BlockThreat - Week 5, 2022
Wormhole | KLAYswap | Meter.io | Compound | Mars Stealer
Things are not looking good in DeFi land this week! Two cross chain bridges got hit in a single week! KLAYswap suffered from a surgical BGP hijacking of its 3rd party dependency to replace the smart contract address on the front-end Dapp and steal crypto from site’s visitors. Justin Sun may be at it again with a governance attack on Compound Protocol to force a TUSD vote. Insider threats, careless access controls, reentrancy, and other bugs netted attackers $333M in a single week, that’s more than all of the losses combined in 2020. Let’s learn from these mistakes and make the blockchain security ecosystem stronger.
News
Crime and NFTs: Chainalysis Detects Significant Wash Trading and Some Money Laundering In this Emerging Asset Class by Chainalysis.
Pune Cop Kidnapped Trader To Extort Bitcoins Worth ₹ 300 Crore.
Maryland Man Drugs Father to Access His $400,000 in Bitcoin.
Tron’s Justin Sun Accused of ‘Governance Attack’ on DeFi Lender Compound.
Hacks
On February 2, 2022 Wormhole, a Solana/Ethereum bridge, was exploited for $325M. The attacker continues holding stolen assets in their Solana and Ethereum accounts with the world closely watching.
On February 3, 2022 KLAYswap front-end was attacked using BGP hijacking to redirect token approvals to a malicious address on the Klaytn blockchain. As a result $1.83M were lost.
On February 3, 2022 HypeBears was exploited using a reentrancy vulnerability to mint multiple tokens.
On February 4, 2022 Tecra Coin lost $600K from its Uniswap pool after the arbitrary burn vulnerability was exploited in its contract.
On February 4, 2022 DePo insider stole $1.6M by draining one of the staking rewards wallets.
On February 5, 2022 Meter.io money printing bug was exploited which resulted in the theft of $4.4M.
Vulnerabilities
Solidly Exchange patched a critical NFT double counting vulnerability after it was responsibly disclosed through its bug bounty program.
Yearn patched a price manipulation bug in its USDT strategy thanks to the report to its bug bounty program.
Malware
Mars Stealer: Oski refactoring analysis by 3xp0rt reveals new crypto stealing functionality.
Research
A quick reminder of what "shared security" means and why it's so important by Vitalik Buterin.
Sealevel Attacks - Examples of common exploits unique to the Solana programming model and recommended idioms for avoiding these attacks using the Anchor framework.
How to Audit Solana Smart Contracts Part 1 2 3 4 by Soteria.
Solana Internals Series Part 1 2 3 4 by Soteria.
Mainnet forking with Forge by Sushi.
Notional Double Counting Free Collateral Bugfix Review by Immunefi.
The Duality of Web3: Privacy vs. Transparency by Shekar Ramaswamy.