BlockThreat - Week 47, 2022
AAVE | Bo Shen | Coinsquare | Infura | Argent
Coinsquare exchange compromises continues the trend of attackers targeting customer PII rather than hot wallets. Avi Eisenberg was at it again trying to short squeeze CRV which left AAVE with a small bad debt position. This week we also witnessed a few smaller <$20K+ DeFi exploits which are interesting to watch for the earliest indicators of bad actors practicing their craft before a larger exploit.
Let’s dive into the news!
Attackers bypass Coinbase and MetaMask 2FA via TeamViewer, fake support chat.
Tornado Cash Developer Alexey Pertsev to Remain in Jail Until at Least Late February.
Two Estonian Citizens Arrested in $575 Million Cryptocurrency Fraud and Money Laundering Scheme.
UK’s 'biggest ever' scam leads to 100 arrests after police track bitcoin records.
Chinese mafia forcing Filipinos to work for crypto scams, says Philippine Senator.
FTX Founder Deepfake Offers Refund to Victims in Verified Twitter Account Scam.
On November 19, 2022 Coinsquare Exchange experienced a breach where customer PII including names, wallet addresses, and balances were exposed.
On November 20, 2022 SportsDAO lost $13.6K due to a reward manipulation exploit.
On November 22, 2022 Mango Market attacker CRV price manipulation attempt left AAVE with $1.6M in bad debt but ultimately ended up at a loss. AAVE and Compound implemented defensive measures to prevent similar attacks.
On November 22, 2022 Bo Shen lost $42M from his private wallet likely due to mnemonic phrase theft.
On November 23, 2022 Numbers Protocol lost $13.8K due to mishandling of tokens with a missing permit interface.
Velas patched an infinite mint vulnerability thanks to a responsible disclosure by Oren Yomtov.
Argent patched a really bad account draining vulnerability in its wallet software and contracts thanks to a responsible disclosure by Yoav Gaziel.
Aptos patched an integer overflow vulnerability in Movevm thanks to a responsible disclosure by Numen Cyber Labs.
My Pelerin patched a bridge draining vulnerability thanks to a responsible disclosure by an anonymous whitehat.
Cryptojacking malware soars nearly 4x in Q3 2022 by AtlasVPN.
ViperSoftX: Hiding in System Logs and Spreading VenomSoftX by Avast.
Lex Fridman Podcast #340 – Chris Tarbell: FBI Agent Who Took Down Silk Road.
Ethereum Engineering Group - Security of Crosschain Transactions and Bridges.
Solana Introductory Security Considerations by Haechi.
Security Guide to Proxies by yAcademy.
Solidity Tutorial: All About Calldata by Jean Cvllr part of Solidity Tutorial series covering memory, storage, and other core solidity concepts.
Security of Algorithmic Stablecoins by Konstantin Nekrasov.
Access Control Vulnerability in DeFi by QuillAudits.
The Insecure External Calls by TriathonLab.
The Cost of Resilience by Flashbots.
Sample sandwich attack analysis by Spreek.
RolodETH - an open-source database of Ethereum addresses with names, tags, and more.
Etherscan Labels - Scrapes labels from etherscan website and stores into JSON/CSV.
Breadcrumbs Browser Extension - labs and tracks Ethereum addresses.
Helios - a fully trustless, efficient, and portable Ethereum light client written in Rust.
SecureRpc - a bare-metal, fully conformant JSON-RPC/gRPC Infrastructure plane that aims to perform well, resist censorship, preserve privacy, flashbots compatible, and others.
1inch RabbitHole - another private RPC node that avoids public mempool.
Loadbalanceeeer - a local JSON-RPC load-balancer with opt-in anonymizer via Tor.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Bo Shen Attackers
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.