BlockThreat - Week 40, 2024

EigenLayer | EGA | Lava Lending | Fire | AIZPT

Oct 09, 2024

∙ Paid

Greetings!

A relatively quiet week with less than $6M lost to DeFi hacks. Most of the lost funds are due to a single compromise of EigenLayer, where an employee was tricked into sending $5.5M worth of assets to the wrong wallet.

If you ever feel like DeFi security is struggling, just look at the other side of the fence to see how web2 is doing. Not only do key pieces of infrastructure like Verizon and AT&T have government-mandated backdoors, but now we’ve learned that those backdoors themselves were compromised by a Chinese nation-state actor. This is equivalent to the compromise of Bitcoin, Ethereum, and Solana chains all at the same time. Yep, even with hacks that we learn about every day, web3 is doing just fine.

The premium version of the newsletter includes additional details on a few price oracle manipulation hacks involving Fire, Lava Lending, AIZPT, and a function access control issue with EGA token.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!

News

Concern grows for detained journalist awarded by US for exposing online scam centers. Mech Dara was charged with incitement to provoke serious social chaos for exposing scam centers involved in human trafficking.
U.S. Wiretap Systems Targeted in China-Linked Hack.
How North Korea Infiltrated the Crypto Industry.
Q3 2024 Web3 Security Report by Hacken and Extractor.
Hack3d: The Web3 Security Quarterly Report - Q3 2024 Edition by CertiK.
2024 Q3 MistTrack Stolen Funds Analysis by SlowMist.
September Phishing Report by Scam Sniffer.

Crime

U.S. moves to seize $2.7 million from Lazarus hacks traced through Tornado Cash, other mixers. The action concerns Stake $41M compromise in 2023 and Deribit $28M hack in 2022.
Russia arrests nearly 100 with suspected ties to sanctioned crypto exchange. Here is the full footage of the arrest. The money counter really had to work overtime. The arrest follows US DoJ indictment a week earlier.
Treasury Sanctions Members of the Russia-Based Cybercriminal Group Evil Corp in Tri-Lateral Action with the United Kingdom and Australia.
This Teenage Hacker Became a Legend Attacking Companies. Then His Rivals Attacked Him. Follows the story of Arion Kurtaj, Lapsus$, Com, and the mayhem they unleashed on each other and their victims.
Digital Danger by Rekt. Stories of physical attacks and brutal heists targeting the crypto ecosystem.
Caroline Ellison: A woman with agency or a helpless pawn? by Molly White (Citation Needed).
Indiana Man Pleads Guilty to Conspiracies Involving Cyber Intrusion and $37 Million Cryptocurrency Theft.
Court revives 2020 AT&T case over $24M crypto theft via SIM swap.
US Government Seeks Forfeiture of 200,000 USDT Tied to Bitcoin Theft in Ohio.
DHS says it thwarted over 500 crypto ransom attacks in 3 years.
New York Man Pleads Guilty in Crypto-Fueled $25M Money Laundering Case.
Washington State Accuses 2 Cryptocurrency Platforms of Defrauding Investors.
Australia’s ‘Operation Kraken’ seizes over $6 million in crypto after deciphering seed phrases from organized crime wallets.
India Cracks Down on $48M Crypto Fraud in Fiewin Gaming App With Binance Help.
Crypto Fraud Ring Dismantled by Vietnamese Authorities.

Policy

Phishing

Minimum Viable OPSEC by Sleepy.
Address Poisoning: What It Is and How to Protect Yourself by Zero Shadow.
Russian hackers are using deepfake porn sites to steal crypto.
A thread on a targeted social engineering and malware attack by defizard.
Report of an ongoing phishing campaign targeting Microsoft Authenticator users, tricking them into a malicious website by Pablo Sabbatella.
Someone lost $100k just 20 minutes after withdrawing from MEXC by signing an "approve" phishing transaction by Scam Sniffer..
Symbiotic X hacked, malware is infecting SVG files.
Lego's website was hacked to promote a crypto scam.
Google research scientist Quoc V. Le's X account was compromised and posted phishing links.

Scams

Malware

Crypto-Stealing Code Lurking in Python Package Dependencies by Yehuda Gelb (Checkmarx)
Malicious Solidity VS Code extension analysis by Lorenz Lehmann. Additional review by banteg.
Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 by Recorded Future.
perfctl: A Stealthy Malware Targeting Millions of Linux Servers by Aqua. The malware is behind years-long mining campaign.
Scam Information and Event Management by Alexander Kryazhev (Kaspersky).
Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale by Datadog Security Labs.
Redis honeypot: server with vulnerable Redis database reveals new SkidMap modification used to hide cryptocurrency mining process by Dr. Web.
Trinity Ransomware advisory by HC3.

Contests

BlazCTF 2024 Writeup by Amber Group.
BlazCTF 2024 Writeup by a00012025.
Positive CTF - A set of tasks for cracking implementations of smart-contracts with typical vulnerabilities.
RACE #33 Of The Secureum Bootcamp Epoch∞ by patrickd.
RACE #32 Of The Secureum Bootcamp Epoch∞ by patrickd.

Media

Blockchain Security Series 14 - Frederik Svantes (Security research lead @ Ethereum Foundation) by Pablo Sabbatella.
Ethereum Security 2024: A Year in Review with Fredrik Svantes.
Behind the Scenes: DeFi Hack Negotiations - TOKEN2049 Singapore 2024 with Ogle.
How to create a robot army with MarginalDEX - ApeWorX Silverback Session.

Research

Formally Verifying Loops Part 1 and Part 2 by Raoul Schaffranek.
Audit of ZK protocols by Positive Security.
Checklist for Auditing TON Smart Contracts by Positive Security.
NFT Smart Contract Security: Common Pitfalls and Auditing Guidelines by Olympix.
Smart Contract Upgrade Patterns: Security Implications and Best Practices by Olympix.
A Full Comparison: What are Fraud Proofs and Validity proofs? by Ciara Nightingale (Cyfrin).
Flash Loans: Everything You Need To Know by Patrick Collins (Cyfrin).
Liquidity Pools: How They Work, Risks & Security Tips by Hacken.
The Hidden Dangers of God Mode in Smart Contracts by Juliano Rizzo (Coinspect).
Project Heuristics for web3 Bounty Hunters by WhiteHatMage.
No Fish Is Too Big for Flash Boys! Frontrunning on DAG-based Blockchains.
Transaction invalidation complexity in FOCIL by Terence Tsao.
51% Attack via Difficulty Increase with a Small Quantum Miner.
Optimal RANDAO Manipulation in Ethereum.
Enhancing Web Spam Detection through a Blockchain-Enabled Crowdsourcing Mechanism.
Count of Monte Crypto: Accounting-based Defenses for Cross-Chain Bridges.
XChainWatcher: Monitoring and Identifying Attacks in Cross-Chain Bridges.
RiskSEA : A Scalable Graph Embedding for Detecting On-chain Fraudulent Activities on the Ethereum Blockchain.
Satoshi likely launched 51% attack on Bitcoin during early days.
Pretty wild timeline on the latest high severity bug in Bitcoin Core. ~5.5 years from reporting the issue to public disclosure. A thread by pcaversaccio.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content

Keep reading with a 7-day free trial

Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.