Got a fun edition for you this week featuring a number of great blocksec talks from EthCC, podcasts, and research papers. THORChain contracts and users continue getting attacked with more than $8M stolen. In other news, Malaysian police adopted a unique approach to fighting illegal mining.
Let’s dive into the news, but first a special thank you to Trail of Bits which sponsored this week’s edition:
PlugWalkJoe arrested in connection with the 2020 Twitter hack.
Virgil Griffith arrested for violating terms of his bail.
Interview with a Searcher with MEV Senpai and Hasu
Security Risks in Crypto: How To Stay Safe? by Travin Keith
Unchained Ep. 256 - How Ransomware Evolved Into a Big Business with Gurvais Grigg
EthCC Security Track talks:
Lessons learned from over 300 security audits by Sebastian Banescu
The streets of Dark Forest are paved with gold by Damian Rusinek
From a Hackathon to your first Code Audit by Robson Silva Junior
Becoming the most secure crypto organisation by Matt Johnson
KVaC: Key-Value Commitments for Blockchains and Beyond by Srinivasan Raghuraman
CryptoTerminal for Trusted Ethereum Transactions by Pascal Urien
Combating Frontrunning and Malicious MEV Using Threshold Cryptography by Jannik Luhn Shutter Network
Exploiting and Securing DeFi Projects with Formal Methods by Xinyuan Sun
Oracles from the Ground Truth to Market Manipulation by Shayan Eskandari
More talks here.
An interesting exploit/rug pull by the creators of Layer.farm by RugDoc
New ETH stealing scam on Discord writeup by Immunefi
On July 20, 2021 Sanshu Inu deflation mechanism flaw was exploited which resulted in the loss of $110K. Interestingly the attacker got front-run by an MEV searcher.
Should I Use Spot Price as my Oracle? by samczsun. Spoiler alert: No!
Ethereum Reorgs After The Merge by Georgios Konstantopoulos, Vitalik Buterin
Dr. Reorg or: How I Learned to Stop Worrying and Love MEV by Saneel Sreeni
Iron Finance Debacle: Was it really a bank run? (no) by Herbert Eng
Scribble Generator by Consensys Diligence
Help support BlockThreat!
Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
Stay informed and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)