BlockThreat - Week 48, 2021
Bitmart | BadgerDAO | MonoX | 0xHabitat | Solana | Bitclout
Welcome to BlockThreat!
The year 2021 is almost over, but we are not even close to being done with hacks, vulnerabilities, and other events in the space! In fact, end of the year is when we traditionally see a spike in criminal activity as bad actors try to catch projects when they are most distracted with holidays and staff vacations.
This week was a tough one. The $200M BitMart exchange compromise was closely followed by BadgerDAO’s $120M. The latter was particularly vicious as it targeted end-users navigating to a backdoored Dapp frontend. Be sure to have a token approval checker bookmarked in case of another similar incident. A highly targeted Gnosis safe backdoor and phishing attack is concerning since a similar compromise of a larger governance protocol could have had much worse consequences. Another concerning trend is the spike in crypto-stealing malware campaigns. Be careful out there and read up on the indicators below.
In the good news bucket, thanks to responsible disclosures Solana and Bitclout fixed critical vulnerabilities that could have put billions at risk. This week also features an extraordinary amount of great blocksec research indicating continued maturity of this space.
Enjoy reading BlockThreat? Help support this project and keep the free edition going by donating in the latest Gitcoin R12 round:
Also, consider becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
I would also really appreciate your feedback on the project and ideas on how I can bring you more value. And with that lets dive into the news!
DailyMail profile of Yevgeniy Polyanin, a wanted affiliate of the REvil ransomware group.
Italian couple arrested for installing cryptomining software on department store computers.
On November 30, 2021 MonoX lost $31M after a price calculation bug was exploited to manipulate the MONO token exchange rate.
On November 30, 2021 0xHabitat team’s Gnosis safe was compromised in a sophisticated phishing attack which led to a covert backdoor. $275K were lost in WETH, DAI, and HBT tokens.
On December 4, 2021 Bitmart hot wallet was compromised which resulted in the loss of $200M worth of various crypto assets across multiple chains. Following the compromise attackers exchanged stolen tokens on 1inch exchange and mixed them using Tornado.Cash.
Bitclout fixed a double spending bug after it was responsibly disclosed by ZenGo researcher.
Solana patched a critical vulnerability in Solana Program Library (SPL) lending contract after it was responsibly disclosed by Neodyme.
Slowmist reports on a vulnerability in the Mdex Xsquid/HT pool in its handling of deflationary tokens.
Cyble malware analysis report on Aberebot 2.0 cryptocurrency and banking malware targets Coinbase, Binance, Bitfinex, and other Android apps.
Red Canary malware analysis report on KMSPico installer spreading Cryptobot crypto stealer samples. The latter targets Ledger, Atomic, Electrum, Monero, and other wallet software.
Trend Micro reports on an ongoing SpyAgent campaign targeting cryptocurrency users to spread RAT payloads.
Fake cryptocurrency wallet phishing campaign rakes in more than $1.3B from unsuspecting users.
A mysterious threat actor is running hundreds of malicious Tor relays by Catalin Cimpanu (The Record).
Anatomy of an MEV Strategy: Synthetix by Robert Miller.
Tenderly App — a Swiss Pocketknife for the Web3 developer by CIA Officer.
SMTChecker, Remix & Dapptools by Leo Alt.
Blockchain Security 101 by Omar Bheda.