BlockThreat - Week 49, 2023
HXA | KyberSwap | Time | Thirdweb | Bearn DAO | Elephant Money | Venus
Thirdweb disclosed a critical vulnerability in libraries implementing ERC2771 and Multicall that allowed one to impersonate msgSender which effectively breaks every access control check out there. Coinbase NFT, OpenSea and many other projects were vulnerable. It only took a few days for multiple attackers to weaponize this novel attack vector and start targeting vulnerable projects starting with the $190K compromise of Time. However, the prize for the most stolen goes to the KyberSwap exploiter who managed to retrieve $186M worth of HXA coins from the 0xdead address. We should expect to see a spike in similar hacks now that both details of the vulnerability and exploit PoCs are publicly available.
Bearn DAO, Elephant Money, and Venus Protocol were also exploited with more traditional price oracle related issues with total losses exceeding $1.2M.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
Let’s dive into the news!
Bitcoin inscriptions added to the National Vulnerability Database.
Hack Hauls Halve From 2022 by TRM.
Crypto Loses in November 2023 by Immunefi.
Fake MEV bot scam solicited $1.2M from investors.
Plenty of Phish by Rekt.
Blaz CTF 2023 Writeup by Kaiziron.
Curve Finance - Hacked! by Junion.
SmartSecHub - Your Gateway to Collective Security Wisdom.
Report on Certik’s Aptos-Related Bug Bounty by Wormhole.
Finding a Critical Vulnerability in Astar by Zellic.
Different parsers, different results by Nnez.
Introduction to Echidna by All things fuzzy.
Foundry tips by InfectedCrypto.
Solana: Jumping Around in the VM by OtterSec.
Ensuring the Security of Soul-Bound Tokens in Soul Society by Malanii Oleh (Hacken).
Simbolik Solidity Debugger by Runtime Verification.
Snip - a fast and simple Metamask Snap security scanner.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.