BlockThreat - Week 18, 2021
Value DeFi | Rari Capital | Meebits | Blockchain Village
|Peter Kacherginsky||May 11||2|
Welcome to this week’s edition of BlockThreat! For those of you not too busy watching Dogefather on SNL and hopefully not participating in the giveaway scam barrage, I have a fantastic edition for you featuring DeFi hacks, latest scam and malware campaigns, new EVM analysis tools, and a fun new podcast on the QuadrigaCX saga. Enjoy!
Defcon Blockchain Village CFP is now open. Consider submitting a talk on blockchain security related topics!
South Korean law enforcement raided V Global exchange offices responsible for scamming $1.5B worth of assets from 40,000 members.
Elon Musk crypto giveaway scams are on the rise again before his appearance on SNL.
Ongoing Twitter phishing campaign targets Metamask users to steal seed phrases.
WallStreetBets Forum Members Targeted in Telegram Cryptocurrency Scam which resulted in the loss of $2M worth of Binance Coin.
Token Sniffer - Scams & Hacks directory lists latest reports of scam coins.
On May 8th, 2021 Rari Capital yield-generating strategy in Alpha Finance’s ibETH was exploited which resulted in the theft of 2600 ETH ($10M). The attacker used funds they stole from the earlier Value DeFi hack making this the first cross-chain hack. Perpetrators also issued a mocking on-chain message.
On May 8th, 2021 Meebit NFT generation logic was exploited to mint a highly valuable NFT worth $700K.
The Rage of Android Banking Trojans report by Threat Fabric notes an increase in crypto stealing malware targeting popular Android mobile apps from Coinbase, Binance, Blockchain.com, and others.
Panda Stealer malware report by TrendMicro documents a new wallet stealer propagated through spam emails.
Tracking One Year of Malicious Tor Exit Relay Activities (Part II) is a follow up to the last year’s article which first identified malicious actors intercepting cryptocurrency-related web traffic on Tor. In this edition, nusenu identifies a likely actor behind 1000s of malicious exit nodes intercepting traffic to cryptocurrency mixers.
Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts explores new attack vectors using specially crafted addresses and homographs.
DeFi Risk Tools & Resources is a great resource for various blockchain security projects, tools, risk scoring metrics, insurance providers, and other related subjects.
How To Spot a Potential RUG — Clear signs something is sketchyis a nice deep dive into Phoinikas Finance contract and social media profiles.
Ethereum Toolkit (ETK) - a collection of tools for creating and analyzing EVM smart contracts. The toolkit includes assembler and disassembler tools.
Palkeo Arbitrary Transaction View - a tool to simulate arbitrary EVM transactions.
Help support BlockThreat!
Stay informed, stay healthy, and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)