Roughly $3.7M was stolen this week across eight incidents. The winter holidays remain one of the most dangerous periods for defenders, as attackers intensify their activity while relying on reduced staffing and slower response times.
The most severe incident this week stemmed from a user falling victim to an address poisoning attack, resulting in a $50M loss. While this does not surpass last year’s record $71M WBTC address poisoning hack, successful compromises of this kind continue to incentivize attackers to flood the blockchain with malicious transactions. What’s frustrating is that this class of attack is largely solvable. Wallets and blockchain explorers could defeat most address poisoning attacks with stronger heuristics. What are the odds that a user legitimately interacts with multiple addresses that share similar prefixes and suffixes? We can do better!
The troubling trend of attacks against older contracts also persists. Yearn was compromised yet again, losing $300K due to a misconfiguration exploit, while Rari’s multisig was taken over, allowing attackers to drain approximately $2M.
Let’s dive into the news!
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
The content presented below is intended for personal, non-commercial use only and is protected by copyright laws. Any unauthorized distribution, reproduction, or inclusion of this content in public or commercial products, databases, publications, and other mediums is strictly prohibited without the express written permission of the author.
Read more on newsletter.blockthreat.io
