BlockThreat - Week 28, 2021

THORChain | Bondly | PancakeBunny | Ape Rocket | REvil

This was a brutal week for DeFi. Almost $18M were stolen across 8 different incidents. With more projects diversifying deployments across Layer 2 and EVM-compatible chains, it is becoming crucial to monitor for hacks on any one chain and quickly pause the project on the remainder. Using ApeRocket as an example, developers had about 4 hours to detect an exploit on the BSC chain before their Polygon contract got exploited. Cross-chain protocol exploitation trend continued this week as well with THORChain suffering from a massive $7.8M hack. But, not everything is dark on the blocksec frontier, check out an excellent write-up by Alex Manuskin on a new approach to phishing incident response.

It will take some time for our field to become more secure, so hang in there folks and keep fighting the good fight by sharing post-mortems, video seminars, and classes!

Let’s dive into the news, but first a special thank you to Trail of Bits which sponsored this week’s edition:








Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.

Stay informed and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)