The rise of popularity in DeFi projects has also brought a new wave of scams and scammers. We will focus on three different examples ranging from traditional confidence scams to more technical backdoored smart contracts. OpenEthereum and ETH2 have announced bug bounty programs. TeamTNT is fighting other cryptojackers with their Black-T malware and other news in this week’s edition.
Cryptocurrency Enforcement Framework was published by DoJ. The report focuses on crimes involving cryptocurrency (e.g. drug dealing), money laundering, and theft of cryptocurrency. The report also outlines threats posed by the nation states such as North Korea and Iran.
UniCats platform scammed a user out of $140K worth of UNI by requesting unlimited transfer approval and later emptying the wallet. Bad cats!
Whale Hunt - SBF & Blue Kirby is a dive into the on-chain transactions and activities of the latest exit scam in the DeFi space.
A flaw was discovered in Curve, Swerve and other related contracts which could result in funds loss. The vulnerability was responsibly disclosed by Shaikh Farhan as part of Curve’s bug bounty program.
Lightning Network continues discovering and patching new vulnerabilities.
Another $25K bug bounty was announced by the OpenEthereum project.
Black-T malware targets weak AWS accounts to mine Monero. The sample proactively disables any competing miners on the compromised hosts.
Analysis of Soda Finance Hack by folks at Anchain and an example use of Z3 solver to automatically find similar bugs.
That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.