Happy Halloween!
LastPass users who once stored their mnemonic passphrases in the password managers continue getting drained following the August, 2022 compromise. More than $4.4m were stolen in a single day according to ZachXBT and Tay. The total stolen amount is constantly growing as more victims are coming forward.
An interesting trend is developing in DeFi security space where MEV bots are reverse engineered and exploited. In the case of MaestroBot compromise it was a classic security by obscurity with an unauthenticated and unchecked arbitrary call execution made accessible to the public.
On the more positive note, there was a lot of whitehat activity ranging from SEAL team volunteering tabletop exercises for DeFi projects, recovery of multiple vulnerable account abstraction wallets, evil MEV bot backrunning, and plenty of bug bounty reports. Hurray to the blockchain security heroes! You are the reason billions will be using crypto without the fear of hacks and scams.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
News
SEAL Drills program helps DeFi projects practice incident response scenarios. Compound and Yearn had IR practice runs so far.
They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird by Andy Greenberg (Wired).
SIM Swappers Are Working Directly with Ransomware Gangs Now by Joseph Cox (404 Media).
This Cybersecurity Pro Gets Paid to Hack Ethereum – for the Good of the Network featuring David Theodore (Ethereum Foundation).
Scott Purcell resigns as Fortress Trust CEO after Ripple sale collapse following the $15M hack back in September.
CipherBlade Founder Says Blockchain Sleuthing Firm 'Hijacked'.
Protecting Web3 - 2023 Q3 Security Insights by Hacken.
Crime
Setting the record straight on crypto crowdfunding by Hamas by Elliptic.
US Lawmakers Ask DOJ to Consider Criminal Charges Against Binance and Tether based on allegation of facilitating terrorist financing.
Hacker Denis Katana Helped Russian Crime Boss Launder Money With Bitcoin, Says Spanish Judge.
SIT conducts searches at 41 locations in Himachal in cryptocurrency scam which also had over 1,000 Indian police caught up.
FBI Charges 6 for Allegedly Running $30M Money Transmitting Business Using Crypto.
Scams
Hardware wallet users rattled by rise in phishing emails pointing to fake Tezor website.
Scammers create Blockworks clone site to drain crypto wallets.
Scammers steal Cryptopunk 1705 from Julien Bouteloup (Rekt) in an Earn Airdrop phishing scam.
Malware
CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys by Unit 42.
StripedFly: Perennially flying under the radar by Kaspersky.
Media
ETHOnline 2023 - Security Summit - Why Crypto Security Matters with Jack Sanford (Sherlock).
ETHOnline 2023 - Security Summit - Live Audit with Patrick Collins (Cyfrin).
ETHOnline 2023 - Security Summit - Formal Verification with DeFi with Sameer Arora.
ETHOnline 2023 - Security Summit - Securing Zero-Knowledge Implementations: A Guide to Identifying Vulnerabilities with Petr and Lev (Oxor)
ETHOnline 2023 - Security Summit - Why DevSecOps is Essential to Blockchain Security with Samridh Saluja.
ETHOnline 2023 - Security Summit - Striking the Balance Between Innovation and Safety in Crypto with Maika Isogawa.
ETHOnline 2023 - Security Summit - Securing Validating Bridges with Toghrul Maharramov.
Scraping Bits - Building A Thriving Solo Smart Contract Auditing Brand - Ft Bytes032
Oracle Manipulation | Web3 Security 101 by Owen Thurm.
Research
Fireblocks researchers uncover first Account Abstraction wallet vulnerability. Kudos to Oren Yomtov for savings users’ funds.
How I saved 66 ETH from a potential MEV bot theft by yannickcrypto.
A Deep Dive into our Storage Layout Extractor by Tal (smlXL).
OWASP Smart Contract Top 10 by AnonX.
SlowMist Learning Roadmap for Becoming a Smart Contract Auditor.
MEV zero to hero thread by Smacaud.
A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool — Part 2 by Antonio Viggiano (Oak Security).
How does the implementation of Flash Loans in Solidity differ from that in Move and Rust? by Beosin.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Premium Content
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.