Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 38, 2022
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 38, 2022

Wintermute | Profanity | BXH | dYdX

Peter Kacherginsky
Oct 02, 2022
∙ Paid
2

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 38, 2022
Copy link
Facebook
Email
Notes
More
Share

Compromised or weak private keys were the trend in this week’s hacks with at least $167M were lost so far due to the vulnerability in Profanity wallet generator. Projects continue patching multimillion vulnerabilities thanks to responsible disclosures by security researchers. Supply chain and malware attacks were also on the rise with reports of multiple backdoors and drainers.

Scams

  • Breaking the Ice: a Phishing Deep Dive and Campaign Indicators by Forta.

  • Fake MEV bot scam report by Igor Igamberdiev.

Hacks

  • On September 20, 2022 Wintermute lost $162M after its vault administrator wallet was compromised. The compromise is likely related to the recently published Profanity generator vulnerability.

  • On September 20, 2022 BXH lost another $2.4M likely due to a private key compromise similar to last year’s $139M incident.

  • On September 23, 2022 Multiple NPM packages hosted on dYdX Github have been infected with backdoors.

  • On September 25, 2022 another vanity address lost $950K due to the vulnerability in the Profanity address generator.

Vulnerabilities

  • Aurora patched critical vulnerabilities in its withdrawal logic and another transfer fee logic thanks to two responsible disclosures through Immunefi.

  • Arbitrum fixed a critical vulnerability caused by an uninitialized storage slot thanks to a responsible disclosure by 0xriptide.

  • Multiple projects fixed a misconfiguration vulnerability in their timelock deployment thanks to responsible disclosures by Daniel Von Fange.

Malware

  • Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners.

  • NFT Drainer Claims to Bypass Cryptocurrency Wallet Update report by ZeroFox.

  • Erbium Stealer Malware Report by Cyfirma.

Media

  • Dune Analytics training by ilemi.eth.

Research

  • Multi-sig and MPC attacks thread by Tay.

  • A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers by Project Discovery.

  • The DeFi Insurance Problem by 0xnimz.

  • The Two Sides of the Private Tx Service on BSC by BlockSec Team.

Tools

  • Phalcon TX tracing tool by BlockSec Team.

  • Dune Analytics Event and Function Signature Sleuthing Dashboard.

  • Coin Control - new privacy feature in Trezor Suite.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.


Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More