This week BBC dropped a bomb with its investigative report linking known bad actors BTC-e (involved in 2016 election fraud) and Wex exchanges with Russian FSB service. A buffer overflow vulnerability was patched in Bitcoin node software, Ethereum opcode cost instability raises reentrancy concerns, and a dump of SFBW ‘19 videos are all featured in this week of blockchain threat intelligence.
Crime
Russia’s FSB Linked to $450M Bitcoin Disappearance - a fascinating article on the history of BTC-e and Wex exchanges, their takedown by FBI, arrests of their administrators, and how $450 million worth of cryptocurrencies from these exchanges ended up in the hands of FSB. The article is based on the original investigative report by BBC Russia.
Thieves targeted crypto execs and threatened their families in wide-ranging scheme, says DOJ - indictments against two individuals using technical (SIM-swapping) and non-technical harassment to steam or attempt to steal $550,000 in cryptocurrency.
Hackers demand $5 million from Mexico's Pemex in cyberattack - a 565 BTC ($5 million) ransom was posted after company’s computers were infected with DoppelPaymer malware.
Research
The Middleman Is Dead, Long Live the Middleman: The “Trust Factor” and the Psycho-Social Implications of Blockchain - a paper on trust in decentralized blockchain systems.
Reentrancy After Istanbul - a research article on the effects of opcode repricing may have contracts where Gas increases may allow for successful reentrancy attacks in the fallback function.
Securing Lightning Nodes - a great overview of possible attacks on the Lightning nodes and how to protect yourself against them.
Vulnerabilities
[bitcoin-dev] CVE-2017-18350 disclosure - a buffer overflow vulnerability in SOCKS5 protocol handling in the Bitcoin Core node software.
Media
SFBW 2019 Videos - videos from San Francisco Blockchain Week were posted including a number of blockchain security talks such as TxProbe Discovering Bitcoin’s Network Topology.
Did you enjoy this week’s edition? Have blockchain security related news to share or just a suggestion? Great, drop a line to iphelix [at] blockthreat.net. Thanks!
Protect Your Crypto
Buy a hardware wallet: