Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 42, 2022
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 42, 2022

3Comma | Moola | BitKeep | Layer2DAO | BitBTC | QiDAO

Peter Kacherginsky
Nov 03, 2022
∙ Paid
4

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 42, 2022
Copy link
Facebook
Email
Notes
More
Share

About $10M lost from hacks and $6M from phishing attacks in another wild week in blockchain security. What’s staggering is not only the amount of incidents, but their variety ranging from the more common DeFi and social media compromises to blockchain level and unique inflated gas reward manipulation attacks.

On the bright side, multiple hacking victims returned most of their stolen assets by negotiating with attackers for a forced “bounty” payment or just a promise not to prosecute. Law enforcement is also not sleeping with multiple indictments, arrests, and sentencing all happening this week.

Be safe out there! Oh and be sure to check out amazing security resources dropped this week in the research and media sections.

News

  • Retail investors become vigilantes in hunt for crypto’s most wanted man who continues giving interviews even on the run.

Crime

  • Two Men Sentenced for Nationwide Scheme to Steal Social Media Accounts and Cryptocurrency.

  • U.S. sues crypto 'mixer' to recover $60 million government penalty.

  • US Charges Russians, Venezuelans for Sanctions Evasion Using Cryptocurrency.

  • Interpol Team Based in Singapore to Help Countries Combat Crypto Crime.

  • Interpol Launches 'First-Ever Metaverse' Designed for Global Law Enforcement.

Scams

  • Crypto Scammers Are Often Victims Too a horrific look inside crypto scam centers in Cambodia.

  • SlowMist: “Blank Check” eth_sign Phishing Analysis by Slowmist.

  • Multiple FTX users lost $6M through a 3Commas phishing site.

Hacks

  • On October 16, 2022 LiveArtX lost $39K in NFTs due to a private key compromise.

  • On October 17, 2022 BSV network was under a DoS attack by a miner producing empty blocks preventing finalization of new transactions.

  • On October 17, 2022 PLTD lost $24K in a price oracle manipulation attack.

  • On October 17, 2022 BitKeep lost $1M due to insufficient function access controls.

  • On October 18, 2022 BitBTC prevented the theft of newly minted assets thanks to a user report on twitter.

  • On October 18, 2022 Moola Market lost $8.4M (recovered $7.8M) in a price oracle manipulation attack.

  • On October 19, 2022 Ethereum Alarm Clock lost $260K in a reward manipulation attack by an attacker using inflated gas fees.

  • On October 21, 2022 OlympusDAO lost and later recovered $292K due to an insufficient function parameter validation flaw.

  • On October 21, 2022 Gateio Twitter account was compromised to promote a an eth_sign phishing website.

  • On October 22, 2022 Layer2DAO lost $400K (recovered $312K) in a wild exploit involving uninitialized contracts, cross-chain liquidity crunches, and eventual buy back of stolen tokens at a reduced price.

  • On October 23, 2022 QiDAO lost $188K in a price oracle manipulation attack due to a read-only reentrancy vulnerability.

Vulnerabilities

  • Timeless Finance patched a funds theft vulnerability thanks to a responsible disclosure by Riley Holterhus.

  • ALTAVA patched a flaw in their airdrop strategy thanks to a responsible disclosure by Riley Holterhus.

Malware

  • ERMAC Android Banking Trojan Analysis report by Cyble on a campaign targeting cryptocurrency users.

  • Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability report by Fortinet discusses a cryptominer campaign.

Media

  • DevCoin 6 - Security Track Talks.

Research

  • Web3 Security Library by Immunefi.

  • DeFi Hacks Analysis - Root Cause database by SunSec.

  • Practical Guide into Analyzing MEV in the Proof-of-Stake Era by Toni Wahrstätter.

Tools

  • Tornado Warning


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.


Premium Content

Indicators

OlympusDAO Attackers

Ethereum: 0x443cf223e209e5a2c08114a2501d8f0f9ec7d9be

QiDAO Attackers

Ethereum: 0x4206d62305d2815494dcdb759c4e32fca1d181a0
Polygon: 0x4206d62305d2815494dcdb759c4e32fca1d181a0
BSC: 0xe3671a41c44f50048e60939df3d26704c9652d9d
Polygon: 0xe3671a41c44f50048e60939df3d26704c9652d9d

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More