BlockThreat - Week 44, 2021
bZx | Rari | Vesper | Synapse | DarkSide | Squid Game
Welcome to BlockThreat!
This week we are seeing first indications of the North Korean Lazarus APT taking interest in DeFi projects with the $55M compromise of bZx. TWAP price manipulation is a hot new exploit in DeFi space resulting in the compromise of multiple projects. US Government is on the hunt for ransomware actors and anyone supporting them with a recent arrest and a $10M bounty. A rapid increase of social engineering attacks on crypto Discord channels claimed yet another major project, be careful out there! Let’s dive into the news, but first some exciting project news:
Project updates: The newsletter now includes a new paid subscriber section with a growing collection of premium content such as threat indicators for the recent hacks, DeFi exploit PoCs, phishing domains, crypto malware signatures, and others.
I will continue delivering the same free content to help build and secure the blockchain community while providing an added value to professional auditors, blockchain analytics companies, and others who made the leap of making this a full time endeavor.
You can unlock it by upgrading your subscription in your account settings page. Looking forward to your thoughts and suggestions on this new format!
Join Formal Verification in the Ecosystem conference on November 16, 2021 featuring speakers from Certora, Flashbots, Trail of Bits, Consensys, and many others.
Damn Vulnerable DeFi wargame just got four new challenges, hardhat updates, and new fun challenges.
Consensys: Securing your Uniswap integration with Scribble by Joran Honig (Consensys)
Secureum SafeCast episode with Dan Guido (Trail of Bits).
US DoJ announced a reward of up to $10M for information on the DarkSide ransomware group responsible for the Colonial Pipeline hack.
Denis Dubnikov, a co-founder of Coyote Crypto and EggChange, was arrested in Amsterdam (after previously being detained in Mexico City airport) per extradition request by FBI. The arrest came after a series of cryptocurrency exchange sanctions by U.S. Treasury aiming to dismantle the ransomware and money-laundering industry based out of Russia.
Bloomberg reports on an unusual concentration of sanctioned cryptocurrency exchanges in a single skyscraper in Moscow’s business district. Vostok Tower hosts Suex, EggChange, CashBank, Buy-bitcoin[.]pro, and others.
Zaryn Dentzel, a founder of Tuenti, was tortured by masked assailants for four hours to gain access to his cryptocurrency assets.
Check Point Research alerts of an ongoing Google Adwords phishing campaign targeting crypto wallet and DeFi users which already resulted in the theft of at least $500K.
TRM Labs reports on an ongoing BitRAT malware phishing campaign targeting Mango Markets NFT users on Discord.
Axe Infinity was targeted by the now familiar Discord social engineering attack tricking channel operators into leaking their auth token through a screen sharing session and advertising a malicious Dapp to steal users’ tokens.
ENS Domains shared an ongoing phishing campaign taking advantage of the recent airdrop.
Vice reports on the sophisticated OTP Bot phishing campaign allowing scammers to target 2FA users of Coinbase, PayPal, and other financial institutions.
Squid Game operators rug pulled the project which cost investors $12M.
On October 23, 2021, an attacker exploited a reward calculation logic in Take Profit Finance, a BSC-based DeFi project, to gain $400K.
On October 30, 2021 a vulnerability in the Pixel Vault’s Planet DAO token approval mechanism was exploited to mint tokens by burning PUNKS comic NFTs the attackers did not own.
On October 30, 2021 Chia Network experienced a Denial of Service attack after a single operator flooded the network with small transactions. This resulted in a number of nodes getting overwhelmed and delaying legitimate transactions from reaching the network.
On November 2, 2021, Rari Fuse protocol was exploited with a price manipulation exploit which resulted in the loss of $3M.
On November 3, 2021, Vesper Finance lost $3M in yet another TWAP price manipulation attack.
On November 6, 2021, Synapse, a cross-chain protocol, lost $8M due to incorrect price calculation using an external AMM.
Inspex fixed a flaw in its farm smart contract which could have allowed users to claim more assets than expected after a friendly notification from the KillSwitch team.
Bitcoin Mixing: A Survey & Short Guide on How to trace Malicious Transactions by Rakesh Krishnan.
Inside the War Room: How Indexed Finance Traced Its $16M Hacker by Stefan Stankovic (Crypto Briefing).
Become a Dapptools Pilled Chad in 30 minutes or Your Money Back by @transmissions11.
The Web3 Security Revolution by Immunefi.
Preventing Channel Jamming by BitMEX Research.
Google Adwords phishing domains:
Mango Markets fake wallet malware:
Squid Game scammers:
Take Profit Finance exploiter: