BlockThreat - Week 40, 2023
FTX | ThorSwap | Threshold | Galxe | Stars Arena | BigWhale | 3Commas
Greetings!
FTX Hacker has been busy. After reawakening days before the SBF trial they started moving funds to bitcoin over Threshold’s tBTC by first making a sloppy high slippage swap on Metamask. Threshold’s bridge was halted with an 0day vulnerability exploited by an unknown party. The bad actor moved on to ThorSwap, but it too was halted to stop them from laundering assets. Life of a criminal can be hard.
Stars Arena was hacked twice. First came an unprofitable exploit which simply flooded Avalanche with transactions. News of the hack attracted attention from another attacker which exploited a reentrancy bug for almost $3m shortly after. Stolen funds were returned for the usual 10% bug bounty ransom payment.
In other news, 3Commas users continue losing funds in a new wave of account compromises. BigWhale lost $1.5m in what they attribute to a “private key leak of a company Ledger wallet”. The typical rug pull took a curious turn with threats of extrajudicial action against attackers using Russian government assets which were promptly met with a cease and desist order from Texas State Securities Board. Let’s hope BigWhale founders didn’t have any tea recently.
Multiple reports of DNS hijackings from smaller projects. According to one of the targeted projects, Galxe, bad actors used forged identity documents to social engineer their DNS provider (Dynadot) to take over the domain. Please avoid budget domain registrars for your multi-million projects.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
News
North Korea Suspected in Massive Hack of DeFi Project Mixin.
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist. A fascinating account of a chaotic incident response in the midst of the bankruptcy.
THORSwap goes into ‘maintenance mode’ to counter illicit funds movement.
Crypto Losses in Q3 2023 by Immunefi.
Hack3d - The Web3 Security Quarterly Report - Q3 2023 Edition by CertiK.
Record $7 billion in crypto laundered through cross-chain services by Elliptic.
The Other Side of the Coin - An Analysis of Financial and Economic Crime by Europol discusses the use of cryptocurrencies for criminal schemes.
Crime
Scams
A Deep Dive into Stream-Jacking Attacks on YouTube and Why They're So Popular by BitDefender.
Friend.tech users blame SIM swaps after more than $325k drained in a week.
Sask. man in court battle with crypto exchange lost over $240K to fraud.
‘I felt powerless’: how a crypto scam cost a finance boss £300,000.
Seven more arrested and another supercar seized over JPEX scandal.
Binance users in Hong Kong lose $450K in wave of fraud texts.
Binance Assists in Bust of $277M Thai Crypto Scam Syndicate.
Billionaire’s lawyers oppose Meta’s request for crypto scam documents.
Malware
Contests
RACE #22 Of The Secureum Bootcamp Epoch∞ by patrickd.
Media
The Most Interesting Web3 Security Interview with Peter Kacherginsky by Johnny Time.
Proof of Podcast - Sock: Co-Founding and Scaling Code4rena by Hake.
Research
NoBULLSH*T Security Guide by Composable Security. An encyclopedia of security controls for web3 projects including topics like threat modeling, security programs, dealing with audits and bug bounties, etc.
Web3 Evasion Techniques - Report On The Continuous Monitoring by Forta.
GMX Granted Million Dollar Bug-Bounty to Collider; The Bug Aftermath by Collider.
Retrospecting Liquidation Fee Vulnerability in Perpetual Protocol by ChainLight.
Rounding Errors For Auditors by 33Audits.
Borrowing on Ethereum: Comparing Architecture Evolution of MakerDAO, Yield, Aave, Compound, & Euler by Alberto Cuesta Cañada.
Ethereum Transfers Heatmap - Observe hidden patterns in token transfers by banteg.
Analyzing Ethereum with Cryo by mteam88.
The MoonMath Manual by Least Authority.
Circom language tutorial with circomlib walkthrough by RareSkills.
Tools
Scope - a VSCode extension for testing and interacting with smart contracts on the Ethereum blockchain. It creates a Remix-like environment using Foundry as a backend. Cool!
Swiss Knife - EVM tools dashboard.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Premium Content
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.