BlockThreat - Week 43, 2021
HunTor | CREAM | BXH | AutoShark | MCN | AnubisDAO | Chivo
Welcome to BlockThreat!
Not a good week for darkweb operators. Multiple international law enforcement agencies announced arrests ranging from malware and ransomware gangs to darkweb marketplace distributors. Just as expected, El Salvador’s bitcoin wallet airdrop scheme is being abused by scammers. CREAM Finance caused a mess not only for the astronomical amount stolen, but scaring AAVE users from pulling billions in liquidity thinking it may also be exploited. It’s always fun to watch DeFi hackers getting sniped by MEV bots which is exactly what happened in the MCN Token hack which also gets the silliest vulnerability award for leaving the burn function open.
DoJ announced results of Operation Dark HunTor spanning 10 months including 150 arrests and $31M seized.
Ukrainian police detained a gang who laundered funds for Russian hacking groups and seized flash drives and crypto stealing malware.
German police identified a core member of REvil ransomware gang.
Elizabeth Warren released an open letter to US Treasury to respond to an “emerging threat” of cryptocurrencies. In addition to financial risks, the letter identifies the use of crypto in ransomware and other malicious cyber activity as one of the reasons for concern.
LisCoin Conference - Shutter - Preventing malicious MEV and Frontrunning by Ulrich Petri.
LisCoin Conference - Why are the Bridges Burning? by James Prestwich.
Identity Thieves Exploit El Salvador’s Chivo Bitcoin Wallet’s Setup Process to claim the initial $30 airdrop.
AnubisDAO rug pulled almost $60M in ETH after investor funds were suddenly pulled from the liquidity pool. One of the project’s founders shared a detailed incident timeline.
On October 27, 2021 CREAM Finance lost $130M in a sophisticated exploit used to manipulate collateral value. Based on the on-chain analysis there are likely two actors who perpetrated the hack. Following the incident, AAVE lending platform issued an emergency governance proposal to fix a similar potential exploit as investors urgently pulled billions.
On October 29, 2021 multiple MCN Uniswap pools were drained by an attacker exploiting an unprotected burn function in the token’s contract. As things often happen in the dark forest, the original attacker transaction was front ran by an MEV bot which claimed a $172K reward.
ETH, 0x0000e38f37DFFB8577270160B11211B681DD6774 (Attacker #1)
ETH, 0xccb02f136129e89b323910ae44f5faa56604b299 (Attacker #2 - Kraken)
On October 30, 2021 BXH lost $139M after their private keys were compromised. Stolen funds have since been swapped to BTC and ETH chains.
Ondo Finance caught a logic error (transposition of variables) in its Sushi staking strategy.
How to become a smart contract auditor by Christoph Michel.
Flashing A Light On The Dark Forest – Part 1 by Joo Kian (Delphi Digital).
Unraveling Tornado.Cash Anonymity by SlowMist.
Help support BlockThreat!
Over the past two years, BlockThreat has gained more than a thousand followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes 10+ hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
Stay informed, stay healthy and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)