NCET | Evolved Ape | Lido | Rocket Pool | MEV | Steak Stake
Welcome to BlockThreat!
NFT craze did not go unnoticed by scammers with multiple NFT projects running off with investor’s funds this week netted bad actors almost $5M. Lido and Rocket Pool dodged a major bullet after a critical vulnerability was responsibly disclosed in their ETH2 staking pools. A curious case of an MEV searcher getting exploited, U.S. DoJ formed a new team to combat cryptocurrency crime, sophisticated phishing schemes continue targeting cryptocurrency users while a steady stream of breaches continues growing the target list.
Let’s dive into the news, but first a special thank you to Breadcrumbs.app who sponsored this week’s edition:
U.S. DoJ announced formation of a National Cryptocurrency Enforcement Team (NCET) to help combat cryptocurrency crimes.
IntSights published a comprehensive report on the use of cryptocurrencies by technically sophisticated Latin American cartels.
Epik domain registrar and hosting company data breach revealed an active market for typo-squatting domains targeting cryptocurrency exchanges.
Syniverse, a telco infrastructure company supporting AT&T, T-Mobile, Verizon, and others, revealed a multi-year breach which could allow attackers access to SMS data.
ETHGlobal Smart Contract Security Panel with samczsun, Nikesh Nazareth, Maurelian, Rajeev Gopalakrishna.
ETHGlobal Writing Smart Contracts without Solidity by Gilbert Garza.
An ongoing discord scam campaign sends users to a fake Collab Land site with a mock MetaMask wallet designed to steal mnemonic seed phrases.
Another report of a phishing campaign involving a fake MetaMask pop up window which prompts users for their seed phrases.
On October 4, 2021 Steak Stake lost $160M worth of FTM and USDC tokens after leaking a private key on Github.
On October 4, 2021 Solana Metaplex contract was tricked into listing fraudulent NFTs in its marketplace.
Zilliqa patched a vulnerability in its gossip protocol which could trick shard members into signing arbitrary transactions.
Liquid Network halted for 22 hours following a hard fork upgrade.
Analysis of the recently sanctioned Suex exchange by Anna Baydakova (CoinDesk)
Flashbots Protect allows easy front-running protection for everyday users.
MEV Inspect to search for miner payments, arbitrages, etc.
Help support BlockThreat!
Over the past two years, BlockThreat has gained more than a thousand followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
Stay informed, stay healthy and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)