BlockThreat - Week 18, 2021
Value DeFi | Rari Capital | Meebits | Blockchain Village
Welcome to this week’s edition of BlockThreat! For those of you not too busy watching Dogefather on SNL and hopefully not participating in the giveaway scam barrage, I have a fantastic edition for you featuring DeFi hacks, latest scam and malware campaigns, new EVM analysis tools, and a fun new podcast on the QuadrigaCX saga. Enjoy!
Events
- Defcon Blockchain Village CFP is now open. Consider submitting a talk on blockchain security related topics!
Media
- Exit Scam - a podcast series about the death and afterlife of Gerald Cotten (QuadrigaCX CEO)
Scams
- South Korean law enforcement raided V Global exchange offices responsible for scamming $1.5B worth of assets from 40,000 members.
- Elon Musk crypto giveaway scams are on the rise again before his appearance on SNL.
- Ongoing Twitter phishing campaign targets Metamask users to steal seed phrases.
- FBI started adding warning signs on Bitcoin ATM machines to deal with the surge of scams.
- WallStreetBets Forum Members Targeted in Telegram Cryptocurrency Scam which resulted in the loss of $2M worth of Binance Coin.
- Token Sniffer - Scams & Hacks directory lists latest reports of scam coins.
Hacks
- On May 6th, 2021 Value DeFi was hacked after its pool got reinitialized. The attacker drained $10M worth of crypto assets.
- On May 8th, 2021 Value DeFi was hacked again due to invalid use of power() function. Another $11M were stolen.
- On May 8th, 2021 Rari Capital yield-generating strategy in Alpha Finance’s ibETH was exploited which resulted in the theft of 2600 ETH ($10M). The attacker used funds they stole from the earlier Value DeFi hack making this the first cross-chain hack. Perpetrators also issued a mocking on-chain message.
- On May 8th, 2021 Meebit NFT generation logic was exploited to mint a highly valuable NFT worth $700K.
Vulnerabilities
- 0x patched a vote inflation vulnerability after it was responsibly disclosed by samczsun.
Malware
- The Rage of Android Banking Trojans report by Threat Fabric notes an increase in crypto stealing malware targeting popular Android mobile apps from Coinbase, Binance, Blockchain.com, and others.
- Panda Stealer malware report by TrendMicro documents a new wallet stealer propagated through spam emails.
Research
- Tracking One Year of Malicious Tor Exit Relay Activities (Part II) is a follow up to the last year’s article which first identified malicious actors intercepting cryptocurrency-related web traffic on Tor. In this edition, nusenu identifies a likely actor behind 1000s of malicious exit nodes intercepting traffic to cryptocurrency mixers.
- Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts explores new attack vectors using specially crafted addresses and homographs.
- DeFi Risk Tools & Resources is a great resource for various blockchain security projects, tools, risk scoring metrics, insurance providers, and other related subjects.
- How To Spot a Potential RUG — Clear signs something is sketchyis a nice deep dive into Phoinikas Finance contract and social media profiles.
Tools
- FuzzyVM - a guided differential fuzzing framework for EVM.
- Ethereum Toolkit (ETK) - a collection of tools for creating and analyzing EVM smart contracts. The toolkit includes assembler and disassembler tools.
- Palkeo Arbitrary Transaction View - a tool to simulate arbitrary EVM transactions.
Stay informed, stay healthy, and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)