Seal 911 team had its first public win after @FrankResearcher and @pcaversaccio saved $200,000 for a BSC-based DeFi project. FTX hacker woke up days before the trial to start moving funds through ThorChain while Three Arrows founder was apprehended trying to flee. This week’s edition features indicators for a number of malware families that you should keep in mind while setting up internal security practices. Otherwise, enjoy the rare quiet week to catch up on research papers.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!

News

• New Seal 911 team stops crypto thief mid-hack and saves $200,000.

• Security researcher stopped at US border for investigating crypto scam.

• Immunefi introduced Vaults system to combat unfair bounty rewards.

• Ripple back out of Fortress Trust acquisition following the hack.

• Treasury Sanctions Ethereum Wallet Used by Sinaloa Cartel to Launder Fentanyl Financing.

• Global Web3 Security Report, AML Analytics & Crypto Regulatory Landscape - Q3 2023 by Beosin.

Crime

• A Founder of the Crypto Hedge Fund Three Arrows Capital Is Arrested.

• FTX drainer moves millions in ether for first time in nearly a year.

• Westport police recover $3.2 million for victim of Bitcoin scam.

• Darknet Marketplace Tor2door Vanishes, Allegedly Swindling a 'Massive Crypto Escrow Balance' .

Malware

• Malicious Bitcoin Ordinals PDF Attempted To Steal MetaMask Mnemonics.

• Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company by Eset. The new ‘LightlessCan’ payload can bypass common detection tools.

• A cryptor, a stealer and a banking trojan by Kaspersky shares details on Lumma stealer and Zanubis banking trojan families.

• BunnyLoader, the newest Malware-as-a-Service by Zscaler reports on a new strain which steals browser credentials and crypto.

Media

• Scraping Bits by DeGatchi - How Coinbase's Lead Investigator Tracks Down Web3 Blackhat Hackers - Ft. Peter Kacherginsky.

• Finding Analysis 01: Evil NFT by Solodit.

Research

• Bridge Bug Tracker by 0xDatapunk.

• GothicShanon interview with Immunefi.

• Keybleed: Attacking The OneKey Mini.

• Minimal Proxy Compendium by banteg.

• Konni APT use of WinRAR vulnerability (CVE-2023-38831) to attack cryptocurrency industry.

Tools

• Murph - Transpile EVM bytecode into huff.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content