BlockThreat - Week 39, 2021
Compound | DeversiFi | POAP | Autoshark | Coinbase | Eleven | Cream
Welcome to BlockThreat!
Finally a week with some good news. Eleven and Cream both announced that all of their stolen funds ($23M combined) were returned this week. Another $23M were returned to DeversiFi by a miner who collected the amount in erroneous gas fees. On the not so positive side, Compound Finance is on track to losing $160M after introducing a governance proposal with a nasty bug, Coinbase announced that an SMS 2FA bypass vulnerability was used to compromised 6K accounts, POAP’s minting mechanism was compromised. In other news, AlphaBay founder wants to resurrect the darkweb marketplace and a nasty airdrop scam campaign continues to haunt Ethereum users.
Let’s dive into the news, but first a special thank you to Breadcrumbs.app who sponsored this week’s edition:
Eleven Finance returned all of the $4.5M stolen after an attacker reached out with an assistance from Peckshield.
A horrific account of a cryptocurrency owner tortured and left for dead.
AlphaBay operator, DeSnake, plans to revive the darkweb marketplace.
On September 29, 2021 POAP’s minting system was compromised resulting in several NFTs being fraudulently issued and sold.
On October 1, 2021 Autoshark Finance swap mining vulnerability was exploited to steal $581K worth of FIN tokens.
On October 1, 2021 Coinbase announced that 6,000 users had funds stolen as a result of a SMS-based 2FA bypass.
On September 27, 2021 DeversiFi paid $23.7M in gas fees due to an issue in EthereumJS libary dealing with EIP-1559 transactions. The miner who collected the fees has since returned all of the collected gas.
On September 29, 2021 Compound Finance introduced an award calculation vulnerability after deploying an unaudited community governance proposal. As a result up to $162M worth of COMP tokens are vulnerable to excessive awards with about $120M already claimed.
Belt Finance patched a critical logic error bug after it was responsibly disclosed by Alexander Schlindwein.
Kraken Security Labs reported vulnerabilities in a Bitcoin ATM machine.
Positive Technologies published its Cybersecurity threatscape: Q2 2021 report noting continuous increase in ransomware attacks accounting for 95% of all malware attacks in the retail sector.
REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout report by Flashpoint reveals a backdoor in a the ransomware family used to steal affiliates’ loot.
BluStealer: from SpyEx to ThunderFox crypto stealer report by Avast.
Firefox Add-on SafePal Wallet steals users’ crypto.
Symbolic Value-Flow Static Analysis: Deep, Precise, Complete Modeling of Ethereum Smart Contracts study used to find six vulnerabilities.
Fuzzing ERC20 contracts with Diligence Fuzzing using Scribble specs.
Depth understanding of EVM storage mechanism and security issues by Knownsec Blockchain Lab.
Help support BlockThreat!
Over the past two years, BlockThreat has gained more than a thousand followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
Stay healthy, stay informed and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)