BlockThreat - Week 8, 2023
Wormhole | Oasis | Jump | HideYoApes | Edge | SwapX | Launch Zone
This week features a wild “counter-hack” by Jump’s security team which recovered all of the stolen assets from the Wormhole hack, a sneaky social engineering attack against Coinbase, a mass hack campaign on BNB Chain, and more NFT phishing. Indicators for all of the bad actors are available in the premium section as always.
In other news, this week features a rare crypto wallet vulnerability which resulted in a leak of 2000 private keys and growing reliability issues in smart contract chains.
Let’s dive into the news, but first a word from our sponsors Chainalysis!
The 2023 Crypto Crime Report is here!
Inside you’ll find 100+ pages of original data, research, and case studies on the most pressing topics in cryptocurrency-based crime, including:
Why 2022 set records for crypto hacking
How sanctions on Hydra, Tornado Cash, and others impacted the crypto crime ecosystem
The latest crypto money laundering tactics employed by cybercriminals
What crypto winter means for scammers
How cybersecurity enhancements have hurt ransomware attackers
ETHDenver 2023 is happening now featuring a number of security talks.
The Oasis "counter-hack" and the centralization of DeFi by Molly White discusses details and implications of hacking back crypto stolen in the Wormhole compromise a year ago.
French Police Arrest Duo Involved in Platypus Crypto Exploit possibly related to an earlier report by ZachXBT.
HideYoApes lost $200K in high value NFTs likely due to downloading a malicious MetaMask extension.
Offline signatures can drain your wallet: The North Korean connection (Part 4/4) by Jonas Ouazan (ZenGo).
On February 20, 2023 Edge Wallet was found to store unencrypted private keys locally and to transmit those keys to Edge’s infrastructure. About 2000 private keys were leaked to Edge with reports of compromises. According to Edge, they have only received a few stolen funds reports and performed only limited spot checking of leaked addresses.
On February 20, 2023 $1.86M were stolen from Hope Finance by an insider.
On February 23, 2023 Dynamic Finance lost $23K due to a reentrancy exploit.
On February 23, 2023 FEG (Feed Every Gorilla) lost $283K due to a function parameter validation bug. This is a 3rd exploit for FEG since last year pushing the total lost due to hacks to $3.483M.
On February 24, 2023 NFTCloud lost $9.2K due to a logic error in their reward mechanism.
On February 24, 2023 AquaDAO lost $48.5K in a governance takeover attack.
On February 27, 2023 Swap X’s DND Token, Launch Zone, and HFI Protocol lost combined $1.46M due insufficient function access control allowing attackers to force swaps which manipulated DND price.
On February 22, 2023 Polygon chain experienced a massive 157-block reorg.
On February 24, 2023 Arbitrum proposed combating sequencer overloading by arbitrage bots with a hybrid PoW approach.
On February 25, 2023 Solana experienced an outage requiring a chain restart.
macOS targeted by evasive crypto-jacking malware distributed through pirated versions of Final Cut Pro.
RACE #15 Of The Secureum Bootcamp Epoch∞ by patrickd.
Cross-chain re-entrancy by Mateocesaroni.
Understanding Smart Contract Vulnerabilities by Neptune Mutual.
Updated Building Secure Smart Contracts series by Trail of Bits.
Building reliable EVM disassemblers by Karma.
Setting Up A Bridge With Foundry by Immunefi.
Diving into the Reth p2p stack by Jonas Bostoen.
How Many Bitcoin Confirmations is Enough? by Jameson Lopp.
Counter Exploit Toolkit by jtriley.
Testnet.FYI by Emiliano Bonassi allows one to create temporary, public accessible Foundry Anvil testnets.
OKLink cross chain blockchain explorer.
How to Choose an Anti-Phishing Plugin by SlowMist.
Foundry Script template by Paul Razvan Berg.
Keep reading with a 7-day free trial