BlockThreat - Week 9, 2023
Algorand | The Sandbox | Shata Capital | MonkeyDrainer
This is a really tough week especially for our friends at Algorand. An unknown wallet exploit is being actively used to drain thousands of account with attackers getting more and more effective at moving funds. I hope Algorand Foundation hangs in there and leans in on the community to help them stop the attack.
On the phishing side there is yet another mass campaign coming to you over emails, texts, and even phone calls with recent Sandbox, Cointracker, Klaviyo and other leaks really not helping. Monkey Drainer announced that they are quitting, but I have a strong feeling their place will quickly be filled by another primate seeking to rip off innocent users. A parting gift from the monkey was the publication of their phishing kit on Github which is a great research artifact to study and to build detections.
But it’s not all doom and gloom this week. ETHDenver happened and ETHGathering released a boatload of excellent blockchain security related talks including my favorite panel on monitoring and incident response. Three new CTFs launched to sharpen your low level EVM skills. Last but not least this edition features fantastic research papers by the likes of DeGatchi, Konstantin from Mixbytes, Beosin, and others.
Let’s dive into the news, but first a word from our sponsors Chainalysis!
The 2023 Crypto Crime Report is here!
Inside you’ll find 100+ pages of original data, research, and case studies on the most pressing topics in cryptocurrency-based crime, including:
Why 2022 set records for crypto hacking
How sanctions on Hydra, Tornado Cash, and others impacted the crypto crime ecosystem
The latest crypto money laundering tactics employed by cybercriminals
What crypto winter means for scammers
How cybersecurity enhancements have hurt ransomware attackers
Crypto Companies Behind Tether Used Falsified Documents and Shell Companies to Get Bank Accounts by The Wall Street Journal.
LastPass says employee’s home computer was hacked and corporate vault taken. Vulnerable Plex media server was used as an initial exploit vector.
MonkeyDrainer - Ethereum NFT Drainer Github mirror.
On February 20, 2023 and ongoing 2000+ Algorand network users and projects like Algodex, Lofty, AlgoCasino, etc. lost $9.2M+ due to private key compromises. The root cause is not known; however, a common factor among victims is the use of myAlgo. More recently, attackers moved from high value wallets to systematically emptying even low value wallets. Users are strongly advised to move assets into hardware wallets as soon as possible.
On February 24, 2023 Shata Capital lost $5.1M due function parameter validation bug introduced as a result of a contract upgrade.
On February 26, 2023 The Sandbox employee computer was compromised which allowed an attacker to obtain a list of customer email addresses. Unfortunately, the incident notice did mention any forensic or malware analysis was done before wiping the laptop.
EVM through CTFs launched with the first two challenges.
Curta CTF launched.
ETHGathering talks were published. Here are a few blocksec related ones:
L2 Security Panel by Torgin, Kris Kaczor, Daniel Lumi, Orest Tarasiuk, Carlos Matallana.
Auditors Protocols Panel with Mooly Sagiv, Emilie Raffo, Julien Bouteloup, Rajeev, Kurt Barry, Christopher von Hessert, Hossam.
Reviewing DAO Security by Mar Gimenez.
Monitoring and Mitigation of Economic Risk by Jan Osolnik.
WHAT THE HEX! by Anirudha.
Smart Contract Obfuscation Techniques by DeGatchi.
Overview of the Inflation Attack by Konstantin Nekrasov.
A developer’s guide to the web3 security stack by Jonathan King, Steven Willinger.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.