Greetings!

Some of the worst exploit vectors resurfaced this week resulting in more than $30m stolen across 11 incidents. Here are some of the more important ones:

Private key theft is an alarming trend really picking up. Concentric, GAMEE, Somesing, WallStreetMemes lost combined $22.58m.

Two massive phishing campaigns. Mailer Lite came forward as the third party service behind the mass phishing campaign impersonating CoinTelegraph, WalletConnect, and others. Trezor’s “third party” leak also resulted in the expected highly targeted phishing emails this week.

Last but not least, reentrancy exploits are back. Barley and Nebula Revelation suffered $130,000 and $180,000 respectively to one of the oldest exploit vectors.

First known hack on Conflux chain yielded attacker $1.7m in a price oracle manipulation exploit targeting Goledo Finance. The attacker was the first to reach out to negotiate the return. How nice of them or is it? Hours prior to the outreach, they split up stolen funds and transferred them to an exchange which promptly froze them. Now the tables have turned and the Goledo Finance is demanding the attacker cover all of the losses to the protocol worth $3.8m, more than double the stolen amount, or they go to LE! Another wild day on the frontier.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Before going any further, please visit We Want Justice DAO to learn more about Tornado Cash and help defend Roman Storm and Alex Pertsev in upcoming trials.

For decades Governments around the world made repeated efforts to restrict email and phone privacy, safe browsing, and other uses of cryptography in a campaign collectively known as Crypto Wars. Luckily many of these attempts were defeated through legal action, raising awareness, and enduring support by folks like yourself!

Be on the right side of history. Defend our right to private financial transactions. Defeat an attack on open source software and its developers. Donate below.

Let’s dive into the news!