Blockchain Threat Intelligence

Share this post
BlockThreat - Week 7, 2022
newsletter.blockthreat.io

BlockThreat - Week 7, 2022

OpenSea | IRA Financial | Build Finance | Titano | TopGoal | Futureswap

Peter Kacherginsky
Feb 26
Comment
Share

Hello friends,

A rough week with compromises of a crypto retirement fund and a host of DeFi projects with total losses exceeding $41M. Build Finance governance attack is particularly interesting as more projects begin decentralizing and delegating critical functions to external governance. OpenSea users got hit with a sophisticated approval farming attack while more malware variants got unleashed to steal crypto wallets.

On the more positive side, ETHDenver brought us plenty of blocksec related talks while Ledger hosted a fun series on wallet hardware attacks. Oh and be sure to check out a new OpenZeppelin project called Forta explorer aiming to help detect on-chain events such as hacks, phishing campaigns and others!

A special note to my Ukrainian readers going through an unimaginable tragedy. Sharing your pain, grieving for your losses, wishing you strength, and hoping for the peace and sanity to be restored soon.

News

  • The Justice Department has a new crypto team and a new leader to crack down on scams.

  • RCMP orders blacklist of 34 crypto wallets under Trudeau’s authoritarian prerogative.

  • Crypto Heavyweights Coinbase, Fidelity and Robinhood Back US Anti-Money Laundering Group.

  • Russian Cybercriminals Drive Significant Ransomware and Cryptocurrency-based Money Laundering Activity.

Scams

  • OpenSea users lost at least $3.4M in high value NFTs after they were targeted with a sophisticated phishing campaign designed to steal their tokens by soliciting fake approvals. Bad actors laundered funds through Tornado while investigators continue tracking funds.

  • ‘Ice phishing’ on the blockchain by Microsoft explores common approval phishing attacks and shares a Forta agent (see Tools section below) implementation to detect them.

Hacks

  • On February 8, 2022 IRA Financial, a crypto retirement fund, reported $36M stolen from several customer accounts.

  • On February 9, 2022 Futureswap reported a compromise of a reward reserves account which resulted in the loss of $700K worth of funds.

  • On February 14, 2022 Titano Finance was exploited due to insufficient function access controls which resulted in $1.9M loss.

  • On February 14, 2022 Build Finance suffered a governance attack which allowed an attacker to mint and sell $493K worth of tokens.

  • On February 16, 2022 TopGoal lost $2.3M in tokens after its wallet keys got compromised.

  • On February 17, 2022 RigoBlock lost $464K due to the missing access control on a function controlling token allowances.

Malware

  • NFT Lure Used to Distribute BitRAT by Fortinet.

  • Meet Kraken: A New Golang Botnet in Development targeting users’ crypto wallets by ZeroFox.

  • A Method for Decrypting Data Infected with Hive Ransomware.

Media

  • Enter the Donjon - Breaking secure hardware with software attacks.

  • Enter the Donjon - Power glitch attacks.

  • Enter the Donjon - Laser fault attacks.

  • Enter the Donjon - Side-channel attacks.

  • ETHDenver 2022 - Attacking an L2 with Unbridled Optimism - Jay Freeman

  • ETHDenver 2022 - Rethinking Security Auditing for Web3 - Spencer Macdonald

  • ETHDenver 2022 - Security Pitfalls when building with DeFi Money Legos Ioannis Sachinoglou

  • ETHDenver 2022 - Into the Dark Forest A Discussion on the State of Security in Ethereum Liz Daldalian mod; Goncalo S

  • ETHDenver 2022 - Privacy on Public Ledger Blockchains - Alan Scott, Edward Fricker and Kieran Mesquita

  • ETHDenver 2022 - MEV: Navigating The Dark Forest_Omer Arie Goldberg

  • ETHDenver 2022 - Deus Ex Securitas

Research

  • Details of the Coinbase Advanced Trading API vulnerability which resulted in the $250K bug bounty by Tree of Alpha.

  • Report: $2.4B+ Lost in DeFi Exploits and Scams in 2021 by DefiYield.

  • Classification and evaluation of mixing methods by BitNovosti.

  • Satoshi’s Heel: Is mining infrastructure a vulnerability that could take down bitcoin? by Bitcoin Magazine.

  • MistTrack Analysis of the $90 Million Stolen from Liquid Exchange by SlowMist.

  • Modern MEV sandwich attacks on Ethereum routers by totlsota.eth.

Challenges

  • Immunefi Community Challenges.

Tools

  • Forta Explorer - blockchain intrusion detection framework.

  • Uniswap Oracle Attack Simulator.

  • Token approval revocation tools.

Premium Content

Indicators

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2022 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing