Security in WEB3 - Issue 5 : 04-July-2022

Weekly roundup on Security, Developer, Research and resources in WEB3

Hey Everyone!

Welcome to my fifth issue on Security in WEB3.

If this is the first time you are visiting this newsletter please consider subscribing if you like to read any of the following.

**The total amount of loss shown are approximations and cannot guarantee that those are actual numbers/losses incurred to people/protocol or profit made by the exploiter.**

Permalink for this Issue powered by @OrbisClub

---

Hacks🤫

• go-opera code bug that allows the user to unlock the local account with HTTP/WS enabled

• Twitter and YouTube accounts of the British Army were simultaneously hacked and used to promote NFT and crypto scams @web3isgreat

• Another serial Twitter accounts hacker - Recently hacked @JRNYclub and @nounsdao

• Solana liquidity protocol Crema Finance was exploited for around 69,500 SOL (~$2.3 million) and around $6.5 million worth of stablecoins for a total loss of around $8.8 million in notional value.

• Optimism NFT marketplace Quixotic suffers exploit following contract update. The attacker was able to hack the offer feature to drain more than $100,000 in Optimism and USDC.

• Public RPC gateway provided by Ankr for Polygon and Fantom were comprised via DNS hijack. Also a report and resources on how to be safe by @officer_cia

• Leading NFT marketplace OpenSea has warned customers of possible phishing attacks after reporting a data breach through its email vendor

• @cz_binance warns all the platforms that do user data verification amid a likely data breach caused due to a bug in an Elastic Search deployment by a gov agency from now of the ASIAN country

• Infamous North Korean hacker group identified as a suspect for $100M Harmony attack

  • cointelegraph

  • decrypt

---

Scams😩

• CFTC Charges South African Pool Operator and CEO with $1.7 Billion Fraud Involving Bitcoin

• The U.S Department of Justice Announces Enforcement Action Charging Six Individuals with Cryptocurrency Fraud Offenses in Cases Involving Over $100 Million in Intended Losses. Including David Saffron(the owner of the Circle Society cryptocurrency investment platform); Michael Alan Stollery(founder and CEO of Titanium Blockchain Infrastructure Services); Emerson Pires, Flavio Goncalves, and Joshua David Nicholas, the two founders and the "head trader" of the EmpiresX cryptocurrency investment platform; Le Anh Tuan, who was one of the individuals behind the "Baller Ape" NFT rug pull in October 2021;

• Serial NFT scammer

• Fake Mining scams observed by @sniko_ and others at Consensys

• LV__Metaverse second rugpull in a week ~$50K

---

News 📰

• FOIA request reveals that COINBASE PROVIDING “GEO TRACKING DATA” TO ICE but Coinbase denies reports of selling customer data to the US government

• Ruja Ignatova(cofounder of OneCoin - massive fraud scheme) Added to the FBI’s Ten Most Wanted Fugitives List

• Crypto Exchange CoinFLEX Claims 'Bitcoin Jesus' Roger Ver Owes It $47 Million

• ‘Gray Glacier’ Upgrade Goes Live on Ethereum Network

• A couple of weeks back Coinbase announced Layoffs and Pulled Job Offers, Now they Announced their European Expansion Plan

• META(Facebook) Begins Testing Ethereum and Polygon NFTs on Profiles

• Meta to Shutter Novi Crypto Payments Wallet in September, Ending Libra Saga

• The HTC Desire 22 Pro comes preloaded with "Viverse" apps to navigate the metaverse and manage your crypto and NFTs

• Polkadot Chief Gavin Wood Announces Blockchain Governance Upgrade

• Polygon Deploys Custom Blockchain Scaling System 'Avail'

• Chainlink’s Smart Contract Products Go Live on Fantom

• The AFIP(Argentina’s Federal Administration of Public Income) seized $800 million from more than 1,200 virtual wallets

• EU agrees on “MiCA” regulation to crack down on crypto and stablecoins

• MicroStrategy scoops up 480 Bitcoin amid market slump

• The Ronin bridge tied to Axie Infinity is back up with a new design

---

Uncertainties🙆‍♂️

• Banxa(Australian Crypto Firm) is slashing its headcount from 230 to 160 as the crypto industry’s ongoing bear market continues to weigh heavy.

• FTX Reaches Deal To Acquire BlockFi for up to $240M

• Voyager Digital plans to pursue recovery through the legal system after Three Arrows Capital failed to repay two loans by the deadline.

• Also, 3AC filed for bankruptcy

• Singapore reprimands 3AC for providing false information

---

Discord Compromises💩

• 03-July-2022:

  • HENI

• 02-July-2022:

  • riff_rats, Yugennft, TushiPals, HydroWhalesClub

• 01-July-2022:

  • thef8club, HauntedSpace_, shadow_xzy

• 30-June-2022 :

  • very_io, Yugennft

• 29-June-2022 :

  • genies, BloodBatsNFT, SenshiiNFT, voltz_xyz

• 28-June-2022 :

  • frencybear, 1block_official

• 27-June-2022 :

  • fatapeclub

---

Developer resources💻

• second web3 repo DeFiVulnLabs! ⭐️ by @1nf0s3cpt

• On-chain Procedural Generation by @0xPARC

• Rust 1.62.0 released by @rustlang

• @ConsenSys announced a partnership with @StarkWareLtd, bringing ZK-rollups to @MetaMask and @infura_io to give devs more network options for a multi-chain future → blog post by Consensys

• wagmi@^0.5.0 released by wagmi_sh

• NFT Marketplace benchmarks by @z0age

---

Consider following @0xViking and @securityinweb3

---

Weekly Spotlight :

This is a section where every week I will highlight one must-follow Twitter account.

“@wallet_guard“ - Web3 security advocates. Also, check out their Free anti-phishing extension for Chrome & Brave

Follow Wallet Gaurd

---