BlockThreat - Week 38, 2022
Wintermute | Profanity | BXH | dYdX
Compromised or weak private keys were the trend in this week’s hacks with at least $167M were lost so far due to the vulnerability in Profanity wallet generator. Projects continue patching multimillion vulnerabilities thanks to responsible disclosures by security researchers. Supply chain and malware attacks were also on the rise with reports of multiple backdoors and drainers.
Fake MEV bot scam report by Igor Igamberdiev.
On September 20, 2022 BXH lost another $2.4M likely due to a private key compromise similar to last year’s $139M incident.
On September 23, 2022 Multiple NPM packages hosted on dYdX Github have been infected with backdoors.
On September 25, 2022 another vanity address lost $950K due to the vulnerability in the Profanity address generator.
Arbitrum fixed a critical vulnerability caused by an uninitialized storage slot thanks to a responsible disclosure by 0xriptide.
Multiple projects fixed a misconfiguration vulnerability in their timelock deployment thanks to responsible disclosures by Daniel Von Fange.
NFT Drainer Claims to Bypass Cryptocurrency Wallet Update report by ZeroFox.
Erbium Stealer Malware Report by Cyfirma.
Dune Analytics training by ilemi.eth.
Multi-sig and MPC attacks thread by Tay.
A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers by Project Discovery.
The DeFi Insurance Problem by 0xnimz.
The Two Sides of the Private Tx Service on BSC by BlockSec Team.
Phalcon TX tracing tool by BlockSec Team.
Dune Analytics Event and Function Signature Sleuthing Dashboard.
Coin Control - new privacy feature in Trezor Suite.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.