BlockThreat - Week 41, 2023
Platypus | Beluga | BlackHole | Wise Lending
Greetings!
FTX trial continues revealing new levels of fraud and negligence every day. Newly revealed, FTX/Alameda Research’s “move fast and break things” motto cost them $190M+ to easily avoidable security incidents. That’s outside the massive $380M FTX compromise in the midst of bankruptcy now tracked to Russian criminal actors.
Multiple blockchain analytics companies published details on Hamas and other terror groups soliciting crypto donations. Using a permanent, public ledger for terror financing is an excellent way for investigators to trace sources of funds and seize them at the destination which already led to multiple groups to abandon crypto.
Almost $4M were stolen from four DeFi projects all using familiar price oracle and reward manipulation exploit vectors. At least HTX (prev. Huobi) was able to reclaim $8M in stolen assets after paying a 5% ransom.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
Events
Web3 User Security Summit on November 16, 2023.
News
How poor security practices at Alameda Research caused the company to lose hundreds of millions of dollars. The tweet thread by a former engineer, Aditya Baradwaj, lists at least 3 security incidents totaling $190M in losses involving phishing, rugpulls, and even plain text key theft by an alleged insider.
The Flash-Loan-Enabled Sandwich Attack Against Ethereum Foundation's 1.7k ETH Sale and Raked $9.1K.
Post Mortem: Lido on Ethereum Launchnodes Slashing Incident by Lido.
Introducing the World’s First “Coinmarketcap” of Security by De.Fi.
Crime
Sam Bankman-Fried stole customer funds from the beginning of FTX, exchange’s co-founder tells jury.
The $477 million FTX hack: a new blockchain trail by Elliptic tracks stolen assets to Russian crime network.
Hamas-Linked Crypto Accounts Frozen by Israeli Police, With Binance's Help.
In Wake of Attack on Israel, Understanding How Hamas Uses Crypto by TRM.
The Crypto Exchange Moving Money for Criminal Gangs, Rich Russians and a Hamas-Linked Terror Group. The Russia-based Garantex was previously sanctioned for its link to Hydra Market.
Scams
Reports of a phishing campaign targeting friend.tech using malicious bookmarks by SlowMist.
Beware of SIM Card Swap Attacks by SlowMist.
Lucky Star Currency, FSL by Rekt dives into a $2.79 rugpull.
More reports of private keys stored in LastPass getting drained.
Reports of a fake job challenge campaign targeting crypto users on Discord.
Malware
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts by Guardio.
ERC 20 Bridge Security by Ethereum Engineering Group.
Media
The EVM and Smart Contract Internals by Jonathan Becker (OpenSense).
Advanced Fuzzing Techniques: An eBTC Case Study by Antonio Viggiano (Spearbit).
Research
Blockchain Oracles: Their Importance, Types, And Vulnerabilities by Malanii Oleh and Lavrenenko Viktor (Hacken).
EVM Mastery - A curated list of resources to internalize EVM by Quillhash.
CSPRNGs: How to Properly Generate Random Numbers by BaarkingDog (Zellic).
Balancer Rounding Error Bugfix Review by Immunefi.
Sui Temporary Total Network Shutdown Bugfix Review by Immunefi.
Not Your Stdout Bug - RCE in Cosmos SDK by Strikeout.
Mapping the DeFi Crime Landscape: An Evidence-based Picture.
Tikuna: An Ethereum Blockchain Network Security Monitoring System.
Better Safe than Sorry: Recovering after Adversarial Majority.
Tools
Callthis - build a transaction and send it as a link for someone else to execute.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Premium Content
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.