BlockThreat - Week 40, 2023
FTX | ThorSwap | Threshold | Galxe | Stars Arena | BigWhale | 3Commas
FTX Hacker has been busy. After reawakening days before the SBF trial they started moving funds to bitcoin over Threshold’s tBTC by first making a sloppy high slippage swap on Metamask. Threshold’s bridge was halted with an 0day vulnerability exploited by an unknown party. The bad actor moved on to ThorSwap, but it too was halted to stop them from laundering assets. Life of a criminal can be hard.
Stars Arena was hacked twice. First came an unprofitable exploit which simply flooded Avalanche with transactions. News of the hack attracted attention from another attacker which exploited a reentrancy bug for almost $3m shortly after. Stolen funds were returned for the usual 10%
bug bounty ransom payment.
In other news, 3Commas users continue losing funds in a new wave of account compromises. BigWhale lost $1.5m in what they attribute to a “private key leak of a company Ledger wallet”. The typical rug pull took a curious turn with threats of extrajudicial action against attackers using Russian government assets which were promptly met with a cease and desist order from Texas State Securities Board. Let’s hope BigWhale founders didn’t have any tea recently.
Multiple reports of DNS hijackings from smaller projects. According to one of the targeted projects, Galxe, bad actors used forged identity documents to social engineer their DNS provider (Dynadot) to take over the domain. Please avoid budget domain registrars for your multi-million projects.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist. A fascinating account of a chaotic incident response in the midst of the bankruptcy.
Crypto Losses in Q3 2023 by Immunefi.
The Other Side of the Coin - An Analysis of Financial and Economic Crime by Europol discusses the use of cryptocurrencies for criminal schemes.
RACE #22 Of The Secureum Bootcamp Epoch∞ by patrickd.
NoBULLSH*T Security Guide by Composable Security. An encyclopedia of security controls for web3 projects including topics like threat modeling, security programs, dealing with audits and bug bounties, etc.
Rounding Errors For Auditors by 33Audits.
Borrowing on Ethereum: Comparing Architecture Evolution of MakerDAO, Yield, Aave, Compound, & Euler by Alberto Cuesta Cañada.
Analyzing Ethereum with Cryo by mteam88.
The MoonMath Manual by Least Authority.
Circom language tutorial with circomlib walkthrough by RareSkills.
Scope - a VSCode extension for testing and interacting with smart contracts on the Ethereum blockchain. It creates a Remix-like environment using Foundry as a backend. Cool!
Swiss Knife - EVM tools dashboard.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.