BlockThreat - Week 43, 2022
Profanity | FriesDAO | Team Finance | Dappnode | Melody
The Hacktober concludes with another 10 compromises totaling around $20M this week. Of these hacks at least three projects were caused by the weak private keys generated by Profanity. It’s upsetting that these completely preventable hacks already cost millions to the ecosystem. If you ever used Profanity to generate wallet keys, please move your funds as soon as possible.
On the bright side, an FBI double agent was caught accepting bribes in bitcoin mixed with Wasabi wallet which has been oddly experiencing service disruptions lately. A big bust of the Raccoon Stealer developer caught running away from defending Ukraine.
Let’s dive into the news, but first a note from our sponsors at Pocket Universe. I’m pretty excited about the next generation of tools to protect DeFi users so be sure to check out their product:
Pocket Universe protects you from scam transactions in web3. Signing one malicious transaction is all it takes to drain your wallet. Pocket Universe pops up to show you exactly what happens in your transactions before you sign them in your wallet. Join 10,000+ others and get your peace of mind back at
Reports of an ongoing RTKFT phishing campaign which stole $377K.
On October 25, 2022 Melody lost $610K due to a compromise of the offchain signing service.
On October 25, 2022 NoodleSwap reentrancy vulnerability exploited for $29K.
On October 25, 2022 FriesDAO lost $2.3M in a profanity exploit.
On October 26, 2022 ULME lost $50K in a price oracle manipulation attack.
On October 27, 2022 Team Finance lost $15.8M (recovered $7M) in an attack exploiting its pool migration function.
On October 27, 2022 Victor the Fortune lost $58K in a reward manipulation exploit.
On October 27, 2022 UvToken lost $1.5M due to insufficient access controls.
On October 27, 2022 RTFKT airdrop was exploited to bypass claim limit.
On October 29, 2022 Giveth and Dappnode lost $50K in a profanity wallet exploit.
On October 29, 2022 Dappnode lost $300K in yet another profanity wallet exploit.
In-The-Wild: 'it's always a crypto miner!' by OpenPunk.
DAO voting vulnerabilities by Konstantin Nekrasov (MixBytes).
Cruise Blockchain Transaction Explorer by Supremacy.
Monkey Drainer Phishing Campaign
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.