Blockchain Threat Intelligence

Share this post
BlockThreat - Week 4, 2022
newsletter.blockthreat.io

BlockThreat - Week 4, 2022

Qubit | Rari | OpenSea | Sandbox

Peter Kacherginsky
Feb 11
Comment
Share

Not a week goes by without a blockchain bridge hack. QuadrigaCX manages to stay in the news with one of its co-founders starting a DeFi project. Sandbox LAND really scrambled to patch an arbitrary burn function. In other news, be sure to check out Joe Grand’s fun $2M Trezor wallet hack and plenty of other excellent research papers below.

Crime

  • Europol published a report on Cryptocurrencies: tracing the evolution of criminal finances.

  • Delhi: Probe points to Hamas link to crypto hack.

Scams

  • DeFi protocol Wonderland is allegedly run by QuadrigaCX co-founder by The Block.

  • DeFi Takes on Bigger Role in Money Laundering But Small Group of Centralized Services Still Dominate by Chainalysis.

  • Cyber vigilante hunts down DeFi scammers running away with $25M rug pull by CoinDesk.

  • Diving Into the Dangers of Discord (and How to Avoid Risk) by Jordan Spence (MyCrypto).

  • More Than 80% of NFTs Created for Free on OpenSea Are Fraud or Spam.

Hacks

  • On January 24, 2022 multiple OpenSea users reported unexpected sales of their NFTs at significantly lower prices after a bug in OpenSea’s UI did not fully invalidate previous on-chain offers.

  • On January 26, 2022 Index Coop Rari Pool #19 was targeted with an oracle price manipulation attack only to be saved by a friendly arbitrage bot.

  • On January 27, 2022 Qubit Finance lost $80M after an unlimited mint vulnerability was exploited on its cross-chain bridge.

Vulnerabilities

  • ZORA patched a race condition vulnerability in its NFT market contract thanks to a responsible disclosure by the 0x Protocol team.

  • Cronos patched a vulnerability that could be used to steal gas fees in a block thanks to a responsible disclosure by zb3 using the Immunefi platform.

  • Sandbox LAND migrated its contracts to set proper permissions on its exposed burn function.

Research

  • Phantom Functions and the Billion-Dollar No-op by Yannis Smaragdakis.

  • On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy.

  • Do not rug on me: Zero-Dimensional Scam Detection.

  • Discussion on the extractable value of miners (MEV) by Knownsec.

  • Building an EVM from scratch - part 1 by karmacoma.eth.

  • Ethereum SCV List by sirhashalot categorizes recent DeFi exploits.

  • An Ultimate NFT Security Collection by Cia Officer.

  • Review of Tools for Analyzing Security Vulnerabilities in Ethereum based Smart Contracts.

  • This NFT on OpenSea Will Steal Your IP Address.

  • Ethereum single use address hack by Ernesto.

  • Ethereum minimal constructor bytecode by Anton Bukov.

Media

  • How I hacked a hardware crypto wallet and recovered $2 million with Joe Grand.

  • Fuzzing Ethereum Smart Contract using Echidna - Blockchain Security #1 by Patrick Ventuzelo (Fuzzing Labs).

  • Ethereum Smart Contract Analysis & Solidity Audit using Mythril - Blockchain Security #2 by Patrick Ventuzelo (Fuzzing Labs).

Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2022 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing