Welcome to this week’s edition of BlockThreat! For those of you not too busy watching Dogefather on SNL and hopefully not participating in the giveaway scam barrage, I have a fantastic edition for you featuring DeFi hacks, latest scam and malware campaigns, new EVM analysis tools, and a fun new podcast on the QuadrigaCX saga. Enjoy!

Events

• Defcon Blockchain Village CFP is now open. Consider submitting a talk on blockchain security related topics!

Media

• Exit Scam - a podcast series about the death and afterlife of Gerald Cotten (QuadrigaCX CEO)

Scams

• South Korean law enforcement raided V Global exchange offices responsible for scamming $1.5B worth of assets from 40,000 members.

• Elon Musk crypto giveaway scams are on the rise again before his appearance on SNL.

• Ongoing Twitter phishing campaign targets Metamask users to steal seed phrases.

• FBI started adding warning signs on Bitcoin ATM machines to deal with the surge of scams.

• WallStreetBets Forum Members Targeted in Telegram Cryptocurrency Scam which resulted in the loss of $2M worth of Binance Coin.

• Token Sniffer - Scams & Hacks directory lists latest reports of scam coins.

Hacks

• On May 6th, 2021 Value DeFi was hacked after its pool got reinitialized. The attacker drained $10M worth of crypto assets.

• On May 8th, 2021 Value DeFi was hacked again due to invalid use of power() function. Another $11M were stolen.

• On May 8th, 2021 Rari Capital yield-generating strategy in Alpha Finance’s ibETH was exploited which resulted in the theft of 2600 ETH ($10M). The attacker used funds they stole from the earlier Value DeFi hack making this the first cross-chain hack. Perpetrators also issued a mocking on-chain message.

• On May 8th, 2021 Meebit NFT generation logic was exploited to mint a highly valuable NFT worth $700K.

Vulnerabilities

• 0x patched a vote inflation vulnerability after it was responsibly disclosed by samczsun.

Malware

• The Rage of Android Banking Trojans report by Threat Fabric notes an increase in crypto stealing malware targeting popular Android mobile apps from Coinbase, Binance, Blockchain.com, and others.

• Panda Stealer malware report by TrendMicro documents a new wallet stealer propagated through spam emails.

Research

• Tracking One Year of Malicious Tor Exit Relay Activities (Part II) is a follow up to the last year’s article which first identified malicious actors intercepting cryptocurrency-related web traffic on Tor. In this edition, nusenu identifies a likely actor behind 1000s of malicious exit nodes intercepting traffic to cryptocurrency mixers.

• Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts explores new attack vectors using specially crafted addresses and homographs.

• DeFi Risk Tools & Resources is a great resource for various blockchain security projects, tools, risk scoring metrics, insurance providers, and other related subjects.

• How To Spot a Potential RUG — Clear signs something is sketchyis a nice deep dive into Phoinikas Finance contract and social media profiles.

Tools

• FuzzyVM - a guided differential fuzzing framework for EVM.

• Ethereum Toolkit (ETK) - a collection of tools for creating and analyzing EVM smart contracts. The toolkit includes assembler and disassembler tools.

• Palkeo Arbitrary Transaction View - a tool to simulate arbitrary EVM transactions.

Help support BlockThreat!

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.

Stay informed, stay healthy, and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)