BlockThreat - Week 39, 2022
North Korea | Transit Finance | MEV | Gnosis Guild | Aztec
The week started with a karmic hack of a well known MEV bot responsible for front-running many users on Ethereum chains. Next, a bad actor behind the Transit Finance hack first got front-ran by an MEV bot and later had to return the majority of stolen assets after doxxing themselves. The Gnosis Guild DAO hack was curious not only because of the governance vector but also due to attackers switching to Aztec Network to hide themselves. With more nodes blocking Tornado Cash transaction, Aztec may become the next anonymity platform of choice.
Oh and be sure to check out the Malware section on the latest North Korean tactics targeting organization with fake job offers and infected open source software.
Let’s dive into the news!
Delaware DOJ Freezes Wallets, Accounts in 'Pig Butchering' Crypto Scams.
Arrested Tornado Cash developer to stay in jail after appeal rejected.
Flashbots MEV-Boost Relays are blocking Tornado Cash transactions.
On September 27, 2022 MEV bot, 0xbad, lost $1.45M due to insufficient function access controls.
On September 28, 2022 multiple Gnosis Guild DAOs were targeted with malicious governance proposals with one losing $10K. The attacker used Aztec Network to hide the source of funds.
On October 1, 2022 Transit Finance users were targeted using a function parameter injection bug in the DEX’s contract. $28.9M were lost according to Transit Finance. However, $18.9M were promptly returned after the discovery of attacker’s multiple transactions with centralized exchanges. One of the attacker’s transactions was also front-run for $1M by an MEV bot.
On October 1, 2022 BabySwap lost $65K in a reward manipulation exploit.
On September 30, 2022 Solana network partitioned and had to be restarted due to a single misconfigured node.
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto report by SentinelOne.
North Korean ZINC weaponizing open-source software by Microsoft.
Chaos Is A Go-Based Swiss Army Knife Of Malware report by Lumen on new DDoS and cryptomining modules.
Exploiting the Profanity Flaw by Amber Group.
Analysis of a MEV sandwitch bot targeting GMX on Arbiscan by polka.
The forgotten IPFS vulnerabilities by Consensys Diligence.
Whatsabi - tool to extract ABIs from unverified contracts.
Check the Chain (CTC) - a tool for collecting and analyzing data from Ethereum and other EVM chains.
Transaction debugging tools thread by SunSec.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.