Blockchain Threat Intelligence

Share this post
BlockThreat - Week 47, 2021
newsletter.blockthreat.io

BlockThreat - Week 47, 2021

Wanaka | Unlock | Olympus | Ploutoz | Level | dYdX | Wolf | Snowdog

Peter Kacherginsky
Dec 1, 2021
Comment
Share

Welcome to BlockThreat!

What a crazy week. Seven different DeFi incidents with more than $13M lost to hacks, samczsun helps rescue another project, $10M+ rugpulls, malware campaigns targeting the crypto ecosystem, all the while multi-million databases of PII continue getting leaked to further fuel the phishing machine. In other news, Kazakhstan’s power grid is in trouble after a rapid increase in crypto mining operations. Let’s dive right in, but first be sure to check out Donjon CTF which is kicking off tonight!

News

  • Google CAT published a Threat Horizons intelligence report revealing the latest in phishing and other malicious campaigns including increased use of compromised Google Cloud for cryptomining.

  • GoDaddy reported a breach leaking sFTP credentials, usernames, and passwords for 1.2M WordPress customers. The hack affects a number of hosting resellers such as tsoHost, Media Template, and others.

  • Safe thieves offered a $500K reward to return a safe with locked cryptocurrency keys.

Challenges

  • Donjon 2021 CTF starts on November 30th.

  • The Standoff Digital Art competition involving vulnerable NFT contracts and solutions.

Scams

  • Phantom Galaxies fell victim to another Discord channel takeover which cost its customers $1.1M lost to a fake airdrop.

  • SnowdogDAO rugpull netted scammers $10M profit using a buyback scheme and a custom AMM contract. Snowdog developers called it a game theory experiment.

  • How Cybercriminals Trick You Into Giving Up Your Crypto by Immunefi.

Hacks

  • On November 11, 2021 Wanaka Farm lost $1m as a result of a race condition with a backend API.

  • On November 21, 2021 Formation Finance lost $100K as a result of insufficient validation of the fee parameter.

  • On November 21, 2021 Unlock Protocol lost $9.7M worth of UDT after a private key compromise used on xDAI and Polygon networks.

  • On November 22, 2021 OlympusDAO lost $1.43M as a result of a vulnerability in its bond contract.

  • On November 23, 2021 Ploutoz Finance was exploited with an oracle price manipulation exploit which resulted in the theft of $365K worth of tokens.

  • On November 26, 2021 Lever Network lost $650K due to insufficient checks in liability calculation.

  • On November 27, 2021 dYdX performed a self hack with the help of samczsun to rescue potentially vulnerable funds.

Vulnerabilities

  • Enzyme Finance patched a critical price oracle manipulation vulnerability after it was responsibly disclosed by setuid0 using Immunefi platform.

  • Wolf Game NFT patched reentrancy and weak PRNG vulnerabilities after responsible disclosure by notstoops and analysis from Bernhard Mueller.

  • Geth published details of the CVE-2021-41173 DoS vulnerability which could crash the node using a specially crafted message.

Malware

  • Morphisec report on Babadeda malware targeting Crypto, DeFi, and NFT communities primarily through Discord phishing campaigns and typosquatting domains.

Research

  • Inside the DOJ Crackdown on DarkSide & REvil / Sodinokibi Ransomware Crime Groups by LMG Security.

  • Ethereum analytics with BigQuery by Nick Johnson.

  • The Solcurity Standard for smart contract auditing by transmissions11.

  • Secureum Epoch0 Bootcamp for Smart Contract Auditing mindmap.

  • Price Manipulation Attacks From First Principles with Tincho.

  • Understanding Security Issues in the NFT Ecosystem.

  • Machine Learning Guided Cross-Contract Fuzzing.

  • Storage slot discovery technique by banteg.

  • Debugging with dapptools and local nodes by Matt Solomon.

Premium Content

Indicators

Wanaka Farm Attacker:
BSC: 0x1f7234eabcb85242f15e3fd8962b70a4caf92b4c
BSC: 0xb23067D4660f0E2de2978dc8Bda1432986709554

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2022 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing