BlockThreat - Week 7, 2022
OpenSea | IRA Financial | Build Finance | Titano | TopGoal | Futureswap
A rough week with compromises of a crypto retirement fund and a host of DeFi projects with total losses exceeding $41M. Build Finance governance attack is particularly interesting as more projects begin decentralizing and delegating critical functions to external governance. OpenSea users got hit with a sophisticated approval farming attack while more malware variants got unleashed to steal crypto wallets.
On the more positive side, ETHDenver brought us plenty of blocksec related talks while Ledger hosted a fun series on wallet hardware attacks. Oh and be sure to check out a new OpenZeppelin project called Forta explorer aiming to help detect on-chain events such as hacks, phishing campaigns and others!
A special note to my Ukrainian readers going through an unimaginable tragedy. Sharing your pain, grieving for your losses, wishing you strength, and hoping for the peace and sanity to be restored soon.
OpenSea users lost at least $3.4M in high value NFTs after they were targeted with a sophisticated phishing campaign designed to steal their tokens by soliciting fake approvals. Bad actors laundered funds through Tornado while investigators continue tracking funds.
‘Ice phishing’ on the blockchain by Microsoft explores common approval phishing attacks and shares a Forta agent (see Tools section below) implementation to detect them.
On February 8, 2022 IRA Financial, a crypto retirement fund, reported $36M stolen from several customer accounts.
On February 9, 2022 Futureswap reported a compromise of a reward reserves account which resulted in the loss of $700K worth of funds.
On February 14, 2022 Titano Finance was exploited due to insufficient function access controls which resulted in $1.9M loss.
On February 14, 2022 Build Finance suffered a governance attack which allowed an attacker to mint and sell $493K worth of tokens.
On February 16, 2022 TopGoal lost $2.3M in tokens after its wallet keys got compromised.
On February 17, 2022 RigoBlock lost $464K due to the missing access control on a function controlling token allowances.
NFT Lure Used to Distribute BitRAT by Fortinet.
Meet Kraken: A New Golang Botnet in Development targeting users’ crypto wallets by ZeroFox.
ETHDenver 2022 - Attacking an L2 with Unbridled Optimism - Jay Freeman
ETHDenver 2022 - Rethinking Security Auditing for Web3 - Spencer Macdonald
ETHDenver 2022 - MEV: Navigating The Dark Forest_Omer Arie Goldberg
ETHDenver 2022 - Deus Ex Securitas
Report: $2.4B+ Lost in DeFi Exploits and Scams in 2021 by DefiYield.
Classification and evaluation of mixing methods by BitNovosti.
Modern MEV sandwich attacks on Ethereum routers by totlsota.eth.
Forta Explorer - blockchain intrusion detection framework.