Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 48, 2022
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 48, 2022

Ankr | Helio | North Korea | AppleJeus | Overnight

Peter Kacherginsky
Dec 07, 2022
∙ Paid
4

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 48, 2022
Copy link
Facebook
Email
Notes
More
Share

Greetings!

The focus of this week was on the Ankr compromise. It was a particularly nasty combination of an offchain private key hack and an on-chain contract upgrade which resulted in quadrillions of aBNBc tokens minted on BSC. Attackers were particularly nasty by leaving the minting function exposed inviting a barrage of copycat exploiters. Interestingly a group of traders made three times the profit than the original Ankr attackers by exploiting a slow price oracle to borrow $19M worth of Helios stablecoin. As always a complete set of indicators for all of the attackers and copycats are in the premium section below.

North Korea is at it again with a new AppleJeus malware campaig dubbed BloxHolder. Check out the malware section for details. New scammer techniques emerged despite the overall market slowdown.

On the bright side, this edition features a research section full of thrilling blockchain investigations, a new smart contract auditor book, CTF solutions, and state of the art tools. Enjoy!

News

  • Lastpass says hackers accessed customer data in new breach.

  • Coinbase Foils Extortion Attempt, Reinforces Bug Bounty Program.

  • Russian billionaire latest crypto tycoon to die mysteriously.

  • AAX Users Storm Crypto Exchange's Nigerian Offices, Attack Employees.

Crime

  • US Prosecutors Charge 21 Alleged ‘Money Mules’ With Using Crypto to Launder Proceeds of Cybercrimes.

  • London Court Orders Six Crypto Exchanges to Share Client Details to Assist in $10.7M Fraud Case.

  • SIM swapper gets 18-months for involvement in $22 million crypto heist.

Scams

  • Mega Investment Fraud Schemes Pervasive Despite ‘Crypto Winter’ by TRM.

  • Anatomy of Front Running Scams by CertiK.

  • Address Poisoning Attack, A continuing Threat by X-explore.

  • Be Wary of the TransferFrom Zero Transfer Scam by SlowMist.

  • CashRewindo: How to age domains for an investment scam like fine scotch by Confiant.

Hacks

  • On December 1, 2022 CoinTracker’s service provider was compromised which resulted in the theft of customer email addresses and referral codes.

  • On December 2, 2022 Ankr lost $5M as a result of a private key compromise which was used to upgrade aBNBc contract with a malicious minting function.

  • On December 2, 2022 Helio lost $19M as a result of a delayed price oracle which allowed traders to borrow stablecoin with worthless aBNBc token.

  • On December 2, 2022 Overnight Finance lost $175K due to a price oracle manipulation exploit.

Vulnerabilities

  • 88MPH Theft Of Unclaimed MPH Rewards Bugfix Review by Immunefi.

  • Nethermind ModExp Out of Memory Consensus Issue by Iosiro.

  • Successful Resolution of xAPIC Vulnerability on Secret Network by Secret Network.

  • Tellor Issue and Fix by Liquidity.

Malware

  • ₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware by Volexity.

  • Accidentally Crashing a Botnet by Akamai.

Research

  • The Hunt for the Dark Web’s Biggest Kingpin parts 1, 2, 3, 4, 5, 6.

  • Reckless: The Story Of Cryptocurrency Interest Rates chapters 1, 2, 3.

  • Tornado Cash Alternatives by Elliptic.

  • The Auditor Book by Code4rena and Sherlock.

  • Building Secure Smart Contracts by Trail of Bits now includes Algorand, Cairo, Cosmos, Substrate.

  • All is Fair in Arb and MEV on Avalanche C-Chain by Daniel D. McKinnon.

  • The Optimizer’s Guide to Solidity pt. 4 — Binary Size Tricks by Omniscia.

  • Specialized Zero-Knowledge Proof failures by Trail of Bits.

  • Designing Secure Access Control for Smart Contracts by Halborn.

  • EVM through CTFs by Nazar Ilamanov.

  • N1CTF 2022 Solana Challenges Writeups.

  • OpenAI finding Solidity bugs thread by cts.

  • Intro to Smart Contract Audit Series: Phishing With tx.orgin by SlowMist.

  • Why the Moonbeam’s new pre-compile contract can create side-effect on its ecosystem by Haechi.

Tools

  • Ethereum Transaction Explorers and Analyzers thread by w1nt3r_eth.

  • grim-reaper - EVM-based on-chain liquidation bot for Aave V3 built with Huff language.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.


Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More