Welcome to BlockThreat!

In this rare week of relative quiet (only 4 DeFi hacks), we can finally kick back and enjoy amazing research coming out this week. From samczsun’s lecture in the Media section to Elliptic’s DeFi threat report to Proofpoint’s analysis of the North Korean actors this is the time to sharpen the saw before the next barrage.

From the dodged the bullet department, Github patched a vulnerability that let anyone modify arbitrary NPM packages which is basically every critical web3 project out there. Another great development is brought to you by Prodaft which hacked into Conti ransomware group infra and wrote an all revealing expose on how the ransomware group operates from the inside.

The few hacks that did happen this week follow a familiar patterns such as lack of authentication and validation in critical functions, and forks not paying attention to upstream hacks and getting exploited themselves (tip: subscribe to BlockThreat). One incident that stands out is concerning Celo’s Optics bridge with allegations of an insider taking over a critical contract.

Let’s dive into the news!