BlockThreat - Week 22, 2021

Sia | PancakeHunny | TeamTNT | Clipper

After weeks of non-stop hacks, we finally got a bit of a break where we can catch up on fun research papers and a fun DeFi security workshop from Binance.

Let’s dive into the news, but first a special thanks to our sponsors at Trail of Bits:



News

Hacks

Malware

Media

Security First in DeFi workshop sponsored by Binance:

  1. Understand the security risk of Blockchain by Certik Team

  2. Incident Response Process(During/After hacks) by Merkle Science

  3. Project Panel: How projects respond to risks and how general users can protect themself? with Cream, dForce, Autofarm, Ogle

  4. Best practices for working with data/oracle in a smart contract by Chainlink Team

  5. Proactive defense for DeFi protocols: Security as a never ending process by Immunefi team

Research

Stay informed, stay healthy, and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)

BlockThreat - Week 21, 2021

Belt Finance | BurgerSwap | Wild Credit | JulSwap | Merlin | AutoShark | Geth

Almost $17M were stolen this week across various DeFi projects with losses primarily generated by various Pancake Bunny clones on the Binance Smart Chain. Things got so bad that Binance issued a call for action to get developers to adopt secure engineering practices. Crypto Core APT was linked with the Lazarus group further solidifying North Korea’s place as the primary threat to cryptocurrency exchanges around the world. This edition also features lot’s of excellent research papers, podcasts, and talks, but be sure to check out samczsun’s excellent write up on the critical Geth bug. With that grab some coffee, this is going to be one of the larger editions!

Events

News

Hacks

Vulnerabilities

Malware

Media

Research

Tools

  • Ape Framework - The DeFi development tool for Pythonistas, Data Scientists, and Security Professionals.

  • Ethernal - a private blockchain explorer for EVM-based chains.


Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Stay informed and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)

BlockThreat - Week 20, 2021

Ethereum | Bunny Finance | Bogged Finance | Venus Protocol

This week we learned about a silently patched vulnerability in both Geth and Parity nodes which almost halted the network. Another $43.6M stolen from various DeFi projects and additional $200M liquidated as a result of price manipulation. I started keeping track of these incidents, root cases, and their impact on OpenBlockSec - DeFi Incidents 2021 page. So far in 2021 we are at $400M+ lost or stolen just from the hacks (significantly more due if we also count rug pulls and other scams) which is enough to sound an alarm that changes must happen soon in this segment of the industry through increased user awareness, developer education, tool development, bug bounty programs, etc. to turn the tide.

Events

News

Hacks

Scams

Vulnerabilities

Research

Tools


Help support BlockThreat!

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Stay informed and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)

BlockThreat - Week 19, 2021

DarkSide | xToken | Pi Network | Vault.sx | bEarn

This week ends the Colonial Pipeline saga with yet another paid ransom further emboldening ransomware gangs. Ethereum, Binance Smart Chain, and EOS based DeFi applications were exploited this week for a total loss of almost $40M. On the bright side projects are finding and patching more vulnerabilities using internal code reviews and bug bounty programs potentially reversing a seemingly unstoppable barrage of DeFi hacks. Be sure to check out excellent reports by Ciphertrace and Chainalysis on the current state of cryptocurrency crime.

News

Scams

Hacks

Vulnerabilities

Malware

Research

Tools


Help support BlockThreat!

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Thanks for joining me in another week of blockchain security!

- Peter Kacherginsky (iphelix)

BlockThreat - Week 18, 2021

Value DeFi | Rari Capital | Meebits | Blockchain Village

Welcome to this week’s edition of BlockThreat! For those of you not too busy watching Dogefather on SNL and hopefully not participating in the giveaway scam barrage, I have a fantastic edition for you featuring DeFi hacks, latest scam and malware campaigns, new EVM analysis tools, and a fun new podcast on the QuadrigaCX saga. Enjoy!

Events

Media

Scams

Hacks

Vulnerabilities

Malware

Research

Tools


Help support BlockThreat!

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Stay informed, stay healthy, and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)

Loading more posts…