BlockThreat - Week 25, 2021
Africrypt | StableMagnet | Impossible | Eleven | xWin | SafeDollar | Crackonosh
This week 69K BTC were stolen in a massive exit scam by Africrypt exchange founders. Attackers starting to target projects hosted on Ethereum Layer 2 networks. More DeFi protocols on the Binance Smart Chain got exploited for a total loss of about $5M. Oh and be sure to read up on a new rug pull technique which exploits a weakness in Etherscan-based block explorers to hide malicious source code.
StakeHound sued Fireblocks for losing a key pair to unlock 38K ETH.
British Police seizes £114M worth of cryptocurrencies.
The Lazarus heist: How North Korea almost pulled off a billion-dollar hack 10 episode series by BBC.
Total Defense: DeFi Hacks with ChainSecurity, Immunefi, and Chainalysis
StableMagnet owners rug pulled $27M using a backdoored library. Interestingly, the scam takes advantage of a weakness in Etherscan-based explorers which do not verify linked library source code.
Common NFT Scams to Avoid by Chris Hamer (MyCrypto).
On June 27, 2021 SafeDollar reward logic vulnerability was exploited which resulted in the theft of $250K. Interestingly, the attack took place on Ethereum’s layer 2 network called Polygon (previously Matic).
Ongoing BazarCall phishing campaign that uses call centers to infect computers with ransomware.
Help support BlockThreat!
Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
Stay informed and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)