Blockchain Threat Intelligence

Share this post
BlockThreat - Week 48, 2021
newsletter.blockthreat.io

BlockThreat - Week 48, 2021

Bitmart | BadgerDAO | MonoX | 0xHabitat | Solana | Bitclout

Peter Kacherginsky
Dec 8, 2021
Comment
Share

Welcome to BlockThreat!

The year 2021 is almost over, but we are not even close to being done with hacks, vulnerabilities, and other events in the space! In fact, end of the year is when we traditionally see a spike in criminal activity as bad actors try to catch projects when they are most distracted with holidays and staff vacations.

This week was a tough one. The $200M BitMart exchange compromise was closely followed by BadgerDAO’s $120M. The latter was particularly vicious as it targeted end-users navigating to a backdoored Dapp frontend. Be sure to have a token approval checker bookmarked in case of another similar incident. A highly targeted Gnosis safe backdoor and phishing attack is concerning since a similar compromise of a larger governance protocol could have had much worse consequences. Another concerning trend is the spike in crypto-stealing malware campaigns. Be careful out there and read up on the indicators below.

In the good news bucket, thanks to responsible disclosures Solana and Bitclout fixed critical vulnerabilities that could have put billions at risk. This week also features an extraordinary amount of great blocksec research indicating continued maturity of this space.


Enjoy reading BlockThreat? Help support this project and keep the free edition going by donating in the latest Gitcoin R12 round:

Build and Fund the Open Web Together | Gitcoin
BlockThreat Gitcoin R12 Grant

Also, consider becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.


I would also really appreciate your feedback on the project and ideas on how I can bring you more value. And with that lets dive into the news!

Crime

  • DailyMail profile of Yevgeniy Polyanin, a wanted affiliate of the REvil ransomware group.

  • FBI seized $2.3M in Bitcoin from affiliate of REvil, Gandcrab ransomware gangs.

  • Italian couple arrested for installing cryptomining software on department store computers.

Hacks

  • On November 30, 2021 MonoX lost $31M after a price calculation bug was exploited to manipulate the MONO token exchange rate.

  • On November 30, 2021 0xHabitat team’s Gnosis safe was compromised in a sophisticated phishing attack which led to a covert backdoor. $275K were lost in WETH, DAI, and HBT tokens.

  • On December 2, 2021 BadgerDAO’s Cloudflare account was compromise allowed attackers to inject malicious JavaScript snippet requesting token approvals. As a result, more than $120M in users’ funds were stolen after visiting the compromised website with one account losing $50M in a single transaction.

  • On December 4, 2021 Bitmart hot wallet was compromised which resulted in the loss of $200M worth of various crypto assets across multiple chains. Following the compromise attackers exchanged stolen tokens on 1inch exchange and mixed them using Tornado.Cash.

Vulnerabilities

  • Bitclout fixed a double spending bug after it was responsibly disclosed by ZenGo researcher.

  • Solana patched a critical vulnerability in Solana Program Library (SPL) lending contract after it was responsibly disclosed by Neodyme.

  • Slowmist reports on a vulnerability in the Mdex Xsquid/HT pool in its handling of deflationary tokens.

Malware

  • Cyble malware analysis report on Aberebot 2.0 cryptocurrency and banking malware targets Coinbase, Binance, Bitfinex, and other Android apps.

  • Red Canary malware analysis report on KMSPico installer spreading Cryptobot crypto stealer samples. The latter targets Ledger, Atomic, Electrum, Monero, and other wallet software.

  • Trend Micro reports on an ongoing SpyAgent campaign targeting cryptocurrency users to spread RAT payloads.

  • Fake cryptocurrency wallet phishing campaign rakes in more than $1.3B from unsuspecting users.

Research

  • Building EVM Codes - An interactive reference to Ethereum Virtual Machine Opcodes by Tair Asim.

  • TEGDetector: A Phishing Detector that Knows Evolving Transaction Behaviors.

  • Diving Into Blockchain’s Weaknesses: An Empirical Study of Blockchain System Vulnerabilities.

  • A Blockchain-Enabled Incentivised Framework for Cyber Threat Intelligence Sharing in ICS.

  • Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain.

  • Smart Contract Programmer - Damn Vulnerable DeFi video solutions.

  • A mysterious threat actor is running hundreds of malicious Tor relays by Catalin Cimpanu (The Record).

  • Solana Security Workshop by Neodyme and solutions by Christoph Michel.

  • Anatomy of an MEV Strategy: Synthetix by Robert Miller.

  • Tenderly App — a Swiss Pocketknife for the Web3 developer by CIA Officer.

  • SMTChecker, Remix & Dapptools by Leo Alt.

  • Blockchain Security 101 by Omar Bheda.

Premium Content

Indicators


BadgerDAO Attacker:
ETH: 0x38b8f6af1d55caa0676f1cbb33b344d8122535c2
ETH: 0x15ccc4ab2cfdb27fc4818bf481f7ed0352d8c6b3

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2022 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing