Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 51, 2022
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 51, 2022

Rubic | BTC.com | Quadriga | Mango | AAVE

Peter Kacherginsky
Jan 03, 2023
∙ Paid
2

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 51, 2022
Copy link
Facebook
Email
Notes
More
Share

Greetings!

I hope you have all been busy changing LastPass passwords and migrating wallets. Seriously, go do that now and come back to read the newsletter later.

Back already? This week has been filled with curious events ranging from the arrest of Avi Eisenberg of the Mango Markets and AAVE fame to the race for guilty pleas from top ranking FTX leadership. Avi’s arrest is particularly interesting as it puts an end to the “code is law” debate at least from the law enforcement perspective. It’s not looking good for Andean Medjedovic either, an attacker behind the 2021 Indexed Finance hack, who has been in the hiding for more than a year after failing to appear in court. Speaking of old crimes, 100 BTC just moved out a QuadrigaCX cold wallet into Wasabi mixer which reignited the mystery behind the sudden death of the exchange’s founder. And with that let’s dive into the news!

News

  • FTX’s Gary Wang, Alameda’s Caroline Ellison plead guilty to federal charges, cooperating with prosecutors.

  • Mango Markets Exploiter Eisenberg Arrested in Puerto Rico.

  • 2 executives of crypto exchange AAX arrested in Hong Kong.

  • Alameda wallets become active days after SBF bail.

  • Bitcoin Addresses Tied to Defunct Canadian Crypto Exchange QuadrigaCX Wake Up and promptly sent BTC to Wasabi mixer.

  • New Evidence Confirms ISIS Affiliate in Afghanistan Accepting Cryptocurrency Donations.

  • Ethical crypto hackers win $52 million in bug bounties via Immunefi in 2022.

Scams

  • Investigation of North Korean APT’s Large-Scale Phishing Attack on NFT Users by SlowMist follows the campaign previously identified by Phantom X.

  • Phishing campaign exploiting OpenSea’s gasless sales feature using malicious signature requests.

  • Reports of a phishing campaign using a fake SecurityUpdate call by 0xQuit.

  • The DeFrost Team alleged Rug Pull Analysis by DeFiYield Security which the DeFrost team denies.

  • Comprehensive list of common crypto scams and best practices to avoid them by Mal Plankton.

Hacks

  • On December 3, 2022 BTC.com mining pool lost $3M in a compromise. The company did not share additional details about the root cause or the actors behind the hack.

  • On December 25, 2022 Rubic lost $1.4M due to incorrectly configuring its router whitelist which allowed attackers to steal approved users’ funds.

Malware

  • GodFather Android Banking Trojan targets banking, crypto wallet and exchange apps.

Contests

  • QuillCTF wargame.

Media

  • Block IV Guest Speaker: Gerard Persoon - Interesting high-risk findings

Research

  • Code4rena Medium and High Bug Databases by Tomo.

  • A Case for On-Chain Zero Trust by Forta.

  • Reversing The EVM: Raw Calldata by DeGatchi.

  • Speedrunning Web3 Bug Hunts by DeGatchi.

  • Intercept pending transactions with Rust by Lorenzo Zaccagnini.

  • Using Foundry to Explore Upgradeable Contracts (Part 1) by Runtime Verification.

  • Solidity Storage Packing by ylvio.

  • Signature Replay Vulnerability in Smart Contract by BlockAudit.

  • Code Base Analysis for Auditors by obront.

  • Vulnerability Analysis of Smart Contracts.

  • Sandwich Attack of the Top 10 Smart Contract Security Threats by SharkTeam.

  • Solana Auditing and Security Resources by 0xsanny.

  • How to Set Up Your Own Forta/Erigon Node by Evgeny Pleskach (MixBytes).

  • Statistical Attacks on Proof of Solvency by Nihar Shah (Jump Crypto).

  • Proofs, Arguments, and Zero-Knowledge by Justin Thaler.

Tools

  • Contract Analysis Quickstart by Duniversity.

  • Foundry Chisel - a fast, utilitarian, and verbose solidity REPL.

  • QuickPoC - easy POC template generation from the command line.

  • Foundry and on-chain helper bash functions.

  • TX-Fuzz - a package containing helpful functions to create random transactions.

  • TrueBlocks Docker Version - a local-first indexing / data access solution that you may use for data science or as a locally-running backend for your Web 3.0 projects.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.


Premium Content

Indicators

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More