BlockThreat – Week 30, 2024

BlockThreat – Week 30, 2024

Greetings!

Almost $10M were stolen this week across 9 incidents. Traditional security issues like malicious insiders continue plaguing the ecosystem such as the case of HTX where several employees backdoored exchange’s wallet to steal 10K+ mnemonic phrases.

DNS Hijackings also picked up once again with Kelp and dYdX exposing their users to drainers as a result of the compromise. If you are a $1M+ project you should migrate Godaddy, Squarespace, Namecheap, and other discount (and frequently compromised) registrars to something a bit more secure like Cloudflare immediately!

Behind most private key compromises are usually well executed spear phishing campaigns. Unfortunately, this was the case for MonoSwap which lost $1.3M after one of its developers downloaded a malicious video conference app (KakaoCall). Be careful out there and don’t let a single compromised wallet and/or developer result in losses of assets.

Blockchain-wide exploits are rare but devastating. Casper Network suffered one this week where access control issue in chain’s contract installer allowed bad actors to drain 13 accounts for about $6.7M in assets. The network reacted by pausing the consensus mechanism which is now a favorite mitigating action by newer chains.

The premium edition of the newsletter contains additional details for the aforementioned commitments as well as MonoSwap, DeltaPrime, Gemini, Spectra, and others. Oh and be sure to check DeltaPrime’s post-mortem for another good incident response and negotiation case-study.

To gain access to comprehensive write-ups, post-mortems, exploit vulnerability proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s commitments, please subscribe to the premium plan below.

Let’s dive into the news!

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerabilities, indicators, special reports, and searchable newsletter archives.