BlockThreat - Week 3, 2025

Greetings!

This week saw a handful of hacks totaling just under $700K in losses. A notable trend is emerging in on-chain exploitation: the BSC chain has essentially become a hunting ground for bad actors targeting small TVL projects. These attackers even send messages congratulating one another for being the first to discover and exploit vulnerabilities.

Despite this trend, the majority of losses still originate from the Ethereum mainnet, which continues to attract serial exploiters. For example, the $200K UniLend hack not only caused significant damage but also inspired several copycat attacks.

In other news, Sony experienced a hard lesson in decentralization. Their attempt to censor tokens and transactions on their sequencer backfired when it became evident that transactions could still be submitted directly through L1.

Oh and be sure to check out a great new podcast for bug hunters in the Media section below. Let’s dive into the news!

News

• Sony's Soneium blockchain faces backlash over alleged blacklisting of memecoins on launch day. Interestingly, folks were still able to include transactions into the L2 thanks to OP Stack’s censorship resistance feature.
• US, Japan and S. Korea urge crypto industry to take action against North Korean hackers.

Crime

• Illicit Volumes Portend Record Year as On-Chain Crime Becomes Increasingly Diverse and Professionalized by Chainalysis.
• Chat Log Investigation: Actor Wang Xing’s Kidnapping Incident by SlowMist.
• Crypto Investment Firm Founder Pleads Guilty to Defrauding Thousands of Investors of Over $9M in Ponzi Scheme by TRM.
• Marko Polo Traffer Team Blockchain Analysis by Zero Shadow.
• $1.1M Penalty Slammed on Mosaic Exchange in Crypto Fraud Scandal.
• FBI Foils 'Goons' Who Plotted to Kidnap Jeweler and Steal $2 Million in Crypto.
• ‘A thief and a crooked cop’: L.A. deputy committed crimes for crypto mogul, feds say.

Policy

• Helium founder says company will defend itself 'vigorously' against SEC lawsuit. The last SEC lawsuit of the outgoing administration.
• SEC Imposes $38 Million Penalty on Digital Currency Group for Negligence.
• South Korea’s Upbit exchange hit with business suspension penalty.

Phishing

• Crypto industry alarmed as 7 million OpenSea email users’ leak resurfaces.
• Reports of malware in Google sponsored links when searchign for Homebrew packages.

Malware

• Telegram malware scams spike 2,000% as crypto investors face new threat.

Research

• Scam Detection for Ethereum Smart Contracts: Leveraging Graph Representation Learning for Secure Blockchain.
• Logic Meets Magic: LLMs Cracking Smart Contract Vulnerabilities.
• SoK: Design, Vulnerabilities, and Security Measures of Cryptocurrency Wallets.
• Smart Contract Fuzzing Towards Profitable Vulnerabilities.
• Cybersecurity Best Practices for Hedge Funds Dealing with Crypto Assets.
• How To Define Invariants by Nican0r (Recon).
• Sampled Public Audit Reports by OtterSec. Unlike other repos this one has coverage for Cosmos, Solana, and other chains.
• How to: Get to Know iPhone Privacy and Security Settings by EFF.
• The Fuzzing Book by Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, and Christian Holler. This book addresses this problem by automating software testing, specifically by generating tests automatically

Media

• Bountyhunt3rz Podcast - Episode 2 - 100proof. riptide & 100proof discuss bounty negotiation tactics, human behavior, incentives, acting in good faith, and why bounty hunters must be paid. 100proof treats listeners to a detailed walkthrough of a juicy bug he found in Morpho.
• Bountyhunt3rz Podcast - Episode 1 - deadrosesxyz. riptide & deadrosesxyz discuss hunting for bugs on the blockchain including techniques, secrets and tools of the trade, integrating LLMs into your workflow, getting paid, traits of a bounty hunter, and how bulgarian teenagers are taking over the space

Tools

• Weird ERC721 Tokens by abarbatei.
• BlockSec Anti-MEV RPC | BlockSec Documents.
• RugCheck - Solana token checker.

Hacks

UniLend

Date: January 13, 2025
Attack Vector: Price Oracle Manipulation
Impact: $197,000
Chain: Ethereum

References:

https://x.com/SlowMist_Team/status/1878651772375572573

https://nickfranklin.site/2025/01/13/unilend-hacked/

https://x.com/theRaz0r/status/1881737256773538066

https://blog.solidityscan.com/unilend-finance-hack-analysis-5ac7bb71850d

https://slowmist.medium.com/analysis-of-the-unilend-hack-90022fa35a54

https://medium.com/coinmonks/how-a-200k-exploit-unfolded-at-unilend-04fb4918292d

https://x.com/UniLend_Finance/status/1878805205254340844

Exploit:

https://etherscan.io/tx/0x44037ffc0993327176975e08789b71c1058318f48ddeff25890a577d6555b6ba

PIKA

Date: January 13, 2025
Attack Vector: Price Oracle Manipulation
Impact: $44,700
Chain: BSC

References:

https://x.com/TenArmorAlert/status/1878823497155461399

Exploit:

https://bscscan.com/tx/0x4a5ee6a58b4569bdc061df32571f5e36f3c966197a4d354c842b3dfad8981949

The Idols NFT

Date: January 14, 2025
Attack Vector: Logic Error
Impact: $340,000
Chain: Ethereum

References:

https://x.com/Phalcon_xyz/status/1879368962539917681

https://x.com/TheIdolsNFT/status/1879256089784635690

https://blog.solidityscan.com/the-idols-nft-hack-analysis-95f3abdd0deb

https://rekt.news/theidolsnft-rekt/

Exploit:

https://etherscan.io/tx/0xd9870068e40f8d7c4d58b87802c4fc830acbd90ff3e44460747c3a0727dfd3df

BIGO

Date: January 14, 2025
Attack Vector: Reward Manipulation
Impact: $18,000
Chain: BSC

References:

https://x.com/0xNickLFranklin/status/1879168885800493438

https://nickfranklin.site/2025/01/14/bigo-token-exploit/

Exploit:

https://bscscan.com/tx/0x8c9db55160a1484dd543e8a76e8a38eb58fccc63cdd5138cc46faf87e15bb9c9

GraFun

Date: January 16, 2025
Attack Vector: Reentrancy
Impact: $100,000
Chain: BSC

References:

https://x.com/certikalert/status/1880103898574385670

https://x.com/TenArmorAlert/status/1880079258267050334

Exploit:

https://bscscan.com/tx/0x0f74db4fcfd89b7c72702e0c114ee4a95b17bd1e9ed8eea255149a2beef6417a