BlockThreat - Week 38, 2022
Wintermute | Profanity | BXH | dYdX
Compromised or weak private keys were the trend in this week’s hacks with at least $167M were lost so far due to the vulnerability in Profanity wallet generator. Projects continue patching multimillion vulnerabilities thanks to responsible disclosures by security researchers. Supply chain and malware attacks were also on the rise with reports of multiple backdoors and drainers.
Scams
Breaking the Ice: a Phishing Deep Dive and Campaign Indicators by Forta.
Fake MEV bot scam report by Igor Igamberdiev.
Hacks
On September 20, 2022 Wintermute lost $162M after its vault administrator wallet was compromised. The compromise is likely related to the recently published Profanity generator vulnerability.
On September 20, 2022 BXH lost another $2.4M likely due to a private key compromise similar to last year’s $139M incident.
On September 23, 2022 Multiple NPM packages hosted on dYdX Github have been infected with backdoors.
On September 25, 2022 another vanity address lost $950K due to the vulnerability in the Profanity address generator.
Vulnerabilities
Aurora patched critical vulnerabilities in its withdrawal logic and another transfer fee logic thanks to two responsible disclosures through Immunefi.
Arbitrum fixed a critical vulnerability caused by an uninitialized storage slot thanks to a responsible disclosure by 0xriptide.
Multiple projects fixed a misconfiguration vulnerability in their timelock deployment thanks to responsible disclosures by Daniel Von Fange.
Malware
Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners.
NFT Drainer Claims to Bypass Cryptocurrency Wallet Update report by ZeroFox.
Erbium Stealer Malware Report by Cyfirma.
Media
Dune Analytics training by ilemi.eth.
Research
Multi-sig and MPC attacks thread by Tay.
A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers by Project Discovery.
The DeFi Insurance Problem by 0xnimz.
The Two Sides of the Private Tx Service on BSC by BlockSec Team.
Tools
Phalcon TX tracing tool by BlockSec Team.
Dune Analytics Event and Function Signature Sleuthing Dashboard.
Coin Control - new privacy feature in Trezor Suite.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Premium Content
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.