Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 38, 2023
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 38, 2023

Retool | Mixin | HTX (Huobi) | Balancer | OpenSea | Nansen | Netcoins | Upbit

Peter Kacherginsky
Sep 25, 2023
∙ Paid
4

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 38, 2023
Copy link
Facebook
Email
Notes
More
Share

Hey friends,

Last week there were 5 CeFi related incidents, a number unheard of even in the wild 2018 when exchanges were compromised on a weekly basis. We have also witnessed the largest hack this year. At $200,000,000 the Mixin hack beats the massive Euler compromise in March, 2023.

Alarms are sounding about an “unknown” 3rd party cloud database provider causing incidents all over CeFi and DeFi ecosystems. Fortress and Remitano last week. Mixin, OpenSea, Nansen, and Netcoins this week. All are broadcasting similar sounding messages about backend leaks from a 3rd party cloud vendor. Based on Ripple’s revelation last week about the real cause behind the Fortress hack, they may all very well be linked to the Retool hack on August 29, 2023.

PSA: OpenSea and Nansen customers change your API keys and passwords.

The Retool incident report mentioned unauthorized access to 27 cloud customers. So if past weeks’ hacks account for 5-6 of these 27 customers, which are all clearly cryptocurrency related, what are the other 21? How many more compromises will we see in the coming weeks?

PSA: If you are a Retool cloud customer consider that long overdue threat hunting and modeling exercise. What can the tool access? Are you exposing anything unexpected? Do you have sufficient logging and alerting?

Upbit exchange was forced to halt withdrawals after accidentally allowing fake Aptos token deposits on its platform. Last week Coinhub suffered a similar misconfiguration with GALA tokens where an older version of the token was traded at the wrong price.

The week ended with a tweet from Justin Sun announcing the HTX (Huobi) $8m hack. It feels more like a single whale compromise rather than a hot wallet hack the ecosystem has experienced throughout the week. Not a good start for a recently rebranded exchange.

Balancer experienced the only notable DeFi hack of its front-end through a social engineering attack on its DNS registrar EuroDNS. Dapp visitors were exposed to Angel Drainer which stole $238,000.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!

News

  • UK bill to seize illicit crypto moves to final stages of approval.

  • Crypto crime displacement: what it is and what you can do about it.

  • Chainalysis Denounces Bitcoin Core Contributor As “Unqualified” - Bitcoin Magazine - Bitcoin News, Articles and Expert Insights.

  • Hong Kong Police Announce 6 Arrests in JPEX Probe.

  • WEX exchange co-founder Alexei Bilyuchenko sentenced in Moscow amid global legal entanglements.

  • Bitcoin scammer who was snared by victims sentenced.

  • Russian ‘Crypto Queen’ Reportedly Arrested in Moscow.

Scams

  • Gone Phishing by Rekt explores a wide range of techniques used by scammers to phish both individuals and projects to steal millions.

  • Awesome Web3 Rug Check is a collection of database tracking web3 scams.

  • How to Avoid Crypto Phishing Scams by DeDotFi.

  • Reports of an ongoing Coinbase Wallet phishing attack abusing the new messenger feature. Bad actors are spamming users with links to drainers.

  • Claimants in Celsius crypto bankruptcy targeted in phishing attack.

  • Scammers are Targeting Decrypt Readers With Fake 'Token Swap' Emails.

  • A phishing campaign which advertises MEV bot code with a built-in backdoor.

  • Crypto Scam Entity “Bitscyber” Impersonating CA DFPI and Using Fraudulent “Ownership Certificate Of Funds” Document to Steal Money.

  • Casino heist used bitcoin ATM in elaborate $1M scheme.

Malware

  • Xenomorph Android malware now targets U.S. banks and crypto wallets.

  • AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation.

Contests

  • CosmWasm CTF - AwesomWasm 2023 Pt.1 writeup by JCsec.

Media

  • JohnnyTime - Interview with Hari - Co-Founder of Spearbit and Cantina.

Research

  • Front-Running In Blockchain: Real-Life Examples & Prevention by Hacken.

  • Solana Staking and MEV Explained by Andrew Hong.

  • Enablement of MEV and the Morals of Extracting by Patrick McCorry.

  • How to Create a Web3 Security Incident Response Plan by Halborn.

  • Enhancing Blockchain Security with ERC-7512: A Standard for representing smart contract audits onchain by Anichohan.

  • Exploring Latent Risks of On-Chain Options Exchanges: Part 3 by ChainLight.

  • Circuit Audit: Are Redundant Constraints Really Redundant? by Beosin.

  • Don’t overextend your Oblivious Transfer by Trail of Bits on a vulnerability in threshold signature scheme that can lead to signing key recovery in ECDA OT (Oblivious Transfer) implementations.

  • Secure integration with LayerZero by Damian Rusinek.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.


Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More