Week 50, 2019

Jan 28

Hacker steals $6.7 million worth of tokens from VeChain Foundation - 1.1B VET tokens transferred to 0xD802A148f38aBa4759879c33E8d04deb00cFB92b as a result of misconduct of the token’s finance team. In the follow up to the incident, VeChain Foundation has implemented a blacklist against 469 attacker addresses in collaboration with Authority Masternodes.

Russia's Hydra Darknet Marketplace Plans $146M Token Sale - a new trend in darknet markets attempting ICOs.
Crypto Mining Pool Fraud Scheme - three arrested in a BitClub Network mining pool scam where customers were presented with fake earnings and encouraged to purchase mining tokens.
Stellar Tried to Give Away 2B XLM Tokens on Keybase. Then the Spammers Came - mass spamming of the Keybase platform as a result of the Stellar airdrop.
BTC Mixing Service Bitcoin Blender Accused of Stealing User’s Funds - a Reddit user reported the mixing service simply stealing any funds sent to them.
ISIS Is Experimenting with This New Blockchain Messaging App - reports of a terror group experimenting with a number of messaging apps including BCM, TamTam, RocketChat, Riot, and Hoop.

Kaspersky research finds 174 municipal institutions targeted with ransomware in 2019 - the report documents a significant spike in ransomware attacks with ransomware amounts reaching up to $5M on average. The report also notes that mining attacks have also dropped sharply.
Two members of the prolific Romanian hacker gang Bayrob Group were sentenced to two decades in U.S. prison apiece after their malware mined crypto on 400,000 infected computers.

How to turn $20M into $340M in 15 seconds - a theoretical attack scenario against MakerDAO which may result in collateral theft. The attack requires 80K MKR which only a the Maker Foundation and a few investors investors like a16z currently have. Following the article, Maker Foundation has increased the Governance Security Module (GSM) delay to 24 hours to allow proper detection to an otherwise instantaneous attack.
Critical bug in EOS REX - an EOS Authority security assessment has uncovered a flaw in REX contract which allowed it to extract more EOS tokens than expected. The vulnerability is patched.
Inside Kraken Security Labs: Flaw Found in Keepkey Crypto Hardware Wallet - a voltage glitching attack to extract an encrypted seed.

Tracing extorted bitcoin - an investigation into a extortion attempt where an attacker claimed sex acts recorded on a hacked webcam video.
Selfish Behavior in the Tezos Proof-of-Stake Protocol - the research paper describes conditions under which block stealing may be incentivized.
Vertcoin’s 51% attack – a case-study for blockchain security - several interesting insights into how the Vertcoin attack was perpetrated including Nicehash stratum protocol monitoring, the insights taken from the A model for Bitcoin’s security and the declining block subsidy, Hostile blockchain takeovers and On the Security and Performance of Proof of Work Blockchains papers, and other papers.
All smart contract security issues in one place: An introduction to the SWC Registry - introduction to a new smart contract vulnerabilities directory using a few sample contracts as examples.
Destroying the Indestructible - an interesting technique to bypass Dharma’s IndestructibleRegistry by exploiting the way the platform interprets bytecode with jump in the middle trickery.
BDoS: Blockchain Denial of Service - novel denial of service attack which requires significantly less than 51% hashpower.
Chinese bitcoin miners control 65% of the crypto network's processing power; Bitmain’s market share continues to decline - an analysis of increasing share of hashpower controlled by Chinese based miners.

Lightning Network (Part 5) – BitMEX Research Launches Penalty Transaction Alert System - a new monitoring system to detect penalty or “justice” transactions on the lightning network.

Share