BlockThreat - Week 50, 2022
Raydium | Gemini | ElasticSwap | SBF
Greetings!
Price oracle manipulation is definitely the exploit of this week with three different projects losing about $1M as a result. Gemini lost data on 5.7M customers due to a third party compromise while Radium lost $4.4M after its admin private keys were stolen. All of the attacker indicators are in the premium section below.
Phishing attacks are adopting new techniques to trick users into wallet drainer sites ranging from fake movie studio contracts to malicious Discord server invites. Be sure to check out Solidus Lab’s report on rug pulls!
In legal news, SBF was finally charged and arrested for the massive fraud while the latest Digital Asset AML bill wants to document every DeFi user. Good luck with that!
Wishing you warm, relaxing and safe holidays!
News
US authorities charge Sam Bankman-Fried with ‘massive’ fraud which was quickly followed by news SBF’s arrest in the Bahamas.
FTX stored private keys without encryption, the exchange's new chief said.
Binance’s beef with crypto trader CoinMamba following a series of API key compromises which some allege to be connected with the 3Commas platform.
Co-Founder Of Multi-Billion-Dollar Cryptocurrency Pyramid Scheme “OneCoin” Pleads Guilty. Ruja Ignatova, the main perpetrator behind the scheme, is still at large.
Shadowy US Spy Firm Promises To Surveil Crypto Users For the Highest Bidder.
CoinCenter critique of the Digital Asset Anti-Money Laundering Act forcing DeFi projects, miners, and other decentralized actors to record user information, implement AML programs, and other actions that would kill the industry.
DeFi, Cross-Chain Bridge Attacks Drive Record Haul from Cryptocurrency Hacks and Exploits by TRM Labs.
Scams
The 2022 Rug Pull Report by Solidus Labs explores trends across 118K scam tokens affecting almost 2M users.
Reports of a new NFT phishing method using fake Discord server invites leading victims to a Monkey Drainer phishing site.
Analysis of how a scammer stole 14 BAYCs through a month long social engineering campaign by Serpent. A fascinating campaign involving a fake movie company.
Coinbase email phishing campaign tricking users with a fake BTC transfer.
Hacks
On December 12, 2022 ElasticSwap got hit with a price oracle manipulation exploit which resulted in the loss of $850K. Interestingly, just as with other exploits, an MEV bot was able to front-run one of the exploit transactions.
On December 12, 2022 BlackGold lost $18K due to a price oracle manipulation exploit.
On December 14, 2022 Nimbus lost $76K due to …. you guessed it! … a price oracle manipulation exploit.
On December 14, 2022 Gemini reported an ongoing phishing campaign after 5.7M customer records were stolen from a 3rd party vendor.
On December 16, 2022 Raydium lost $4.4M due to private key theft.
Vulnerabilities
Dedaub Team discovered a vulnerability Uniswap Universal Router which under certain circumstances could lead to funds theft.
Reports of a Discord XSS Vulnerability actively exploited in the wild.
Malware
Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT by Trend Micro.
Contests
Media
Echidna Fuzzing Workshop by Trail of Bits.
The Sorry State of DeFi Security by Oak Security.
Research
Ethereum Smart Contract Auditor's 2022 Rewind by patrickd.
CosmWasm DeFiVulnLabs by punishell.
Rediscovering Smart Contract Honeypots targeting Solidity Devs.
Web3 Security Tools by Quilhash.
zk-STARK resources compiled by Joran Honig.
Royalty Fee Limit of NFT Marketplace Bypass via EIP-2981 by Haechi.
NFT Security in Blockchain by QuilAudits.
The secrets of automation-kings in bug bounty by Jason Haddix.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Premium Content
Indicators
Forte Pictures Scam Campaign
Domain: forte[.]pictures
Domain: marcusmizelle[.]com
Ethereum: 0x64677f177bc68382fc86714a3ed8f22bc368b7da