This week a concerning pattern emerged of DeFi projects failing to implement sufficient function access controls and allowing attackers to trigger functionality used to steal funds. Exchange hot wallet compromises are rare. Unfortunately, Deribit fell victim to bad actors who managed to steal whopping $28M from their hotwallets. Are these our North Korean “friends” again? Another rare exploit vector is the infinite mint which also happened this week with $4.3M stolen from a gaming company.

In other news almost half of Solana validators went offline after they were kicked out by a single hosting provider. The event not only halved security of the network but also could have been much more painful if the chain also implemented inactivity slashing like on Ethereum. Let’s hope AWS doesn’t get mad at the largest staking providers Lido and Coinbase.

Scams

• Ethereum Merge Scams: How Scammers Took Advantage of The Ethereum Merge to Make Millions by Chainalysis.

• Fake Airdrops, Fake Wallets and Now Fake Exchange Apps by SlowMist.

• Reports of newly verified Twitter accounts used in crypto scams.

• Twitter verification phishing campaign.

Hacks

• On October 27, 2022 Yearn discovered an actively exploited veCRV Brive V2 reward manipulation logic error.

• On November 1, 2022 Deribit exchange lost $28M in a private key theft incident.

• On November 1, 2022 Solend ended up with $1.26M in bad debt due to a price oracle manipulation attack.

• On November 1, 2022 Skyward Finance lost $3.2M due to insufficient parameter validation.

• On November 1, 2022 Lightning Network stopped mining new blocks after a consensus bug was exploited by a user.

• On November 2, 2022 Rubic’s private keys were stolen which resulted in the theft of $212K in assets

• On November 3, 2022 pNetwork bridge misconfiguration resulted in attackers minting 54B GALA tokens. Attackers were able to get away with $4.3M.

• On November 4, 2022 Loopring L2 chain was targeted with a DDoS attack.

• On November 4, 2022 0xf8f8 contract on BSC lost $100K due to insufficient function access controls.

• On November 4, 2022 Peak DeFi lost $30K due to insufficient function access controls.

• On November 6, 2022 Moo Cake lost $140K due to insufficient function access control and reward manipulation bugs.

• On November 6, 2022 Pando Rings suffered a price oracle manipulation exploit which resulted in the loss of $20M.

Other Incidents

• 40% of Solana validators went offline after they were kicked out by a hosting provider.

Malware

• New Laplas Clipper Distributed Via SmokeLoader report by Cyble.

• Kai Stealer analysis by Harry.eth.

• PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack report by Phylum.

Research

• Reentrancy Attacks on Smart Contracts Distilled by Officer Cia.

• SoK: Not Quite Water Under the Bridge: Review of Cross-Chain Bridge Hacks.

• Detection Of Insider Attacks In Block Chain Network Using The Trusted Two Way Intrusion Detection System.

• Front Running and Sandwich Attack Explained by Quillaudits.

• AntFuzzer: A Grey-Box Fuzzing Framework for EOSIO Smart Contracts.

Tools

• Wallet Connect Impersonator.

• Rustle - static analyzer for NEAR smart contracts.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

Deribit Attackers

Ethereum: 0x8d08aad4b2bac2bb761ac4781cf62468c9ec47b4
Ethereum: 0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd
BTC: bc1q2dequzmk5vk8nmmrata8nq4y0zgqn4vc0n2h8y
BTC: bc1qw5g8lw4kzltpdcraehy2dt6dqda8080xd6vhl4kg4wwsypwerg9s3x6pvk

Brive V2 Attackers

Ethereum: 0xf96da4775776ea43c42795b116c7a6eccd6e71b5

Pando Rings Attackers

Ethereum: 0x8068cba701297ce153c996a53e07d225485d8e94
Ethereum: 0x204d4b8cfbc37382689fc235bba5a349accdb95e
Ethereum: 0x94eaa57d0fee071d0155551ce9df2001a7070f4f
Ethereum: 0xae15c1f351d3a221858deb5751a7f683a80b2132
Bitcoin: bc1qjnsx0sdxksh4w2azwu5ngr8sax46vcu52ljfcx
EOS: entofkdupows