Zellic Security Roundup

Zellic Security Roundup

Share this post

Zellic Security Roundup
Zellic Security Roundup
Zellic Security Roundup: January '25
Copy link
Facebook
Email
Notes
More

Zellic Security Roundup: January '25

Volume 2, Issue 1

Zellic
Jan 10, 2025
1

Share this post

Zellic Security Roundup
Zellic Security Roundup
Zellic Security Roundup: January '25
Copy link
Facebook
Email
Notes
More
Share

Happy New Year and welcome to the Zellic Security Roundup, a monthly security-focused newsletter covering valuable security news and analysis in Web3.

This month will focus on the EVM trackooor, our recently released framework for tracking and processing arbitrary data on blockchains, along with our audit results from 2024, recently published audit reports, and the latest news in Web3 security.

Cool Finds at Zellic

Below is a snippet from our blog post “EVM Trackooor: Tracking Anything and Everything on EVM Chains” written by Zellic Security Researcher Rainier Wu.

We’ll be looking at what the EVM trackooor is, why we made the EVM trackooor, and the ways we’ve used the EVM trackooor thus far.

What Is The EVM trackooor?

The EVM trackooor is a framework for tracking any kind of data on a blockchain. It allows users to easily request and handle blockchain data, including event logs, transactions, and blocks mined.

It essentially allows you to register what data you want from a blockchain, whether they’re events emitted from a certain contract or transactions by a specific account. Then, you can define what happens when you receive the data, such as processing it and recording it in a database or sending an alert through a webhook.

The EVM trackooor features:

  • Real-time data monitoring, including event logs, transactions, and blocks mined

  • The ability to request historical data, such as past events or transactions that occurred within a block range

  • A modular approach to request and process data for any purpose

  • Event and function-ABI fetching to automatically decode event logs and transaction calldata

You can request real-time data, to monitor for certain activities or historical data, providing a block range to process data from a specific time period.

Why Did We Make It?

Blockchains have a lot of data. There are RPC calls to query this data, but creating a new project every time you wanted to query and filter data for specific purposes is troublesome.

The EVM trackooor simplifies this process by being a generic framework for querying and filtering data — all you need to do is tell it what data you’re looking for, and it provides the data directly to you.

For example, let’s say there’s an address 0xcafe... holding native ETH and some ERC-20 tokens, and we want to be alerted when it moves those funds.

On an RPC level, this would look something like

  • (for native ETH) listening for new blocks mined with eth_subscribe("newHeads"), iterating through all transactions in the block to look for transactions by 0xcafe..., and then checking the value of the transaction.

  • (for ERC20 tokens) listening to Transfer event logs emitted by ERC-20 token contracts, such as the USDT token contract, with eth_subscribe("logs"), decoding the log and checking the from address and value.

This is quite tedious, especially if we want to track multiple different events, as for each event we must have its ABI to decode it.

The EVM trackooor handles all of this — it handles the whole process of retrieving and filtering data and implements a simple method to provide event ABI for decoding event logs.

All we need to do is provide the address we want to monitor for transactions or the contract we want to monitor for event logs as well as a callback function that the EVM trackooor will call with our requested data for us to process. Then in the callback function, we can implement checking the value and sending alerts.

Now, we can easily query for and process data from blockchains, allowing us to create complex modules from graphing funding paths to monitoring contract proxy upgrades and ownership transfers.

How Is This Useful?

The EVM trackooor allows us to process and monitor arbitrary data on any EVM chain.

We’ve already used the EVM trackooor to

  • Monitor for potential exploits funded by Tornado.Cash

  • Graph funding paths to visualize movements of funds, including native ETH and ERC-20 tokens

  • Listen for ownership transfers and proxy upgrades for high-value contracts

How Can I Use It?

The EVM trackooor is a command-line tool, and you can access it on GitHub. There, you can access its documentation with more info on usage, including how to use preexisting modules or create your own module.

In the News

Research

  • Zellic earned first place in two out of the three weeks of the ZK Hack V competition. Zellic earned first-place marks for Puzzle V-2 and Puzzle V-3.

  • Zellic’s CTO Jasraj Bedi joined an Initia Twitter Broadcast on “How Not To Get Rugged”, where he intentionally went through the process of getting rugged to advise on the steps to take and to avoid when going through with a transaction.

  • a16z crypto released their “Best of 2024” roundup, which covers their most popular and best-performing content pieces from various themes like policy and regulation, builder resources, and engineering.

  • Messari released The Crypto Theses 2025, which includes two main sections of “The State of Crypto” (shorter essays on the 2024 crypto meta) and “Sector Theses” (which goes over the narratives in the major crypto sectors).

  • “Rolling in the Shadows: Analyzing the Extraction of MEV Across Layer-2 Rollups” is a research article by computer scientists at Northeastern University with researchers at ETH Zurich, which identifies vulnerabilities that could have potentially earned attackers $2M through cross-layer sandwich attacks.

  • “Distribution Markets” is an article from Dave White at Paradigm that introduces distribution markets as a new kind of prediction market where the outcomes could be any number, not just “yes” or “no”.

  • “Meet Willow, Our State-of-the-Art Quantum Chip” is an article from the Founder and Lead of Google Quantum AI Hartmut Neven that introduces Google’s latest quantum chip.

Legal

  • Alexander Mashinsky, the founder and former CEO of Celsius, pled guilty to one count of committing commodities fraud and one count of committing securities fraud in connection with two fraudulent schemes at Celsius.

  • Hailey Welch and the other creators behind the Hawk Tuah meme coin have had a US federal lawsuit filed against them for their role in the launch of the Solana meme coin, where the price of the coin fell 93% from a peak market cap of $490M.

  • Craig Wright, who falsely claimed to be the creator of Bitcoin, has been sentenced to one year in jail after starting a legal claim for $1.1T over intellectual property rights related to Bitcoin.

  • Magazine by Cointelegraph interviewed multiple legal experts to unpack the most important legal developments of 2024 and forecast what’s next for crypto regulation and legislation in the United States in 2025.

Crime

  • Ilya Lichtenstein, the Bitfinex hacker, confessed to hacking Bitfinex in 2016 and laundering the stolen funds in an attempt to divert any blame towards his wife, Heather Morgan, who has also been sentenced to prison time for her role in laundering the stolen funds.

  • Nigeria’s anti-corruption agency arrested 792 individuals suspected of being involved in a crypto romance scam operation. The Economic and Financial Crimes Commission stated that the suspects would contact victims over social media to seduce them or offer fraudulent crypto investment schemes to then pressure them into transferring money, a type of scam known as pig butchering.

Hacks

  • North Korean hackers were linked to $1.3B stolen in crypto across 47 incidents in 2024, which reportedly doubled the amount stolen in 2023.

  • The LastPass security breach that took place in 2022 has been linked to a recent $5.36M crypto heist where funds were stolen from over 40 victims’ wallets.

  • DMM Bitcoin, a Japanese cryptocurrency exchange, ceased operations following a hack that took place in May which resulted in $300M+ in losses. Japanese and US authorities have attributed the $308M theft from DMM to North Korean threat actors.

  • An exploit of a critical vulnerability in the Dogecoin network caused 69% of its nodes to crash. Andreas Kohl, the co-founder of Sequentia, a Bitcoin sidechain, claimed that he crashed 69% of the Dogecoin network using a vulnerability discovered by researcher Tobias Ruck.

  • CloberDEX suffered an exploit on December 10th that resulted in a loss of approximately $501K. The attacker exploited a reentrancy vulnerability in the _burn function of the Rebalancer contract.

  • Radiant Capital has said that their October 16th $50M breach is linked to North Korean threat actors that leveraged “sophisticated malware” targeting three trusted developers whose devices were compromised.

  • Google confirmed two high-risk vulnerabilities in Chrome (CVE-2024-12381 and CVE-2024-12382), which were determined to be a type confusion vulnerability and use-after-free vulnerability.

  • Byte Federal, a US Bitcoin ATM operator, disclosed a data breach that exposed the data of ~58,000 customers after hackers gained access to its systems by exploiting a GitLab vulnerability.

Scams

  • Wallet drainers accounted for $494M in crypto losses in 2024, marking a 67% increase from the previous year.

  • Drake’s Twitter account was compromised on December 15th with the malicious actors using the account to promote a coin called Anita. Following the post, Anita rose to $4.9M in trading volume with analysis quickly uncovering the coin to being a scam.

  • Researchers have uncovered a scam campaign that uses fake video conferencing apps to deliver an information stealer called Realst, specifically targeting individuals working in Web3.

  • A Ledger phishing campaign was uncovered where data-breach notifications would be sent via email and ask users to verify recovery phrases. The phishing emails have the subject of "Security Alert: Data Breach May Expose Your Recovery Phrase".

Meet Up With Us

We will not be traveling to any conferences in January. If you’d like to schedule 1:1 time with our team, reach out to sales@zellic.io.

Zellic Auditing Stats

In December, Zellic auditors completed 16 audit engagements where they were able to uncover a total of 42 Critical, High, and Medium bugs:

  • 6 Critical-level bugs

    • 6 Coding Mistakes bugs

  • 11 High-level bugs

    • 9 Coding Mistakes bugs

    • 1 Business Logic bug

    • 1 Code Maturity bug

  • 25 Medium-level bugs

    • 18 Coding Mistakes bugs

    • 2 Protocol Risks bugs

    • 3 Business Logic bugs

    • 1 Optimization bug

    • 1 Code Maturity bug

Recent Zellic Audit Reports

  • Anzen and Protocol-v2 Audit Report: Anzen is the creator of USDz, a stablecoin backed by a diversified RWA portfolio.

  • Cultured Audit Report: Cultured is a framework that allows users to trade on arbitrary data feeds.

  • Fairyring Audit Report: Fairblock is a dynamic confidentiality network that orchestrates high-performance, low-overhead, and custom confidential execution for efficient on-chain markets and AI supply chains.

  • Fuelet Audit Report: Fuelet is a noncustodial wallet on Fuel.

1

Share this post

Zellic Security Roundup
Zellic Security Roundup
Zellic Security Roundup: January '25
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Zellic
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More