Greetings!

This is a really tough week especially for our friends at Algorand. An unknown wallet exploit is being actively used to drain thousands of account with attackers getting more and more effective at moving funds. I hope Algorand Foundation hangs in there and leans in on the community to help them stop the attack.

On the phishing side there is yet another mass campaign coming to you over emails, texts, and even phone calls with recent Sandbox, Cointracker, Klaviyo and other leaks really not helping. Monkey Drainer announced that they are quitting, but I have a strong feeling their place will quickly be filled by another primate seeking to rip off innocent users. A parting gift from the monkey was the publication of their phishing kit on Github which is a great research artifact to study and to build detections.

But it’s not all doom and gloom this week. ETHDenver happened and ETHGathering released a boatload of excellent blockchain security related talks including my favorite panel on monitoring and incident response. Three new CTFs launched to sharpen your low level EVM skills. Last but not least this edition features fantastic research papers by the likes of DeGatchi, Konstantin from Mixbytes, Beosin, and others.

Let’s dive into the news, but first a word from our sponsors Chainalysis!

The 2023 Crypto Crime Report is here!

Inside you’ll find 100+ pages of original data, research, and case studies on the most pressing topics in cryptocurrency-based crime, including:

• Why 2022 set records for crypto hacking

• How sanctions on Hydra, Tornado Cash, and others impacted the crypto crime ecosystem

• The latest crypto money laundering tactics employed by cybercriminals

• What crypto winter means for scammers

• How cybersecurity enhancements have hurt ransomware attackers

• And more!

Get your copy now >

News

• Crypto Companies Behind Tether Used Falsified Documents and Shell Companies to Get Bank Accounts by The Wall Street Journal.

• A New Crypto Mixer Promises to Be Tornado Cash Without the Crime.

• How Kubernetes Cryptomining Became an AWS Cloud Data Heist.

• LastPass says employee’s home computer was hacked and corporate vault taken. Vulnerable Plex media server was used as an initial exploit vector.

Scams

• The NFT Phishing Group MonkeyDrainer has announced that they are shutting down their service entirely.

• MonkeyDrainer - Ethereum NFT Drainer Github mirror.

• Trezor warns users of new phishing attack using a fake security alert sent over phone calls, texts, and emails. You can pick a PII leak of a month as a possible source of contact info.

• The Sandbox warns users of security breach used for email phishing campaign.

Hacks

• On February 20, 2023 and ongoing 2000+ Algorand network users and projects like Algodex, Lofty, AlgoCasino, etc. lost $9.2M+ due to private key compromises. The root cause is not known; however, a common factor among victims is the use of myAlgo. More recently, attackers moved from high value wallets to systematically emptying even low value wallets. Users are strongly advised to move assets into hardware wallets as soon as possible.

• On February 24, 2023 Shata Capital lost $5.1M due function parameter validation bug introduced as a result of a contract upgrade.

• On February 26, 2023 The Sandbox employee computer was compromised which allowed an attacker to obtain a list of customer email addresses. Unfortunately, the incident notice did mention any forensic or malware analysis was done before wiping the laptop.

Malware

• Cryptocurrency Entities at Risk: Threat Actor Uses Parallax RAT for Infiltration by Uptycs.

Contests

• EVM through CTFs launched with the first two challenges.

• Curta CTF launched.

• Sussy Huff CTF.

• EKO2022 Enter the metaverse CTF Challenge 2 — Metaverse Supermarket by StErMi.

Media

• ETHGathering talks were published. Here are a few blocksec related ones:

  • Monitoring & Incident Response Panel with Rajeev, Mitchell Amador, Dominic Bruetsch, Christopher von Hessert, Andrew Beal, Gonçalo Sá.

  • L2 Security Panel by Torgin, Kris Kaczor, Daniel Lumi, Orest Tarasiuk, Carlos Matallana.

  • Auditors Protocols Panel with Mooly Sagiv, Emilie Raffo, Julien Bouteloup, Rajeev, Kurt Barry, Christopher von Hessert, Hossam.

  • Reviewing DAO Security by Mar Gimenez.

  • Security Pitfalls when Building with DeFi Money Legos by Ioannis.

  • Monitoring and Mitigation of Economic Risk by Jan Osolnik.

  • Scaling Formal Verification to Find Bugs in Complex Smart Contract Systems by Mooly Sagiv.

  • WHAT THE HEX! by Anirudha.

Research

• Smart Contract Obfuscation Techniques by DeGatchi.

• Overview of the Inflation Attack by Konstantin Nekrasov.

• How to Avoid Issues Related to Deflationary Tokens by Beosin.

• Demystifying exploitable bugs in smart contracts with Zhuo and Brian.

• A developer’s guide to the web3 security stack by Jonathan King, Steven Willinger.

• Exploring Unconfirmed Transactions for Effective Bitcoin Address Clustering.

• Of Degens and Defrauders: Using Open-Source Investigative Tools to Investigate Decentralized Finance Frauds and Money Laundering.

Tools

• Trail of Bits released 168 pre-built properties for Echidna.

• Weird ERC20 Tokens.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content

Indicators