lazarusholic

Everyday is lazarus.dayβ

Blast Chain's $97 Million Battle: Are North Korean Hackers Rusty?

2024-03-27, CertiK
https://www.certik.com/ko/resources/blog/blast-chains-usd97-million-battle-are-north-korean-hackers-rusty
#Suspicious #Munchables

Contents

Blast, an Ethereum Layer 2 network, launched its mainnet on February 29, quickly attracting about 19,500 ETH and 640,000 stETH of staked liquidity.
On March 21, 2024, the SSS Token (Super Sushi Samurai) was exploited due to a contract flaw. A logic error in the token contract allowed the attacker to arbitrarily increase the SSS Token balance of a specified account, resulting in a loss of over 1,310 ETH (approximately $4.6 million) for the project.
Less than a week after the SSS Token attack, another larger attack occurred on Blast, targeting the Munchables project. The attacker made off with 17,413.96 ETH, amounting to approximately $62.5 million. Half an hour after this attack transaction, 73.49 WETH from the project's contract was also stolen and transferred to another address by the hacker. At that time, the project's contract address still held 7,276 WETH, 7,758,267 USDB, and 4 ETH, all of which were at risk …

IoC

0000000000000000000000004300000000000000000000000000000000000003
0000000000000000000000004300000000000000000000000000000000000004
29958E8E4d8a9899CF1a0aba5883DBc7699a5E1F
6E8836F050A315611208A5CD7e228701563D09c5
f563Ce437E3aB8e0B79585dF5122700FBc42aFcd