BlockThreat - Week 7, 2022
OpenSea | IRA Financial | Build Finance | Titano | TopGoal | Futureswap
Hello friends,
A rough week with compromises of a crypto retirement fund and a host of DeFi projects with total losses exceeding $41M. Build Finance governance attack is particularly interesting as more projects begin decentralizing and delegating critical functions to external governance. OpenSea users got hit with a sophisticated approval farming attack while more malware variants got unleashed to steal crypto wallets.
On the more positive side, ETHDenver brought us plenty of blocksec related talks while Ledger hosted a fun series on wallet hardware attacks. Oh and be sure to check out a new OpenZeppelin project called Forta explorer aiming to help detect on-chain events such as hacks, phishing campaigns and others!
A special note to my Ukrainian readers going through an unimaginable tragedy. Sharing your pain, grieving for your losses, wishing you strength, and hoping for the peace and sanity to be restored soon.
News
The Justice Department has a new crypto team and a new leader to crack down on scams.
RCMP orders blacklist of 34 crypto wallets under Trudeau’s authoritarian prerogative.
Crypto Heavyweights Coinbase, Fidelity and Robinhood Back US Anti-Money Laundering Group.
Scams
OpenSea users lost at least $3.4M in high value NFTs after they were targeted with a sophisticated phishing campaign designed to steal their tokens by soliciting fake approvals. Bad actors laundered funds through Tornado while investigators continue tracking funds.
‘Ice phishing’ on the blockchain by Microsoft explores common approval phishing attacks and shares a Forta agent (see Tools section below) implementation to detect them.
Hacks
On February 8, 2022 IRA Financial, a crypto retirement fund, reported $36M stolen from several customer accounts.
On February 9, 2022 Futureswap reported a compromise of a reward reserves account which resulted in the loss of $700K worth of funds.
On February 14, 2022 Titano Finance was exploited due to insufficient function access controls which resulted in $1.9M loss.
On February 14, 2022 Build Finance suffered a governance attack which allowed an attacker to mint and sell $493K worth of tokens.
On February 16, 2022 TopGoal lost $2.3M in tokens after its wallet keys got compromised.
On February 17, 2022 RigoBlock lost $464K due to the missing access control on a function controlling token allowances.
Malware
NFT Lure Used to Distribute BitRAT by Fortinet.
Meet Kraken: A New Golang Botnet in Development targeting users’ crypto wallets by ZeroFox.
Media
Enter the Donjon - Breaking secure hardware with software attacks.
ETHDenver 2022 - Attacking an L2 with Unbridled Optimism - Jay Freeman
ETHDenver 2022 - Rethinking Security Auditing for Web3 - Spencer Macdonald
ETHDenver 2022 - Security Pitfalls when building with DeFi Money Legos Ioannis Sachinoglou
ETHDenver 2022 - Into the Dark Forest A Discussion on the State of Security in Ethereum Liz Daldalian mod; Goncalo S
ETHDenver 2022 - Privacy on Public Ledger Blockchains - Alan Scott, Edward Fricker and Kieran Mesquita
ETHDenver 2022 - MEV: Navigating The Dark Forest_Omer Arie Goldberg
ETHDenver 2022 - Deus Ex Securitas
Research
Details of the Coinbase Advanced Trading API vulnerability which resulted in the $250K bug bounty by Tree of Alpha.
Report: $2.4B+ Lost in DeFi Exploits and Scams in 2021 by DefiYield.
Classification and evaluation of mixing methods by BitNovosti.
Satoshi’s Heel: Is mining infrastructure a vulnerability that could take down bitcoin? by Bitcoin Magazine.
MistTrack Analysis of the $90 Million Stolen from Liquid Exchange by SlowMist.
Modern MEV sandwich attacks on Ethereum routers by totlsota.eth.
Challenges
Tools
Forta Explorer - blockchain intrusion detection framework.