BlockThreat - Week 13, 2001

ForceDAO | Trezor | Paradigm | Geth | Handshake | Delta Finance

Welcome to this week’s edition of Blockchain Threat Intelligence where we will explore a couple of hacks in DeFi space including an unusual spam campaign by a disgruntled operator, several blockchain node vulnerabilities one of them a critical minting bug, and the latest trends in the use of cryptocurrencies by criminals. In case you had the pleasure of competing in Paradigm CTF earlier this year be sure to check out team’s solutions below.

I also wanted to share a new directory of blockchain incidents in my side project OpenBlockSec. The directory contains all know security incidents related to cryptocurrency exchanges, DeFi applications, blockchains, node and wallet software, and other related subjects. The goal of the directory is to learn about the past trends, mistakes and extrapolate lessons for today’s world. It already seems like exchange security incidents of 2011 are oddly similar to DeFi incidents in 2021 in their financial impact, frequency, and seeming lack of accountability.

In other news, a joyful reason for my recent absence from the newsletter was recently covered by several media outlets in case you want to see some more positive uses for NFTs ;-)

News

Hacks

Vulnerabilities

Malware

Research

Tools


Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Thanks for joining in this week’s edition! Stay informed, stay positive and see you all next week.

- Peter Kacherginsky (iphelix)

BlockThreat - Week 12, 2021

ElasticDAO | Vesper Finance | BT Finance | PancakeSwap | Immunefi

Multiple projects fixed critical vulnerabilities after getting responsible disclosures from Sam, Dedaub team, and others. In many cases these disclosures were facilitated using Immunefi which provides an excellent service to the community by connecting security researchers and various smart contract projects. It was an otherwise quiet week so we can finally enjoy a few fun research papers from Vitalik, Jimmy Song, and others.

News

Crime

Vulnerabilities

Malware

Research

Tools


Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Thanks for joining me in this week’s edition and see you all next week!

- Peter Kacherginsky (iphelix)

BlockThreat - Week 11, 2021

TSD | CREAM | PancakeSwap | Nifty | Iron Finance | SIL Finance

This week we saw traditional appsec threats creep into the crypto world after a couple of DeFi projects lost control over their DNS infrastructure and NFTs getting stolen as a result of good ole’ account takeovers. On the blockchain layer we had a small scare where a block explorer reported a double spend on FileCoin only to conclude that it was just an exchange not using node API correctly. Last but not least check out news of the upcoming QuadrigaCX documentary in the Media section.

News

Crime

Hacks

Vulnerabilities

Scams

  • Binance Smart Chain TurtleDEX rug pulled on its investors within hours of launch. $2.5M worth of BNB tokens were quickly exchanged on Binance.

Media

Research


Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Stay informed and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)

BlockThreat - Week 10, 2021

EIP1559 | Roll | DODO | Nano | Zerion

Welcome back to the Blockchain Threat Intelligence newsletter! After a brief break and a happy wedding (part of it on-chain), I’m excited to dive back into the fun world of BlockSec. This week we will discuss the EIP1559 drama happening on the Ethereum blockchain, 0day markets and NFTs, and several DeFi hacks. Be sure to read the DODO post-mortem for mad a ride through the Dark Forest.

News

Hacks

Malware

Research

Tools


Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Thanks for joining me this week and see you all in the next week’s edition as I’m slowly catching up on the news.

- Peter Kacherginsky (iphelix)

BlockThreat - Week 9, 2021

Meerkat | PAID | Kava | IVF | Curve | Electrum | MetaMask

Never a dull week in blockchain security! Multiple smart contract developers reported their private keys were compromised. In all but one case we can only guess if these incidents were part of a rug pull or a compromise by malicious 3rd parties. However, what was apparent is the importance of properly securing superuser keys using multi-sig, governance contracts, or other ways which would prevent a single bad developer from running off with all the cash. On the more positive side, check out two great podcasts with Katie Haun on prosecuting corrupt agents in the Silk Road case and Julien Boutelop’s talk on the Rekt project.

Media

Crime

Scams

Hacks

Vulnerabilities

Malware

Research


Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.


Just a heads up that next week’s edition will be delayed, but we will catch up on all the news the week after. Thanks for joining me and see you all soon!

- Peter Kacherginsky (iphelix)

Loading more posts…