BlockThreat – Week 30, 2024

BlockThreat – Week 30, 2024

Greetings!

This week, nearly $10 million was stolen in 9 incidents. Traditional security issues such as malicious insiders continue to plague the ecosystem, such as the case of HTX, where multiple employees backdoored the exchange’s wallet to steal over 10,000 mnemonic phrases.

DNS hijackings also picked up again as Kelp and dYdX exposed their users to drainers as a result of the breach. If you have a $1 million+ project, you should immediately migrate Godaddy, Squarespace, Namecheap, and other cheap (and often compromised) registrars to something a little more secure like Cloudflare!

Most private key compromises are usually the result of well-executed spear phishing campaigns. Unfortunately, this was the case for MonoSwap, which lost $1.3 million after one of its developers downloaded a malicious video conferencing app (KakaoCall). Be careful and don’t let a compromised wallet and/or developer result in loss of assets.

Blockchain-wide exploits are rare but devastating. Casper Network had one this week, where an access control issue in the chain’s contract installer allowed bad actors to wipe out 13 accounts for about $6.7 million in assets. The network responded by pausing the consensus mechanism, a now favored mitigation measure by newer chains.

The premium edition of the newsletter includes additional details for the aforementioned tradeoffs, as well as MonoSwap, DeltaPrime, Gemini, Spectra, and others. Oh, and don’t forget to check out DeltaPrime’s post-mortem for another great incident response and negotiation case study.

For access to comprehensive vulnerability descriptions, post-mortems, exploit proofs of concepts (PoCs), attacker addresses, and additional details about this week’s breaches, subscribe to the Premium subscription below.

Let’s dive into the news!

Do you enjoy reading BlockThreat? Consider sponsoring the next edition or become a paying subscriber to unlock the premium section with detailed information on hacks, vulnerabilities, indicators, special reports and searchable newsletter archives.