrency crime.
How Scammers Are Paying Nothing for Your NFTs by SlowMist.
Scam Sniffer Database includes malicious domains and addresses.
On September 16, 2022 OmniBridge lost $286K in a transaction replay attack caused by insufficient chain validation logic.
On September 18, 2022 GMX exchange $400K in a price manipulation attack.
On September 15, 2022 Binance incorrectly credited $19M worth of HNT tokens by incorrectly crediting MOBILE token deposits.
1inch exposed a critical vulnerability in Profanity, an Ethereum vanity address generator, which may allow attackers to bruteforce private keys in about the same time as it took to generate the address much faster than expected.
NFTX marketplace patched a vulnerability which could allow for NFT theft thanks to a responsible disclosure by ErrNil.
StarkEx patched a double-spend vulnerability thanks to a responsible disclosure by Vlad Bochok.
EIP-712 contracts with cached domain separator may be vulnerable to replay attacks.
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities report by TrendMicro.
Good Samaritan level on Ethernaut.
Solidity Security & how to change the bytecode of a deployed contract by Peter Robinson.
How do Ethereum Mixing Services work? by Peter Robinson.
Building A PoC For The Uranium Heist by Immunefi.
Ethereum PoS and PoW Security by Beosin.
Web3 Graveyard by Razzor.
cETH Price Feed Incident: Post-Mortem by Compound.
Tornadoxxed address deanonymization tool.
Keep reading with a 7-day free trial