BlockThreat - Week 50, 2021
Grim | Sorbet | Adidas | Fractal | Phorpiex
Welcome to the latest catch-up edition. As we revisit events late last year we continue observing NFT platforms becoming a more significant target with Discord channels, airdrops mechanisms, and users phished all to gain the precious tokens. More traditional DeFi projects continue to be attacked curiously on more diverse set of EVM-compatible networks where developers may have slipped or simply don’t have the same tools (e.g. reliable oracles) available to them.
Scamming scammers by selling a private key to a blacklisted USDT wallet and sweeping any inbound ETH.
Airdrop phishing campaign targeting high value NFT owners.
EverestDAO rug pulls with a fake wallet breach message.
Fractal discord compromised, $150K phished from channel participants.
On December 13, 2021 Definer contract on OEC network lost $5K due to oracle manipulation.
On December 17, 2021 Adidas NFT airdrop mechanism was tricked to mint 330 tokens in a single transaction.
On December 19, 2021 Grim Finance reentrancy vulnerability was exploited which resulted in the loss of $30M.
Sorbet Finance fixed a critical vulnerability by performing a whitehat hack after receiving an urgent notification.
Umbra patched a minor front-end bug which would could hide funds.
Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions by Check Point Software.
Intro to Cryptography and Signatures in Ethereum by Immunefi.
“Alpha-Rays” behind the scenes on ECDSA attacks.
00 on ZKP implementation attacks.
The ‘U Up?’ Files With samczsun by Immunefi.
The Hidden World of Ethereum Snipers by Samneet Chepal.
Subway - A practical example on how to perform sandwich attacks on UniswapV2 pairs.
Grim Finance Attacker: