Hey folks,

Unfortunately my predictions of major hacks dropping a few weeks of quiet were true. Where to begin? T-Mobile was breached, again. The compromise also affects 3rd party providers such as Google Fi and Mint which used their network. So if you their customer, it is now time to change your password and be on the lookout for signs of phone porting. On the DeFi side we had a $120M Bonq exploit which was relying on a cheap to manipulate price oracle and Orion Protocol with a good ole’ reentrancy.

On the more positive side, FBI briefly changed their profile picture with a seized BAYC thanks to the tip by ZachBXT.

Hope you stay safe out there. Let’s dive into the news, but first a really interesting note from our sponsors at Chainalysis on how the bad actors launder stolen assets!

$23.8B in Crypto Laundered in 2022 (up from $14.2B last year 🤯)

Money laundering is critical to all financially motivated crime—it enables criminals to cash out from their nefarious activities without being detected. We’re seeing the majority of laundering activity happen at fiat off-ramps like centralized exchanges, though we’ve also seen a big spike in underground money laundering services touting brand names and sophisticated infrastructure.

Get the latest on crypto laundering in 2022 now >

News

• FBI seizes $100K in NFTs from scammer following ZachXBT investigation.

• T-Mobile hacked to steal data of 37 million accounts in API data breach. The compromise affects other providers such as Google Fi, which already reported sim swaps, Mint Mobile, and others.

• Independent examiner finds Celsius ticks every Ponzi box.

• Spanish police arrest 3 executives of crypto platform Bitzlato.

• Bithumb’s Ex-Chairman Kang Jong-Hyun Arrested.

Hacks

• On January 30, 2023 Bevo lost $45K in a reward manipulation exploit.

• On January 31, 2023 Shredded Apes lost $230K on Solana likely due to private key compromise.

• On February 1, 2023 Bonq lost $120M in a price oracle manipulation exploit where an attack was simply able to lie about the price to the oracle.

• On February 2, 2023 Orion Protocol lost $3M due to a reentrancy vulnerability which allowed attacker to inflate deposited assets.

• On February 3, 2023 SperaxUSD lost $309K due to a logic error vulnerability in its rebasing mechanism.

• On February 5, 2023 Degen Millionaires Club lost $18K by deploying a contract with a mint function and no access controls.

Vulnerabilities

• LayerZero message validation bypass was reported by James Prestwich. LayerZero noted the vulnerability is only present using default settings.

• Balancer’s Bountiful Merkle Orchard by riptide discusses a responsibly disclosed vulnerability which could drain the Balancer Vault.

Media

• How to Foundry 2.0 by Brock Elmore.

Research

• Offline signatures can drain your wallet: EIP-6384 can save it (Part 3/4) by ZenGo.

• Tornado Cash and Blockchain Privacy: A Primer for Economists and Policymakers by FRB of St. Louis.

• Awesome Oracle Manipulation by 0xcacti.

• 2022 Year in Review: Lending Protocols by CertiK.

• Exploring Cosmos: A Security Primer by Rajvardhan.

• Common Solana smart contract vulnerabilities thread by sec3.

• Smart Contract Auditor Study Plan by bytes032.

Tools

• Openchain Transaction Tracer by samczsun.

• BlockFence - Simple Chrome Extension That Explains Smart-Contracts With GPT-3.

• Halmos - Symbolic Bounded Model Checker for Ethereum Smart Contracts Bytecode.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators