It’s never a dull week in crypto! FTX is spiraling out of control with bankruptcy, legal troubles, and now a major compromise. A pattern is emerging with asset issuers quickly blacklisting bad actor’s addresses. Following the FTX hack Tether and Paxos froze $40M. U.S Treasury doubled down on Tornado Cash sanctions by explicitly linking it to North Korea’s nuclear weapons program.

Stay safe out there and let’s dive into the news.

News

• U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud.

• North Korean hackers used new methods to target Israeli crypto.

• New Treasury sanctions link Tornado Cash to North Korea's nuclear weapons program.

• US Sanctions 3 Individuals, Dozens of Bitcoin, Ether and Bitcoin Cash Addresses on Opioid Allegations.

• Bankrupt FTX Faces Criminal Investigation in the Bahamas.

• Desperate FTX customers may have exploited NFT-linked loophole to recover funds before bankruptcy filing.

Scams

• Reports of an ongoing malware campaign targeting Telegram users.

Hacks

• On November 8, 2022 Abracadabra lost $110K in a price oracle manipulation attack.

• On November 9, 2022 brahTOPG lost $90K due to insufficient function parameter validation.

• On November 12, 2022 FTX insider stole $380M from wallets across Ethereum, BSC, Polygon, BSC, Tron, and Solana chains. The events surrounding the compromised resulted in many unfounded rumors such as a malicious mobile app update and a hacked website. FTX responded by moving remaining assets to new cold storage addresses. USDT and PAXG also responded by freezing attacker’s assets.

Other Incidents

• Cryptocom accidentally sent $400M to the wrong address.

• Tokensoft Inc doxed 5,000 users in a misguided effort to deter cheaters.

Vulnerabilities

• Flashbots fixed a DoS in a relay module thanks to a responsible disclosure by Sambacha.

• Bitcoin Optech Responsible Disclosures Database.

Malware

• Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns by Talos.

• The state of cryptojacking in the first three quarters of 2022 by Kaspersky.

• KmsdBot: The Attack and Mine Malware by Akamai.

Research

• Reorg resilience and security in post-SSF LMD-GHOST.

• Does OpenSea Shared Storefront have a backdoor? by William Entriken.

Tools

• Socketscan - bridge transactions explorer.

• Web3 Decoder Burp Suite Extension.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators