Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 47, 2022
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 47, 2022

AAVE | Bo Shen | Coinsquare | Infura | Argent

Peter Kacherginsky
Dec 02, 2022
∙ Paid
2

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 47, 2022
Copy link
Facebook
Email
Notes
More
Share

Dear readers,

This week we have witnessed a rare and devastating individual wallet hack exceeding $42M. Please split up large wallets and store funds with a trusted custodian. Speaking of wallets, Infura (default Metamask RPC provider) released an updated privacy policy noting that it collects wallet and IP addresses. Uniswap issued a similar notice the same week. For privacy conscious folks it should be obvious that anything that happens in the web2 world is trackable so spin up those nodes and check out a few private RPC options in the tools section below.

Coinsquare exchange compromises continues the trend of attackers targeting customer PII rather than hot wallets. Avi Eisenberg was at it again trying to short squeeze CRV which left AAVE with a small bad debt position. This week we also witnessed a few smaller <$20K+ DeFi exploits which are interesting to watch for the earliest indicators of bad actors practicing their craft before a larger exploit.

Let’s dive into the news!

News

  • Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat.

  • Tornado Cash Developer Alexey Pertsev to Remain in Jail Until at Least Late February.

  • Infura Collecting MetaMask Users' IP, Ethereum Addresses After Privacy Policy Update.

  • Uniswap's new privacy policy says it collects data tied to user wallets.

  • 10,000 BTC moves off crypto wallet linked to Mt. Gox hack.

  • Polkadot’s Anti-Scam Initiatives.

Crime

  • U.S. govt seizes domains used in 'pig butchering' scams.

  • Two Estonian Citizens Arrested in $575 Million Cryptocurrency Fraud and Money Laundering Scheme.

  • UK’s 'biggest ever' scam leads to 100 arrests after police track bitcoin records.

Scams

  • Chinese mafia forcing Filipinos to work for crypto scams, says Philippine Senator.

  • FTX Founder Deepfake Offers Refund to Victims in Verified Twitter Account Scam.

Hacks

  • On November 19, 2022 Coinsquare Exchange experienced a breach where customer PII including names, wallet addresses, and balances were exposed.

  • On November 20, 2022 SportsDAO lost $13.6K due to a reward manipulation exploit.

  • On November 22, 2022 Mango Market attacker CRV price manipulation attempt left AAVE with $1.6M in bad debt but ultimately ended up at a loss. AAVE and Compound implemented defensive measures to prevent similar attacks.

  • On November 22, 2022 Bo Shen lost $42M from his private wallet likely due to mnemonic phrase theft.

  • On November 23, 2022 Numbers Protocol lost $13.8K due to mishandling of tokens with a missing permit interface.

Vulnerabilities

  • Velas patched an infinite mint vulnerability thanks to a responsible disclosure by Oren Yomtov.

  • Argent patched a really bad account draining vulnerability in its wallet software and contracts thanks to a responsible disclosure by Yoav Gaziel.

  • Aptos patched an integer overflow vulnerability in Movevm thanks to a responsible disclosure by Numen Cyber Labs.

  • My Pelerin patched a bridge draining vulnerability thanks to a responsible disclosure by an anonymous whitehat.

Malware

  • Cryptojacking malware soars nearly 4x in Q3 2022 by AtlasVPN.

  • ViperSoftX: Hiding in System Logs and Spreading VenomSoftX by Avast.

Media

  • Lex Fridman Podcast #340 – Chris Tarbell: FBI Agent Who Took Down Silk Road.

  • Ethereum Engineering Group - Security of Crosschain Transactions and Bridges.

Research

  • Solana Introductory Security Considerations by Haechi.

  • Security Guide to Proxies by yAcademy.

  • Rugging ERC20 Allowances via Permit2.

  • Solidity Tutorial: All About Calldata by Jean Cvllr part of Solidity Tutorial series covering memory, storage, and other core solidity concepts.

  • Security of Algorithmic Stablecoins by Konstantin Nekrasov.

  • Access Control Vulnerability in DeFi by QuillAudits.

  • The Insecure External Calls by TriathonLab.

  • The Cost of Resilience by Flashbots.

  • Sample sandwich attack analysis by Spreek.

Tools

  • RolodETH - an open-source database of Ethereum addresses with names, tags, and more.

  • Etherscan Labels - Scrapes labels from etherscan website and stores into JSON/CSV.

  • Breadcrumbs Browser Extension - labs and tracks Ethereum addresses.

  • Helios - a fully trustless, efficient, and portable Ethereum light client written in Rust.

  • SecureRpc - a bare-metal, fully conformant JSON-RPC/gRPC Infrastructure plane that aims to perform well, resist censorship, preserve privacy, flashbots compatible, and others.

  • 1inch RabbitHole - another private RPC node that avoids public mempool.

  • Loadbalanceeeer - a local JSON-RPC load-balancer with opt-in anonymizer via Tor.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

Bo Shen Attackers

Ethereum: 0x24b93eed37e6ffe948a9bdf365d750b52adcbc2e
Ethereum: 0x4ac9ca41efe0ea19b8f3493a91d8a5f706e1e8f9
Ethereum: 0x66f62574ab04989737228d18c3624f7fc1edae14
Bitcoin: 1ECNeZyiHgqJmv42i3pkWY48xiXy7KukTG
Bitcoin: bc1qg3mnvn8saea50js7nzkhm8k054mpwqmcuq3de5
Tron: TJLBmmUb5TcFFXTLzuuaKU96uTg5Sjn1yD

Keep reading with a 7-day free trial

Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2024 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More