BlockThreat - Week 9, 2022
TreasureDAO | Bacon | Evolution | Conti | CVX
This week’s edition deep dives into the leaked Conti Ransomware files including their involvement in the Squid Games scam. Only a few DeFi hacks resulting in $2.5M in losses due to reentrancy and input validation bugs as well as a recently trending front-end address injection exploit. Be sure to check out select research papers to sharpen your EVM bug hunting skills.
Enjoy reading BlockThreat? Help support this project by donating in the latest Gitcoin R13 round:
Also, consider becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
TrustX - Ethereum security conference in Amsterdam on April 21-22.
Common crypto scam transaction patterns by PeckShield.
On March 3, 2022 Evolution BSC front-end was maliciously modified with a phishing address which resulted in the theft of $26K.
On March 3, 2022 TreasureDAO lost $1.4M in NFTs due to an input validation vulnerability.
On March 5, 2022 Bacon Coin lost $1M after a reentrancy bug was exploited in the lend() method.
Convex Finance redeployed its vlCVX contract after an unknown vulnerability was responsibly disclosed to the project.
Conti Ransomware Group Diaries, Part I: Evasion by Brian Krebs.
Conti Ransomware Group Diaries, Part II: The Office by Brian Krebs.
Conti Ransomware Group Diaries, Part III: Weaponry by Brian Krebs.
Conti Ransomware Group Diaries, Part IV: Cryptocrime by Brian Krebs.
Why Crypto Scammers Are Scared of This Man - ZachXBT, On-chain Detective, Ep. 187.
How Robert Forster of Armor Finds Big Bugs by Immunefi.
Smart-Contract-Hash-Matcher - given a contract, find all subcontracts defined on it, calculate their sha-256 hash and look for exact matches.