BlockThreat - Week 49, 2022
Lodestar | Minswap | Arbitrum | OnlyFans | Tornado Cash
A relatively quiet week with just a single major exploit for $6.5M with the good ole’ price oracle manipulation exploit. This week also featured a curious transaction ordering exploit on the Cardano network along with an Arbitrum bridge vulnerability reported by tincho. Indicators are in the premium section as always.
Weeks like these are great to decompress a bit and enjoy a wide collection of excellent research papers, trainings, and even a Tornado Cash documentary. Enjoy.
Joseph Van Loon v. Treasury lawsuit has Treasury admitting it lacks sufficient information to respond to the latest complaint.
DEV-0139 launches targeted attacks against the cryptocurrency industry using malicious Excel documents with embedded macros.
BSV Introduces asset confiscation method in its latest fork.
More reports surface of a possible 3commas API key leak.
On-chain analysis of an NFT rug pull involving an OnlyFans model by OKHotshot. Interestingly the subject of the analysis responded with a series of DMCA takedowns against anyone mentioning the scam on Twitter.
On December 6, 2022 Option Room lost $150K likely due to private key compromise.
On December 10, 2022 Minswap detected an ongoing front-running attack exploiting default transaction ordering by hash on Cardano network.
On December 10, 2022 Lodestar lost $6.5M due to a price oracle manipulation vulnerability.
Message traps in the Arbitrum bridge by tincho.
Secureum Bootcamp - RACE #12 Of The Secureum Bootcamp Epoch∞ by patrickd.
The War On Code - Investigating the Tornado Cash Sanctions and the Arrest of Alexey Pertsev
yAcademy - Block IV - ETH TXN Explorer and VSCode Extension by samczsun.
yAcademy - Block IV - Audit like you mean it by tincho.
yAcademy - Block IV - Initiation to Audits by Joran Honig.
The State of Bridge Security with Immunefi & LI.FI.
Hybrid fuzzing: Sharpening the spikes of Echidna by Trail of Bits.
Sybil tools revealing - Good work requires sharp tools by X-explore and WuBlockchain.
Smart Contract Auditing Heuristics by OpenCoreCH.
Learn EVM Attacks exploit collection by coinspect.
Blockchain Security Audit List by 0xNazgul.
Security and Privacy directory by Sov.
Move Audit and Move Prover by Beosin.
Crossing the Bridge by Redefine.
EVM Contract Construction by Tal.
Rust, Realloc, and References by OtterSec.
Accessing Private Data in Smart contracts by QuillAudits.
Smart Contract Security Education Plan by pashov.