Hello friends!

This week features a wild “counter-hack” by Jump’s security team which recovered all of the stolen assets from the Wormhole hack, a sneaky social engineering attack against Coinbase, a mass hack campaign on BNB Chain, and more NFT phishing. Indicators for all of the bad actors are available in the premium section as always.

In other news, this week features a rare crypto wallet vulnerability which resulted in a leak of 2000 private keys and growing reliability issues in smart contract chains.

Let’s dive into the news, but first a word from our sponsors Chainalysis!

The 2023 Crypto Crime Report is here!

Inside you’ll find 100+ pages of original data, research, and case studies on the most pressing topics in cryptocurrency-based crime, including:

• Why 2022 set records for crypto hacking

• How sanctions on Hydra, Tornado Cash, and others impacted the crypto crime ecosystem

• The latest crypto money laundering tactics employed by cybercriminals

• What crypto winter means for scammers

• How cybersecurity enhancements have hurt ransomware attackers

• And more!

Get your copy now >

Events

• ETHDenver 2023 is happening now featuring a number of security talks.

News

• The Oasis "counter-hack" and the centralization of DeFi by Molly White discusses details and implications of hacking back crypto stolen in the Wormhole compromise a year ago.

• Social Engineering - A Coinbase Case Study by Jeff Lunglhofer dives into a sophisticated smishing campaign by 0ktapus threat actor.

• French Police Arrest Duo Involved in Platypus Crypto Exploit possibly related to an earlier report by ZachXBT.

• Sam Bankman-Fried charged with more fraud.

• Brit who consulted North Korea on crypto clarified arrest rumors.

• Was OneCoin’s Missing Cryptoqueen Murdered by Mobsters?

• Cryptocurrency 'mining operation' discovered under Cohasset High School allegedly run by ex-town employee.

• More reports of mass exploitation of projects on BNB Chain improperly handling deflationary tokens. A similar campaign was launched almost a year ago also on the BNB chain.

Scams

• HideYoApes lost $200K in high value NFTs likely due to downloading a malicious MetaMask extension.

• Offline signatures can drain your wallet: The North Korean connection (Part 4/4) by Jonas Ouazan (ZenGo).

• Forsage Founders Indicted in $340M DeFi Crypto Scheme.

Hacks

• On February 20, 2023 Edge Wallet was found to store unencrypted private keys locally and to transmit those keys to Edge’s infrastructure. About 2000 private keys were leaked to Edge with reports of compromises. According to Edge, they have only received a few stolen funds reports and performed only limited spot checking of leaked addresses.

• On February 20, 2023 $1.86M were stolen from Hope Finance by an insider.

• On February 23, 2023 Dynamic Finance lost $23K due to a reentrancy exploit.

• On February 23, 2023 FEG (Feed Every Gorilla) lost $283K due to a function parameter validation bug. This is a 3rd exploit for FEG since last year pushing the total lost due to hacks to $3.483M.

• On February 24, 2023 NFTCloud lost $9.2K due to a logic error in their reward mechanism.

• On February 24, 2023 AquaDAO lost $48.5K in a governance takeover attack.

• On February 27, 2023 Swap X’s DND Token, Launch Zone, and HFI Protocol lost combined $1.46M due insufficient function access control allowing attackers to force swaps which manipulated DND price.

Other Incidents

• On February 22, 2023 Polygon chain experienced a massive 157-block reorg.

• On February 24, 2023 Arbitrum proposed combating sequencer overloading by arbitrage bots with a hybrid PoW approach.

• On February 25, 2023 Solana experienced an outage requiring a chain restart.

Vulnerabilities

• Pseudonym Input Vulnerability in Circom’s Verification Contract has Been Replicated.

Malware

• macOS targeted by evasive crypto-jacking malware distributed through pirated versions of Final Cut Pro.

• New Stealc malware-as-a-service targets web browsers, crypto wallets, email clients.

• New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency.

Contests

• RACE #15 Of The Secureum Bootcamp Epoch∞ by patrickd.

Research

• Demystifying Exploitable Bugs in Smart Contracts. A must read analysis of exploitable web3 bugs based on code4arena reports.

• Cross-chain re-entrancy by Mateocesaroni.

• Solidity Security - Lesson 3: Guidelines for Auditing Staking Protocols by SunWeb3Sec.

• Understanding Smart Contract Vulnerabilities by Neptune Mutual.

• Exploiting Smart Contract Bytecode for Classification on Ethereum.

• Updated Building Secure Smart Contracts series by Trail of Bits.

• The Hidden Shortcomings of (D)AOs -- An Empirical Study of On-Chain Governance.

• Building reliable EVM disassemblers by Karma.

• Setting Up A Bridge With Foundry by Immunefi.

• Diving into the Reth p2p stack by Jonas Bostoen.

• Practical Security Analysis of Zero-Knowledge Proof Circuits.

• Defending against the nothing-at-stake problem in multi-threaded blockchains.

• How Many Bitcoin Confirmations is Enough? by Jameson Lopp.

Tools

• Counter Exploit Toolkit by jtriley.

• Decompile Tools by Ape Dev based on Jon Becker’s excellent heimdall-rs.

• Testnet.FYI by Emiliano Bonassi allows one to create temporary, public accessible Foundry Anvil testnets.

• OKLink cross chain blockchain explorer.

• Contract Reader introduced live on-chain values.

• How to Choose an Anti-Phishing Plugin by SlowMist.

• Foundry Script template by Paul Razvan Berg.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators

AquaDAO Attackers

Cosmos: cosmos1matu8jgn3rmk2955j694qmj9w30nycafrhj2jl

FEG Attackers

BSC: 0x2c4d38413b3eabaf73b12d23525521850fc7cc0b