Greetings!

A much-deserved peaceful week before we all meet at the upcoming DeFi Security Summit and Devcon in Bangkok! I’ll have a busy schedule with two talks and a panel on the following days:

November 8th - 13:10 - The State of DeFi Security - 2024 Edition. A brain dump of all of my observations and trends from 2024. You will learn how most DeFi projects get hacked, by who, and what we can do about it.

November 9th - 13:35 - Web3 Security: Revolution or Evolution of Web2 Security Principles? Should be a fantastic panel with Mehdi, Mudit, Anto and myself moderated by Rajeev.

November 15th - 09:45 - Defcon at Devcon: A tabletop experience. A 2 hour workshop where I will be partnering with my colleague Heidi Wilder from Unit 0x to simulate a tabletop exercise to better prepare our devs for one of the worst case scenarios a project may face.

I hope you can all stop by. Now, if only bad actors could take a break for a few days so I wouldn’t have to constantly update my stats!

Speaking of bad actors, only one major compromise this week of an unknown contract on Base for $1M due to using live price data from SUI market — oops.

Phishing attacks hit a new high, with $20M stolen from a U.S. government wallet containing funds seized from the Bitfinex hack. Fortunately, all funds were returned less than 24 hours later after the attacker decided not to mess with someone who has unlimited resources to hunt them down.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news and hope to see you all soon!

Events

• DeFi Security Summit 2024 - November 7-9 in Bangkok, Thailand.

• SEALnet War Room Games by Security Alliance & Tenderly. The competition is built using the newly released SEALnet virtual testnet environment.

• ETH Escape - Speed Hacking Challenge by Immunefi x Ethereum Foundation at DevCon 2024 BKK. $50K prize pool.

News

• Nigeria releases American crypto executive after dropping money laundering case. It took intervention from the White House to secure Tigran’s release on humanitarian grounds.

• Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts by Andy Greenberg (Wired).

• Infiltrating Cosmos by Rekt. An in-depth look at North Korean IT workers building Cosmos infrastructure.

• SEAL-ISAC exposes North Korean operatives posing as IT workers.

• North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft.

Crime

• Meet Yicong Wang (王逸聪), a Chinese OTC trader who has helped Lazarus Group convert tens of millions of stolen crypto to cash from various hacks via bank transfers since 2022 by ZachXBT.

• Federal Investigators Probe Cryptocurrency Firm Tether.

• Jailed crypto scammers blew stolen funds on shark tank, hookers.

• Ex CEO of crypto exchange Mine Digital charged with fraud.

• Pump.fun Attacker Seeks to Withdraw Guilty Plea as Lawyers Quit Case.

• Lawsuit: Schwab, BofA Failed to Protect Older Couple Scammed Out of $18.5M.

• Kidnapped for crypto: 4 men flew from Florida to Portland, tied a man to a post before stealing his cryptocurrency, feds say.

• Homeowner fails to sue insurer over $170K crypto theft in appeals court.

Phishing

• Approximately $20 million in crypto likely stolen from US government, sleuths Arkham and ZachXBT say. All of the funds were returned the next day.

• A victim lost $705.6K after approving a malicious contract on AVAX by Cyvers.

• KeystoneWallet's X has been compromised and posted a phishing link by PeckShield.

• Cloudflare helped shut down Inferno drainer C2 infrastructure.

• Pop Punk became the first became first to lose $110K on ApeChain.

Scams

• Reversing a Web3 Scam via Dynamic Analysis and Deobfuscation by Ching367436.

• Russian ‘Queen Of Crypto’ stole $22M in scam to fund Ukrainian army.

• New Crypto Scam in Town: Point Running by Neftune Security. In this scam victims are paid to transfer dirty funds through their legitimate accounts.

• Memecoin farmer tacticts by Pix.

• Solana Meme Coin Sharpei Plunges 96% in Seconds in Epic Rug Pull.

Malware

• The Crypto Game of Lazarus APT: Investors vs. Zero-days by Kaspersky.

• Bored BeaverTail Yacht Club – A Lazarus Lure by Esentire Threat Response Unit.

• Cybersecurity Expert Warns of Stealers Exploiting Popular macOS Apps by Kseniia Yamburh (MacPaw).

• More AppleScript Malware via Web3 Game Rune/Rise Online by alp1n3.

• Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys by Phylum.

• Attackers Target Exposed Docker Remote API Servers With perfctl Malware by Trend Micro.

• Unmasking Prometei: A Deep Dive Into Our MXDR Findings by Trend Micro.

• TeamTNT’s Docker Gatling Gun Campaign by Aqua.

• New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion by Halcyon.

• Fake Curve Finance app scams users, tops global finance charts.

Media

• How to Make It In Web3 Auditing Contests w. Holydevoti0n by JohnnyTime.

• Preventing Web3 Hacks with Mutation Testing by JohnnyTime.

Contests

• Test Your Solidity and EVM Skills: Solve CTF Challenge (Full Walkthrough) by Hacken.

• Announcing the Winners of the Underhanded Solidity Contest 2024. Congrats Gerard Persoon!

Research

• CVE-2024-48930: secp256k1-node allows private key extraction.

• Variant Analysis & Glider Tool by Vladimir (Officer’s Blog).

• BRC20 Pinning Attack.

• Vulnerability anti-patterns in Solidity: Increasing smart contracts security by reducing false alarms.

• 7 Tips To Transition from Cybersecurity to Blockchain Security Researcher by Cyfrin.

• How EVM Function Calls Work by LearnEVM.

• Modern DEX-es, how they're made: Uniswap V4 by Sergey Boogerwooger, Dmitry Zakharov (MixBytes).

• Common Vulnerabilities: Protocol Governance and DAOs - Smart Contracts by Kree Dotcom (Sigma Prime).

Tools

• Multisig transaction verification script by pcaversaccio. The script was built to make hacks like Radiant Capital harder.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content