BlockThreat - Week 51, 2022
Rubic | BTC.com | Quadriga | Mango | AAVE
I hope you have all been busy changing LastPass passwords and migrating wallets. Seriously, go do that now and come back to read the newsletter later.
Back already? This week has been filled with curious events ranging from the arrest of Avi Eisenberg of the Mango Markets and AAVE fame to the race for guilty pleas from top ranking FTX leadership. Avi’s arrest is particularly interesting as it puts an end to the “code is law” debate at least from the law enforcement perspective. It’s not looking good for Andean Medjedovic either, an attacker behind the 2021 Indexed Finance hack, who has been in the hiding for more than a year after failing to appear in court. Speaking of old crimes, 100 BTC just moved out a QuadrigaCX cold wallet into Wasabi mixer which reignited the mystery behind the sudden death of the exchange’s founder. And with that let’s dive into the news!
Investigation of North Korean APT’s Large-Scale Phishing Attack on NFT Users by SlowMist follows the campaign previously identified by Phantom X.
On December 3, 2022 BTC.com mining pool lost $3M in a compromise. The company did not share additional details about the root cause or the actors behind the hack.
On December 25, 2022 Rubic lost $1.4M due to incorrectly configuring its router whitelist which allowed attackers to steal approved users’ funds.
GodFather Android Banking Trojan targets banking, crypto wallet and exchange apps.
A Case for On-Chain Zero Trust by Forta.
Reversing The EVM: Raw Calldata by DeGatchi.
Speedrunning Web3 Bug Hunts by DeGatchi.
Intercept pending transactions with Rust by Lorenzo Zaccagnini.
Using Foundry to Explore Upgradeable Contracts (Part 1) by Runtime Verification.
Solidity Storage Packing by ylvio.
Signature Replay Vulnerability in Smart Contract by BlockAudit.
Code Base Analysis for Auditors by obront.
Solana Auditing and Security Resources by 0xsanny.
How to Set Up Your Own Forta/Erigon Node by Evgeny Pleskach (MixBytes).
Statistical Attacks on Proof of Solvency by Nihar Shah (Jump Crypto).
Proofs, Arguments, and Zero-Knowledge by Justin Thaler.
Contract Analysis Quickstart by Duniversity.
Foundry Chisel - a fast, utilitarian, and verbose solidity REPL.
QuickPoC - easy POC template generation from the command line.
TX-Fuzz - a package containing helpful functions to create random transactions.
TrueBlocks Docker Version - a local-first indexing / data access solution that you may use for data science or as a locally-running backend for your Web 3.0 projects.
Keep reading with a 7-day free trial