E21 - Gala Games Gets Owned By A Whitehat & 50K BTC Silkroad Hacker Pleads Guilty - 11/8/2022
╠ Listen idegen.fm ✪ Contact @idegenfm ✪ Show notes wolfdefi.com ╣
Intro
Welcome to I, Degen - A podcast about crypto technology, security, and culture. We balance hype and hate, cutting through the misinformation and ego in search of the signal in the noise.
Listen to I, Degen Episode 21 directly on idegen.fm, on Spotify, Apple Podcasts, or various other places.
E21 Summary
This week we get into the strange and confusing story of the Gala Games hack, the 50K BTC Silkroad hacker, and a bunch of other crypto security news.
I, Degen - Weekly Crypto Security Headlines of Interest
-
Nov 1st, 2022 - Rogue Actor Disrupts Lightening Network With a Single Transaction - From Coindesk
-
he allegedly created a non-standard Bitcoin transaction that prevented users from opening new Lightning channels
- Issue on Github
- “Rouge Actor” Tweets
-
-
Nov 1st, 2022 - Gone Phishing for 5M - a ZachXBT Investigation of 0x0Poor aka Elliot
-
Nov 1st, 2022 - Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
- malicous packages are clones with addational import statements
- But what does W4ASP Do?
It downloads a script that, at least right now, will turn around and grab cookies and passwords from browsers and send the data off to an discord webhook.
-
Nov 1st, 2022 - Crypto exchange Deribit loses $28 million in hack - From The Block
-
Nov 2nd, 2022 - OpenSea Now Auto-Detects and Blocks Stolen NFTs, Disables Scam Links
- OpenSea, the top NFT marketplace by trading volume, has launched new theft detection and prevention features.
- One feature detects and disables scam links shared on the platform, while the other identifies stolen NFTs and blocks their resale.
The tool automatically scans any links that users entered on the marketplace and disables any that point to known scams, or that redirect clickers to websites with malicious code that could swipe NFTs from someone’s wallet. On one hand, the tool relies on an expanding blocklist tracking identified exploits. But it also goes one step further by simulating transactions through any wallet connectivity prompts on the linked website
-
Nov 2nd, 2022 - From The Block 1K Solana Validators Go Offline as Hetzner blocks server access
- sounds like there are plenty of ETH nodes hosted here too, likely soon they will be shut down?
-
Nov 2nd, 2022 - From Rubic Team on Twitter Cross chain DEX Rubic’s has an admin wallet address compromised.
-
Nov 3rd, 2022 - SKYWARD FINANCE Treasure Drained for 3.2M - From Rekt
the function lacks proper verification of the token_account_ids parameter, allowing the attacker to loop the redemption of wNEAR by repeatedly passing their withdrawal within the transaction. The fact that it took over a year for anyone to find this relatively simple exploit is remarkable.
-
Nov 5th, 2022 - Pando Rings is hacked by someone. - @pando_im
- Pando Rings, Leaf, Lake and 4swap protocol suspended due to price oracle attack, will be back as soon as possible.
- I’ve been trying to find DeFi hacks that aren’t being reported on, this one comes via ETHSecurity TG via ETHMsg TG
-
Nov 3rd, 2022 Arbitrage traders make over $6.5M from Gala Games scare
-
PeckShield tweets about a possible hack
-
The pNetwork team quickly said that it noticed that pGALA tokens were no longer safe, so it coordinated the attack to prevent malicious players from taking advantage of the situation.
-
The Gala Games token fell by roughly 30% due to a white hat attack that printed $1 billlion new tokens.
-
But, there is more Gala Whitehat Hack Nets 4M - From CryptoSlate
-
Huobi has alleged that the GALA incident was not a white hat operation as pNetwork claimed, but an attack that gave the protocol a $4.5 million profit.
According to the exchange, there were other “premeditated operations” during the incident, which resulted in over $10 million in profit for the parties involved. Huobi continued that the pNetwork team did not inform it that it would attack the pGALA token despite communicating with it 50 minutes before the incident.
-
-
Nov 7th, 2022 - U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud
-
Damian Williams, the United States Attorney for the Southern District of New York, and Tyler Hatcher, the Special Agent in Charge of the Internal Revenue Service, Criminal Investigation, Los Angeles Field Office (“IRS-CI”), announced today that JAMES ZHONG pled guilty to committing wire fraud in September 2012 when he unlawfully obtained over 50,000 Bitcoin from the Silk Road dark web internet marketplace. ZHONG pled guilty on Friday, November 4, 2022, before United States District Judge Paul G. Gardephe.
-
140 rapid withdrawals in rapid succession, by nine fake accounts
-
I, Degen - Other Links of Interest
-
Oct 21st, 2022 - 🛠️ Web3AV? Strange.
-
Oct 23rd, 2022 - Web3 Developer Report (Q3 2022)
-
Nov 1st, 2022 - ‘I was a slave’: Up to 100,000 held captive by Chinese cybercriminals in Cambodia - From The LATimes
Dumped in a high-rise building above a casino, he was turned over to mobsters who seized his passport and put him to work bilking gamblers on a sham sports betting app.
-
Nov 2nd, 2022 - New Stealer In The Wild
-
Nov 3rd, 2022 - Yearn security team has discovered a vulnerability in a third-party BribeV2 contract.
-
Nov 3rd, 2022 - A theft ring that allegedly made millions from catalytic converters has been busted - From NPR
-
Nov 3rd, 2022 - Zellic is proud to be the first audit firm backing their audit with a real stake.
-
Nov 4th, 2022 - Run Bitcoin Run Puzzle Solved
-
Nov 6th, 2022 - IRS is building hundreds of Crypto tax evasion cases
-
Telegram Feed of all Ethereum messages that contain message data - This was linked in ETHSecurity TG and looks like a cool way to potentially spot low-profile events of interest.
-
Immunefi WhiteHat Leader Board
- Top hacker has earned 13M as of this writing. Wow.