BlockThreat - Week 28, 2021
THORChain | Bondly | PancakeBunny | Ape Rocket | REvil
This was a brutal week for DeFi. Almost $18M were stolen across 8 different incidents. With more projects diversifying deployments across Layer 2 and EVM-compatible chains, it is becoming crucial to monitor for hacks on any one chain and quickly pause the project on the remainder. Using ApeRocket as an example, developers had about 4 hours to detect an exploit on the BSC chain before their Polygon contract got exploited. Cross-chain protocol exploitation trend continued this week as well with THORChain suffering from a massive $7.8M hack. But, not everything is dark on the blocksec frontier, check out an excellent write-up by Alex Manuskin on a new approach to phishing incident response.
It will take some time for our field to become more secure, so hang in there folks and keep fighting the good fight by sharing post-mortems, video seminars, and classes!
Let’s dive into the news, but first a special thank you to Trail of Bits which sponsored this week’s edition:
U.S. Department of State offers a 315 BTC ($10M) bounty for information on foreign government cyberattacks.
Ransomware group REvil goes offline after President Biden’s warning to Russia’s Vladimir Putin.
OpenZeppelin Secure Development Series - 1/6 - The Dangers of Token Integration with Martin Abbatemarco.
On July 12, 2021 DeFiPie reentrancy vulnerability was exploited.
On July 13, 2021 Axie Inifinity NFT marketplace was DDoS-ed.
A privacy-leak bug patched in ZCash Nighthawk wallet which exposed sender’s transaction history.
Hamas Cryptocurrency Donations Update by Jonelle (CipherTrace)
Flashbots on Reorgs by Phil D (Flashbots)
Scribble Generator by Consensys Diligence.
Help support BlockThreat!
Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
Stay informed and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)