BlockThreat - Week 52, 2022
3Commas | BlueNoroff | Luke Dashjr | Amun | Quota
Happy happy new year! As we wrap up this year, I wanted to thank you for joining me on this journey. I can’t believe it’s already been four years since I have discovered the blockchain security industry and started sharing it through this newsletter. Week after week I’m left with the feeling of wonderment which hopefully inspired some of you to join the fun as a hobby or even a full time career. Here is for many more years together, cheers! 🥂
In the last week of the year, 3Commas finally admitted the API leak, BlueNoroff started using new social engineering and malware techniques while crypto scam campaigns triggered regulator and FBI warnings. Multiple private key compromises this week with one particularly unfortunate incident involving a bitcoin developer.
That’s all folks, see you all next year!
A Review on the Security of Blockchain by SlowMist and Coinlive.
2022 Crypto Investigations Wrap-Up by CertiK.
Tornado Cash Sanctions and the Fourth Amendment by nfttorney.
The MOST EVIL Crypto SCAM: Boris and Bob Rug-Pulled $19M by DeFiYield Security.
Users of BitKeep wallets lost up to $31M in a mass phishing campaign that distributed malicious wallet APK files.
Analysis of WIN-799RI0TSTOF NFT Stealer by harry.eth.
Address Poisoning Token PoC by jtriley.
On December 26, 2022 Amun lost $300K after a stolen private key was used to reconfigure the smart contract.
On December 29, 2022 Japeggerz lost $20K due to a reentrancy vulnerability.
On December 31, 2022 Quota Network lost $270K by failing to implement proper access controls for initialize function.
BlueNoroff introduces new methods bypassing MoTW by Kaspersky.
Darknet Diaries - EP 131: Welcome To Video.
The Case for an On-Chain Risk Oracle by Yaron Velner.
ZK Bug Tracker by 0xPARC.
Difficulty of Reproducing Old Exploits by Brian IsMeta.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.