Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 4, 2023
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 4, 2023

Kevin Rose | NFT God | Azuki | Robinhood | Harmony | Wormhole

Peter Kacherginsky
Feb 01, 2023
∙ Paid
1

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 4, 2023
Copy link
Facebook
Email
Notes
More
Share

Hey friends!

This week continues the trend of bad actors moving stolen funds from months old compromises. Wormhole, Harmony, Blockchain Bandit attackers all have awoken.

Mango Labs decided to go forward with a civil lawsuit against Avi Eisenberg which goes against their promise not to sue in exchange for returning funds. This could set an interesting precedent for future “white-hat agreements” where attackers may still be liable if they become within the reach of the law.

Not too many DeFi exploits this week with <$100K in total losses. That’s two weeks in a row. I am honestly afraid of calling it a trend since a similar lull in June of 2022 was preceded by a $100M+ compromise.

Scammers on the other hand have been really busy attacking crypto celebrities and taking over exchange Twitter accounts. Phishing attacks targeting individuals clearly need to be addressed by improving wallet security since victims were seasoned crypto veterans. It feels like a consumer-focused “web3 firewall/antivirus/etc” industry is both necessary and long overdue so that even our grandparents can safely approve NFT transactions. In the meantime, check out phishing incidents mega-thread by the one and only Tay in the scams section below for all the ways folks get rekt.

On the more positive note, I have a fantastic compilation of research papers and tools for you this week. From research into bridge compromises and the dark forest to formal verification and MEVs, it should keep you plenty busy for the next week. I also included a talk I gave on the craft of blockchain threat intelligence at yAcademy which includes a list of Top 10 DeFi attack vectors to help you lock things down.

Let’s dive into the news, but first a note from our sponsors at Chainalysis with some very positive news on ransomware profits from the upcoming crypto crime report!

Ransomware revenue down as victims refuse to pay 🙅

Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. But it's not because ransomware attacks have gone down. It's because victims are increasingly refusing to pay.  Get the latest on ransomware in 2022 now >

News

  • Wormhole exploiter converts $150 million in ETH to staked assets and levers up. What a degen!

  • The Blockchain Bandit is On the Move: Wallet of Prolific Crypto Thief Moves Funds for First Time in Six Years.

  • Harmony Hackers Cover Tracks by Bridging Portion of $100M Loot to Avalanche, Ethereum and Tron. The group added Railgun, a privacy system, to their arsenal to obfuscate stolen funds.

  • FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft. The press release confirms the Lazarus link based on on-chain analysis from more than 6 months ago.

  • Spotlight on KillNet: The Cybercriminal Group Raising Funds for Russia’s War in Ukraine.

Legal

  • Mango Labs Sues Avraham Eisenberg Over Mango Markets Exploit.

  • White House Publishes 'Roadmap' to Mitigate Cryptocurrency Risks.

Scams

  • Phishing and Scammer Incidents Mega-Thread by Taylor Monahan.

  • Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move.

  • NFT God Hacked: Losing NFTs and the Trust Of The Community.

  • Azuki’s Twitter Account Hacked, Leading Followers to Malicious Link. $750K+ Stolen.

  • Robinhood’s Twitter Account Compromised. Used to promote a fake token on BNB Chain. Only $8.2K was stolen.

  • Monkey Drainer scammers uncovered by CertiK.

  • Crypto ATM Payments Linked to Known Scam Addresses by TRM.

  • Inside the call centre scam that lured vulnerable workers to Cambodia and trapped them in the murky world of human trafficking.

Hacks

  • On January 26, 2023 Blue Clues Inu’s Uniswap pool was drained to a faulty token burn logic. About $11K were lost.

  • On January 26, 2023 Tom Inu lost $35K in a price oracle manipulation attack.

  • On January 27, 2023 phyProxy lost $1.2K due to a bug in function parameter validation.

Vulnerabilities

  • Submitting malicious transactions into a crypto wallet on behalf of any dApp by Pavel Shabarkin (Quantstamp).

  • The Story of a High-Risk Vulnerability in Move Reference Safety Verify Module by Numen.

Malware

  • FBI Infiltrated Hive Network, Blocking Over $130 Million in Crypto Ransomware.

  • TA444: The APT Startup Aimed at Acquisition (of Your Funds) by Proofpoint.

  • BombFlower Backdoor: Uncovering an Evasive Fake Wallet Campaign by CertiK.

Contests

  • MevSec CTF.

  • Learn Move Security Challenge #1 by Marco Paladin.

Media

  • Block IV Guest Speaker: Peter Kacherginsky - Blockchain Threat Intel.

Research

  • Bridge Bugs Overview by MixButes.

  • Setting Bear Traps in the Dark Forest by Paul Brower.

  • Your First Day As A Bug Bounty Hunter On Immunefi by Immunefi.

  • Threat Modeling for Smart Contracts: Best Step-by-Step Guide by Paweł Kuryłowicz.

  • Formally Verifying Finality in Gasper: The Core of the Beacon Chain by Runtime Verification.

  • Solana Formal Verification: A Case Study by OtterSec.

  • Breaking the Tree: Violating Invariants in Semaphore by Veridise.

  • An Automated Vulnerability Detection Framework for Smart Contracts.

  • Why TWAP Oracles Are Key to DeFi Security by Rob Behnke (Halborn).

  • Securing Web3 Through Proactive Threat Prevention by BlockSec.

  • Demystifying NFT Promotion and Phishing Scams.

  • Signature malleability attack thread by Owen (Web3Sec).

  • Gas griefing attack abusing the 63/64 rule by Owen (Web3Sec).

  • MEV: Maximal Extractable Value - How Flashboys Became Flashbots by Christine Kim.

  • Token approve front-running attack thread by bytes032.

  • Web3SecurityDAO Wiki.

  • Security Researcher Dashboard by Saloon.

  • Review of Blockchain Security in 2022 by FairyProof.

  • Triathon Global Crypto Security Report 2022.

Tools

  • Codeslaw - verified smart contracts search engine and a thread on awesome sample use cases by ren.

  • OpenChain - 4byte signature database by samczsun.

  • BitSearch - Bitcoin Search Engine.

  • How to use MetaSleuth to analyze a phishing attack by BlockSec.

  • Flashbots Bundler App.

  • Smart Contract Storage Slot Reader.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

Lazarus Harmony Horizon Funds

Bitcoin: 1BK769SseNefb6fe9QuFEi8W4KGbtP8gi3 
Bitcoin: 15FcqYRbwh2JsRUyBjvZ4jJ2XAD3pycGch 
Bitcoin: 1HwSof6jnbMFpfrRRa2jvydYdopkkGB4Sn 
Bitcoin: 15emeZ7buVegqhYh9PekH7cwFEJcCeVNpS 
Bitcoin: 3MSbCJCYtx5sj1nkzD4AMEhhvvviXBc8XJ 
Bitcoin: 17Z79rZpkk8kUiJseg5aELwYKaoLnirMUn 
Bitcoin: bc1qp2vvntdedxw4xwtyd4y3gc2t9ufk6pwz2ga4ge 
Bitcoin: 3P9WebHkiDxCi8LDXiRQp8atNEagcQeRA3 
Bitcoin: 37fnBxofDeph2fpBZxZKypNkwdXAt9nT6F 
Bitcoin: 185NxhFAmKZrdwn9rVga3kqbvDP4FkbTNw 
Bitcoin: 12283Cq1pJ3f1gXwqi6K3bRf5LZb8Bkm6g 

Keep reading with a 7-day free trial

Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2024 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More