BlockThreat - Week 38, 2023
Retool | Mixin | HTX (Huobi) | Balancer | OpenSea | Nansen | Netcoins | Upbit
Last week there were 5 CeFi related incidents, a number unheard of even in the wild 2018 when exchanges were compromised on a weekly basis. We have also witnessed the largest hack this year. At $200,000,000 the Mixin hack beats the massive Euler compromise in March, 2023.
Alarms are sounding about an “unknown” 3rd party cloud database provider causing incidents all over CeFi and DeFi ecosystems. Fortress and Remitano last week. Mixin, OpenSea, Nansen, and Netcoins this week. All are broadcasting similar sounding messages about backend leaks from a 3rd party cloud vendor. Based on Ripple’s revelation last week about the real cause behind the Fortress hack, they may all very well be linked to the Retool hack on August 29, 2023.
PSA: OpenSea and Nansen customers change your API keys and passwords.
The Retool incident report mentioned unauthorized access to 27 cloud customers. So if past weeks’ hacks account for 5-6 of these 27 customers, which are all clearly cryptocurrency related, what are the other 21? How many more compromises will we see in the coming weeks?
PSA: If you are a Retool cloud customer consider that long overdue threat hunting and modeling exercise. What can the tool access? Are you exposing anything unexpected? Do you have sufficient logging and alerting?
Upbit exchange was forced to halt withdrawals after accidentally allowing fake Aptos token deposits on its platform. Last week Coinhub suffered a similar misconfiguration with GALA tokens where an older version of the token was traded at the wrong price.
The week ended with a tweet from Justin Sun announcing the HTX (Huobi) $8m hack. It feels more like a single whale compromise rather than a hot wallet hack the ecosystem has experienced throughout the week. Not a good start for a recently rebranded exchange.
Balancer experienced the only notable DeFi hack of its front-end through a social engineering attack on its DNS registrar EuroDNS. Dapp visitors were exposed to Angel Drainer which stole $238,000.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
Gone Phishing by Rekt explores a wide range of techniques used by scammers to phish both individuals and projects to steal millions.
Awesome Web3 Rug Check is a collection of database tracking web3 scams.
How to Avoid Crypto Phishing Scams by DeDotFi.
Reports of an ongoing Coinbase Wallet phishing attack abusing the new messenger feature. Bad actors are spamming users with links to drainers.
A phishing campaign which advertises MEV bot code with a built-in backdoor.
JohnnyTime - Interview with Hari - Co-Founder of Spearbit and Cantina.
Solana Staking and MEV Explained by Andrew Hong.
Enablement of MEV and the Morals of Extracting by Patrick McCorry.
Exploring Latent Risks of On-Chain Options Exchanges: Part 3 by ChainLight.
Don’t overextend your Oblivious Transfer by Trail of Bits on a vulnerability in threshold signature scheme that can lead to signing key recovery in ECDA OT (Oblivious Transfer) implementations.
Secure integration with LayerZero by Damian Rusinek.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.