BlockThreat - Week 48, 2022
Ankr | Helio | North Korea | AppleJeus | Overnight
The focus of this week was on the Ankr compromise. It was a particularly nasty combination of an offchain private key hack and an on-chain contract upgrade which resulted in quadrillions of aBNBc tokens minted on BSC. Attackers were particularly nasty by leaving the minting function exposed inviting a barrage of copycat exploiters. Interestingly a group of traders made three times the profit than the original Ankr attackers by exploiting a slow price oracle to borrow $19M worth of Helios stablecoin. As always a complete set of indicators for all of the attackers and copycats are in the premium section below.
North Korea is at it again with a new AppleJeus malware campaig dubbed BloxHolder. Check out the malware section for details. New scammer techniques emerged despite the overall market slowdown.
On the bright side, this edition features a research section full of thrilling blockchain investigations, a new smart contract auditor book, CTF solutions, and state of the art tools. Enjoy!
Anatomy of Front Running Scams by CertiK.
Address Poisoning Attack, A continuing Threat by X-explore.
Be Wary of the TransferFrom Zero Transfer Scam by SlowMist.
On December 1, 2022 CoinTracker’s service provider was compromised which resulted in the theft of customer email addresses and referral codes.
On December 2, 2022 Ankr lost $5M as a result of a private key compromise which was used to upgrade aBNBc contract with a malicious minting function.
On December 2, 2022 Helio lost $19M as a result of a delayed price oracle which allowed traders to borrow stablecoin with worthless aBNBc token.
On December 2, 2022 Overnight Finance lost $175K due to a price oracle manipulation exploit.
88MPH Theft Of Unclaimed MPH Rewards Bugfix Review by Immunefi.
Successful Resolution of xAPIC Vulnerability on Secret Network by Secret Network.
Tellor Issue and Fix by Liquidity.
Accidentally Crashing a Botnet by Akamai.
Tornado Cash Alternatives by Elliptic.
The Auditor Book by Code4rena and Sherlock.
Building Secure Smart Contracts by Trail of Bits now includes Algorand, Cairo, Cosmos, Substrate.
All is Fair in Arb and MEV on Avalanche C-Chain by Daniel D. McKinnon.
Specialized Zero-Knowledge Proof failures by Trail of Bits.
EVM through CTFs by Nazar Ilamanov.
Ethereum Transaction Explorers and Analyzers thread by w1nt3r_eth.
grim-reaper - EVM-based on-chain liquidation bot for Aave V3 built with Huff language.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.