BlockThreat - Week 49, 2021
AscendEx | Vulcan Forged | 8ight | Pizza | Solana
Hello friends and welcome back to BlockThreat!
After a brief break from the newsletter, I will be slowly catching up to the current week. Expect not as rich but just as comprehensive editions in the meantime.
My prediction of increased hotwallet compromises toward the end of the year unfortunately came true. AscendEx (aka BitMax) lost almost $78M early in the week. Check out a curious hack of Pizza project on EOS as well as plenty of research articles from this week. On the tool side, Paradigm dropped an excellent Ethereum testing tool called Foundry while Coinbase published a well-tested cryptography library called Kryptology.
News
Critical log4j vulnerability is being actively exploited to install cryptomining malware. The vulnerability requires a permission to modify configuration file limiting its exploitability.
Google Threat Analysis Group (TAG) successfully disrupted Glupteba group known for data and credentials theft, cryptojacking, and using bitcoin blockchain as its command and control channel. Interestingly Google also launched a legal action in parallel with a technical disruption campaign.
Scams
Prime Minister Modi’s twitter account hacked (again) to promote a bitcoin giveaway scam.
BoosterToken rugpulled by injecting malicious code in its frontend.
Scammer Payback - Stealing crypto back from scammers episode where Pierogi helps recover $5000.
The biggest cryptocurrency scams of 2021 by Matt Binder (Mashable).
Hacks
On December 6, 2021 8ight Finance project lost $1.75M after its insecurely stored private keys were compromised.
On December 8, 2021 Pizza DeFi project on EOS suffered an infinite mint exploit resulting in the loss of $5M.
On December 10, 2021 Solana network was hit with a DDoS attack resulting in a significant network slowdown.
On December 11, 2021 AscendEX (former BitMax) exchange suffered a compromise of its hotwallet resulting in the loss of $78M.
On December 12, 2021 Vulcan Forged lost $140M after private keys for 96 of its customers were compromised. The attacker exchanged PYR and other tokens on Uniswap and currently holding assets on Ethereum, Polygon, and BSC networks.
Other Incidents
On December 7, 2021 dYdX exchange front-end briefly went down due to AWS outage exposing the risk of reliance on centralized platforms.
Vulnerabilities
Sorbet Finance performed a selfhack to recover funds after getting alerted to a critical vulnerability by samczsun.
Solana Phantom wallet auto-approve “feature” is getting actively exploited by malicious sites draining users’ funds.
Malware
QNAP issued an advisory about an ongoing cryptominer campaign targeting vulnerable NAS devices.
Ransomware
Kaspersky Security Bulletin - The story of the year: ransomware in the headlines explores current trends in ransomware including increase in more targeted infections.
Cuban ransomware gang targets tribal casinos and other US-based entities.
Research
Mudit Gupta published a sample flashloan demo and a video session.
Is the $6B locked in L2 secure? by Bartek Kiepuszewski explores security of Arbitrum chain.
BlockGC: A Joint Learning Framework for Account Identity Inference on Blockchain with Graph Contrast.
Deep-Dive Analysis of Selfish and Stubborn Mining in Bitcoin and Ethereum.
Just in Time MEV attack on Uniswap v3 with an example attack on Popsicle Finance..
Tools
Kryptology - advanced cryptography library by Coinbase.
Foundry - Ethereum development toolbox by Paradigm.
Premium Content
Indicators
Vulcan Forged Attacker:
ETH: 0x48ad05a3b73c9e7fac5918857687d6a11d2c73b1
ETH: 0x57f20a12ee66201ff706f6284c623bcd6701b45f
ETH: 0x36d017ef00a1024b8046ec11c21ec8bea49eb347
ETH: 0xa435afc08d5bc9e69b484363faab559dc75255cf
ETH: 0x4b6305b8d1e3e845aadbd40648efe7edd0b5f03d
ETH: 0xc1a5d367e338572eb269ede7c96b735ef89efa54
ETH: 0xcdaf552985102863f4708e50d951364a3fe51dc7
ETH: 0x48e569106547fdaa7f35d2788f40e75e9bcb2539
ETH: 0xc4d9b4366e96925b71fb416f7646456aa99472ae