It’s never a dull week in Blockchain Security! An absolutely massive, $611M multi-chain DeFi hack, took place earlier in the week with the most bizarre ending of the attacker returning most of it. Five additional DeFi projects were also exploited with additional $32M in losses. This week’s edition features several excellent reports on nation state ransomware, the state of crypto crime as well as research on smart contracts vulnerabilities and on-chain privacy.
Let’s dive into the news, but first a special thank you to Oak Security which sponsored this week’s edition:
Oak Security focuses on third-generation blockchains and blockchain interoperability. Oak’s client base has a combined market cap of over $10 billion. The company specializes in Terra, Cosmos, Polkadot, and Flow security, and is the leading provider of CosmWasm security audits. Oak security is growing and hiring new auditors.
Cryptocurrency Crime and Anti-Money Laundering Report by CipherTrace points at DeFi hacks and scams as the largest cause of monetary losses even as more tradition crypto crimes are on the decline.
T-Mobile suffered a massive data breach. Stolen data includes social security numbers, drivers license, IMEI numbers, addresses, and names which may be used account takeover attacks against exchanges.
Blockchain Analytics service is offered on the dark web to help criminals avoid AML detection on exchanges.
Nation State Ransomware report by Analyst1 establishes a connection between ransomware gangs and Russian intelligence services.
Accenture compromised by LockBit ransomware gang which demanded a $50M ransom to avoid leaking 6TB of stolen data.
On August 10, 2021 Poly Network, a cross-chain DeFi protocol, lost $611M worth of crypto assets in a sophisticated attack which spanned Ethereum, BSC, Polygon, and Ontology blockchains. Following the hack, Tether froze 33M USDT stolen by the attacker’s preventing them from making a deposit to Curve.fi until an Ethereum user, hanashiro[.]eth, gave them a heads up and was handsomely rewarded with 13.37 ETH. In a bizarre twist, the attacker may have inadvertently leaked their identity which resulted in a days long on-chain conversation between Poly Network, Ethereum users, and the attacker negotiating the return of most of the stolen funds.
On August 10, 2021 Punk Protocol lost $8.95M after contract dependencies were reset due to a missing modifier. The attackers themselves were front-run by a bot whose owner returned most of the funds with the exception of a $1M finders fee.
On August 11, 2021 Neko Network lost $4M as a result of a logic error in its lending protocol.
On August 12, 2021 DAO Maker lost $7M after its superuser private keys were compromised.
On August 14, 2021 Ref Finance, a DeFi project on the Near blockchain, lost $3.2M after its REF-NEAR LP pair was exploited.
Romanian cryptojacking group targets Linux hosts with weak SSH credentials to install Monero miners.
Golang cryptojacker worm targets vulnerable WebLogic and supervisord instances to install XMRig miners while disabling hardware prefetcher to increase performance.
The Dangers of Surprising Code by samczsun discusses an unfortunate design pattern implemented by “safe*” functions which may result in reentrancy vulnerabilities.
How to deanonymize smart contract author by Pawel Pokrywka illustrates a great use of Google BigQuery to hunt for similar contracts possibly deployed by unobfuscated accounts.
Understanding Bitcoing Privacy by OXT Research series:
Flash Loan, Re-Entrancy Attack, and DEX Oracle Manipulation Exploit on Ethereum (Trojan Coin Bricks Project Instructions) by Mike De’Shazer walks readers through a sample Bricks environment to help simulate common DeFi exploits.
Smart Contract Inspector by tintinweb
ETH Calldata Decoder by Apoorv Lathey
Onchain Blog by Vaibhav Kumar
Help support BlockThreat!
Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
Stay informed, stay safe and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)