BlockThreat - Week 51, 2022
Rubic | BTC.com | Quadriga | Mango | AAVE
Greetings!
I hope you have all been busy changing LastPass passwords and migrating wallets. Seriously, go do that now and come back to read the newsletter later.
Back already? This week has been filled with curious events ranging from the arrest of Avi Eisenberg of the Mango Markets and AAVE fame to the race for guilty pleas from top ranking FTX leadership. Avi’s arrest is particularly interesting as it puts an end to the “code is law” debate at least from the law enforcement perspective. It’s not looking good for Andean Medjedovic either, an attacker behind the 2021 Indexed Finance hack, who has been in the hiding for more than a year after failing to appear in court. Speaking of old crimes, 100 BTC just moved out a QuadrigaCX cold wallet into Wasabi mixer which reignited the mystery behind the sudden death of the exchange’s founder. And with that let’s dive into the news!
News
Bitcoin Addresses Tied to Defunct Canadian Crypto Exchange QuadrigaCX Wake Up and promptly sent BTC to Wasabi mixer.
New Evidence Confirms ISIS Affiliate in Afghanistan Accepting Cryptocurrency Donations.
Ethical crypto hackers win $52 million in bug bounties via Immunefi in 2022.
Scams
Investigation of North Korean APT’s Large-Scale Phishing Attack on NFT Users by SlowMist follows the campaign previously identified by Phantom X.
Phishing campaign exploiting OpenSea’s gasless sales feature using malicious signature requests.
Reports of a phishing campaign using a fake SecurityUpdate call by 0xQuit.
The DeFrost Team alleged Rug Pull Analysis by DeFiYield Security which the DeFrost team denies.
Comprehensive list of common crypto scams and best practices to avoid them by Mal Plankton.
Hacks
On December 3, 2022 BTC.com mining pool lost $3M in a compromise. The company did not share additional details about the root cause or the actors behind the hack.
On December 25, 2022 Rubic lost $1.4M due to incorrectly configuring its router whitelist which allowed attackers to steal approved users’ funds.
Malware
GodFather Android Banking Trojan targets banking, crypto wallet and exchange apps.
Contests
Media
Research
A Case for On-Chain Zero Trust by Forta.
Reversing The EVM: Raw Calldata by DeGatchi.
Speedrunning Web3 Bug Hunts by DeGatchi.
Intercept pending transactions with Rust by Lorenzo Zaccagnini.
Using Foundry to Explore Upgradeable Contracts (Part 1) by Runtime Verification.
Solidity Storage Packing by ylvio.
Signature Replay Vulnerability in Smart Contract by BlockAudit.
Code Base Analysis for Auditors by obront.
Sandwich Attack of the Top 10 Smart Contract Security Threats by SharkTeam.
Solana Auditing and Security Resources by 0xsanny.
How to Set Up Your Own Forta/Erigon Node by Evgeny Pleskach (MixBytes).
Statistical Attacks on Proof of Solvency by Nihar Shah (Jump Crypto).
Proofs, Arguments, and Zero-Knowledge by Justin Thaler.
Tools
Contract Analysis Quickstart by Duniversity.
Foundry Chisel - a fast, utilitarian, and verbose solidity REPL.
QuickPoC - easy POC template generation from the command line.
TX-Fuzz - a package containing helpful functions to create random transactions.
TrueBlocks Docker Version - a local-first indexing / data access solution that you may use for data science or as a locally-running backend for your Web 3.0 projects.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Premium Content
Indicators
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.