BlockThreat - Week 45, 2023
Poloniex | CoinSpot | Raft | MEV | TheStandard | TrustPad | Mirage | Grok | Stakestone
Multiple exchanges hacked, crypto executives and users kidnapped, MEV bots pillaged, millions stolen from DeFi projects, all the while APT groups are deploying new malware campaigns to target blockchain engineers. It’s been a wild week, but first a quick word about this week’s sponsors.
BlockSec is a well known blockchain security company behind multi-million dollar whitehat recoveries and excellent products such as Phalcon, MetaSleuth, MetaDock. So I am particularly excited about the upcoming release of Phalcon Block. With years of experience analyzing and responding to compromises, I can’t wait to see the impact this tool will have on our industry.
Phalcon Block offers a comprehensive set of tools designed for monitoring, detecting, and responding to web3 compromises. Developed over the course of two years, it has already been utilized to rescue digital assets valued at over $14 million.
What sets this product apart from its competitors is its high signal-to-noise ratio, achieved through a precise attack detection engine and advanced auto-response capabilities — crucial for minimizing losses in a space where exploits can be executed within minutes.
Want to get the word out about your blockchain security related product or company? Consider sponsoring the next edition.
On the exchange side, another asset owned by Justin Sun was hacked. Massive $130m stolen across Ethereum, Bitcoin, Tron, and Ripple networks dwarfing the earlier $8m HTX hack just a few months ago. Interestingly, attackers sent $2.5m worth of GLM tokens to the token contract itself. Comrade Kim is not pleased.
On the DeFi side, this week had 10 incidents for almost $6m in losses. Raft lost $3.3m in an interesting reward manipulation exploit resembling the Euler hack. Just like in the Poloniex hack, the attacker made a mistake and burned most of the stolen loot. Was 4 ETH really worth going to jail for? Use bug bounty programs and sleep well!
MEV bots continue getting pillaged. At least 6 contracts were exploited for more than $2m all due to insufficient function access controls.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
In other news, Yuga Labs gave laser eyes a new meaning by literally burning retina of its ApeFest attendees causing temporary blindness and headaches.
Let’s dive into the news!
Binance executives abducted and forced to send $12.5m USDT. Most of the stolen funds were frozen after the theft.
Critical vulnerability in Atlassian Confluence server is under “mass exploitation”. Projects relying on Confluence should take immediate action.
Oracle Employee Helped Cocaine Dealers Hide $54 Million In Crypto, DOJ Says. He took Breaking Bad cosplay a bit too far.
CFTC 2023 Enforcement Report lists a record number of actions related to crypto fraud including FTX, Binance, Celsius, Avraham Eisenberg, and others.
Ongoing phishing campaign pretending there is a Uniswap exploit.
Friend.tech users phished using malicious bookmarks in a consent form.
DeFi math for auditors by Owen.
Remedy Closed-Beta Invitational Challenge by Hexens.
TSTORE Low Gas Reentrancy by Chainsecurity.
Incorrect TWAP implementations by Chinmay.
DAO Governance DeFi Attacks by Dacian.
Audit Checklists by Decurity. Includes checklists for CDPs, LSDs, and AMMs.
Sync Reth in 6 hours with Snapshots by Merkle.
Ultimate EVM Tracing Reference by Paradigm.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.