BlockThreat - Week 14, 2021
Polkatrain | Uranium Finance | Fei | Silk Road | BitClout
|Peter Kacherginsky||Apr 19||1|
Welcome to this week’s edition of Blockchain Threat Intelligence. BSC (Binance Smart Chain) had multiple DeFi applications hacked, a critical bug in Fei was responsibly disclosed, rumors of Paxful exployee PII getting leaked, and more in the never ending stream of blockchain security news.
Additional details revealed about Lazarus Group extortion tactics after the Bithumb compromise.
Silk Road (2021) is yet another crypto-thriller based on the true stories of the Dread Pirate Roberts and a corrupt DEA agent set out to hunt him down. I enjoyed film’s morally ambiguous stance on both DPR and DEA agent’s actions. Silk Road takes a few liberties with the plot line, but mostly sticks to the real world events including the infamous San Francisco library bust.
On April 4th, 2021 Polkatrain on BSC rebate mechanism was exploited which resulted in the loss of $3M (57K DOT).
On April 7th, 2021 Uranium Finance on BSC logic bug was exploited which resulted in the theft of $1.5M worth of RADS. According to the post-mortem, the Uranium team was able to persuade the attacker to return $1M by linking their identity to a Binance account.
Reports of BitClout collecting users’ private keys on each API request by James Prestwich. Anyone with access to raw data or server logs may be able to steal assets linked to the keys.
ABI deserialization vulnerability was discovered in Solidity compiler by the Certora team.
Sandwich bot exploit/honeypot analysis by Robert Miller.
Paradigm CTF 2021 Swap Challenge guided walkthrough by samczsun.
Double Spend Proofs: Protocol Improvements and Providing End-User Guidance explores zero-conf transactions on BCH network.
Help support BlockThreat!
Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.
Stay informed and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)