A relatively quiet week after the never ending stream of hacks last month. However, we still witnessed a couple of really rare exploits giving us a taste of what’s to come. A bad actor compromised GetBlock node infrastructure to demand a ransom. Imagine the damage, censorship and arbitrage one could do when taking over a major node provider. Godwoken Chain patched a really rare EVM bug that could have drained the entire chain. It’s been a long time since 51% attacks. The next wave of blockchain level attacks will likely involve EVM or node level exploitation.

I hope you can enjoy this rare week of no major compromises to catch up on the latest in blocksec research and may be even get some rest with your families and friends.

Enjoy the news!

Events

• ZK Hack III - Nov 22 - Dec 13, 2022

News

• How North Korea became a mastermind of crypto cyber crime.

• Co-Founder of Russia’s Largest Crypto Pyramid Finiko Arrested in UAE.

• Founder of Crypto Exchange Thodex to Be Extradited to Turkey From Albania.

• CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network to install Crypto Miners.

• Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet.

Scams

• Unveiling the KYC Actor Industry by CertiK.

• Reports of an ongoing phishing campaign targeting centralized exchange API keys from Binance, FTX, Skyrex, 3Commas, and others.

• Reports of an ongoing crypto and NFT phishing campaign on Ethereum and Solana chains.

• Another Airdrop Scam, but with a twist by SlowMist.

Hacks

• On November 10, 2022 DFX Finance lost $4M in a reentrancy exploit.

• On November 13, 2022 GetBlock node infrastructure was compromised using a 3rd party dependency.

• On November 15, 2022 SheepFarm lost $72K due to a vulnerability in its registration logic.

• On November 17, 2022 UEarnPool lost $16K due to a reward manipulation vulnerability.

Vulnerabilities

• Oasis fixed a critical vulnerability that could shut down its platform thanks to a responsible disclosure by Or Cyngiser.

• Godwoken Chain fixed a critical vulnerability in its EVM interpreter thanks to a responsible disclosure by Yaron Velner.

• Mina patched a chain-halting vulnerability thanks to a responsible disclosure b y olgerd_py.

• MakerDAO patched an XSS vulnerability in the MIPs Portal thanks to a responsible disclosure.

Research

• Building Secure Contract: Learn how to fuzz like a pro is a 6 part series by Trail of Bits.

• Formally Verifying The World’s Most Popular Smart Contract by Zellic dives into the WETH protocol using Z3 SMT solver.

• You Could Have Found the Nomad Hack by Zellic.

• Hosting an Ethereum CTF Challenge, The Easy Way by Zellic.

• Diligence Security Tooling Guide: What To Use And When.

• Yield aggregators common pitfalls - Beefy case study by MixBytes.

• Deep Dive: Upgradeable Smart Contracts by Aaruni.

• SlowMist Team Knowledge Base.

• Security Practices in Move Development (2): Aptos Coin by BlockSec.

• Decentralized Identity Attack Surface – Part 1 by CyberArk.

• Develop an Ethereum bridge with Rust by Thorrwulf.

• Develop an Ethereum oracle with Rust by Thorrwulf.

Tools

• EVM interpreter in Dafny by ConsenSys.

• Solidity Shell by ConsenSys Diligence.

• Tornado Withdrawal Analysis by SlowMist.

• MegaDock by BlockSec.

• MobyMask - an alliance of good-hearted phish, aiming to eliminate phishers.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

Crypto and NFT Phishing Campaign

Ethereum: 0x51057f6e40f4a77e72774d48b7e78fb4634c7681
Domains: https://pastebin.com/UV9pJN2M