Week 28, 2019

Bitpoint | AlphaPoint | 0x | Ransomware

A number of exchange compromises and critical vulnerabilities were reported in the cryptocurrency ecosystem. Bitpoint suffered a $32 million loss and up to 100 exchanges using AlphaPoint, an exchange platform provider, may have been affected as a result of the hack. A significant vulnerability was reported in 0x prompting the exchange shutdown A Cosmos slashing bypass bug triggered an emergency patch.

News:

Hacks:

  • Bitpoint cryptocurrency exchange hacked for $32 million - On July 11, 2019 Bitpoint, a cryptocurrency exchange in Japan, has suffered a breach resulting in the loss of 1225 BTC, 1985 BCH, 11169 ETH, 5108 LTC, and 28106343 XRP. The exchange has published the first report of the breach in under 24 hours and continued releasing a series of reports which included a detailed incident timeline and investigation steps taken. It was interesting to note the role of Japan’s Financial Service Agency (FSA) to ensure timely communication of the compromise with the public.

  • MyDashWallet was compromised for 2 MONTHS - a supply chain attack was reported on the Dash forum which suggested the popular online wallet software was collecting users’ private keys through a backdoored 3rd party library - GreasyFork. According to the blog post, the library was added back in April 2018 and the private key stealing code added between May 13th and July 12th.

    Indicators: https://api[.]dashcoinanalytics[.]com/stats.php

  • Up to 100 crypto exchanges worldwide could be affected - a number of exchanges around the world may have lost funds after AlphaPoint, a New York based white label provider of cryptocurrency exchange services, was compromised with a spear-phishing and sim-swapping campaigns. Bitcoins Norway, Foxbit, Coinext, FlowBTC, Casa do Bitcoin, and other exchanges were among those affected.

  • Monroe College Hit With Ransomware, $2 Million Demanded - yet another ransomware attack was reported on Wednesday, July 10th asking with a ransom of 170 BTC ($2 million).

Phishing:

Vulnerabilities:

  • The 0x vulnerability, explained - on July 12th, 2019 a critical bug in signature verification caused 0x to shut down the v2 exchange. The vulnerable function accepted a magic value 0x04 as a valid signature for non smart contract accounts. According to the postmortem, there was no evidence that the vulnerability was exploited and the 0x Core Team has patched the vulnerability in the span of a couple of hours.

  • CosmosSDK Security Advisory 05-30-2019 - a high severity vulnerability in the staking module was patched on the Cosmos network which allowed malicious actors to bypass token slashing for bad behavior. The bug was actively exploited on the network. A patch and an advisory were released within two days after the team learned of the vulnerability.

Be safe and see you all next week for another issue of Blockchain Threat Intelligence newsletter.

Loading more posts…