BlockThreat - Week 38, 2024
BingX | DeltaPrime | Shezmu | Banana Gun | Charisma | Bankroll | WXETA | Rivus
Greetings!
Everything was hacked this week. Exchanges, smart contracts, telegram bots and some really exotic blockchains all lost almost $67M across 10 incidents. Let’s explore some of the more interesting compromises.
The week started with users of three Telegram bots (Banana Gun, Maestro, Unibot) reporting losing at least $3.2M. Trading bots rely on users exposing their private keys, making them perfect targets for bad actors. What’s interesting about these hacks is that the attack vector came from a vulnerability in the trading bot application itself. Now that Telegram is more friendly to law enforcement requests, maybe there is a chance of the perpetrators getting caught.
Private key theft and malicious insider threats continue to pop up week after week. Rivus DAO experienced an insider adding a backdoor to their smart contracts. Similarly DeltaPrime lost almost $6M due to private key theft which may be related to hiring a North Korean IT worker a few months ago.
Weeks like this wouldn’t be complete without a massive centralized exchange compromise. BingX was unfortunately hit with a $52M hot wallet hack aka “an abnormal network access”. All of the exchange’s EVM wallets were systematically drained for almost 5 hours with attackers not shying away from taking the 0.036 ETH left in the BASE chain wallet. At the same time attackers embarked on a 10-hour-long swapping and laundering frenzy with only two 10 minute breaks. Who operates with such greed and precision!? The exchange attempted to negotiate with bad actors, but of course North Korea doesn’t really do refunds.
I’ll leave you with one of the more exotic hacks this year involving the Stacks chain and Charisma protocol. An attacker found a way to bypass the contract’s access controls by abusing the as-contract feature to effectively act on the target’s behalf.
The premium section of the newsletter contains detailed vulnerability analysis, incident write-ups, and indicators for the aforementioned exploits as well Shezmu, Bankroll, and others.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Oh and be sure to check out another epic investigation by ZachXBT solving a mystery behind last month’s $243M hack. Let’s dive into the news!
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.