Last week we saw a record-setting 51% attack against Verge with more than 560K blocks orphaned. Cryptopia continues getting hacked even as it’s going through liquidation, EXMO and other exchanges are getting DDoSed, first of a kind NFT vulnerability discovered by samczsun, Iranian Antminers are getting bricked, and more in this week’s edition of Blockchain Threat Intelligence.

Events

• Unchained Security Conference will be live streamed starting February 26th.

Crime

• US DoJ issued indictments against three North Korean military hackers involved in various criminal schemes including hacking of cryptocurrency companies, development of fake cryptocurrency applications (CryptoNeuro Trade, Kupay Wallet, CoinGo Trade, Dorusio), ransomware (WannaCry 2.0), Marine Chain ICO and other schemes.

• Kia Motors America suffered a ransomware attack by the DoppelPaymer gang which demand 404.5833 BTC.

• Ten individuals associated with a SIM-swapping gang arrested. The gang stole more than $100M in cryptocurrency.

• Five foreign nationals taken hostage in Pakistan to extort a $93K ransom in Bitcoin.

Hacks

• On February 15th, 2021 Verge suffered a 51% attack which orphaned 560K+ blocks (200 days). In an incident post-mortem Verge team described the process to retake the chain by hard forking the network and distributing patched node software which ignored attacker’s chain.

• On February 15th, 2021 EXMO exchange has reported a DDoS attack.

• On February 1st, 2021 Cryptopia exchange reported an unauthorized transfer of $45K worth of XSN from its cold wallet. The exchange is currently under liquidation after a series of hacks in 2020 and 2019.

Vulnerabilities

• Primitive Finance hacked its own contracts after discovering a vulnerability.

• Hashmask NFT vulnerability was patched after it was responsibly disclosed by samczsun. The vulnerability could have enabled an attacker to mint more than 16K Hashmasks.

• ForTube patched a permission bypass vulnerability after it was responsibly disclosed by samczsun.

• A vulnerability was discovered in Dexter contract on Tezos network. Funds were secured by exploiting the vulnerability.

Malware

• Antminer hardware was targeted by destroy_miner malware which bricked them by wiping their memory.

• Kaspersky published a report on DDoS attacks in Q4 2020 which notes a trend of criminal groups switching their DDoS botnets to cryptomining.

Research

• Replaying Ethereum Hacks is an exciting new blog series by Christoph Michel which revisits and simulates old exploits.

• Smart Contract Security 101 by Secureum shares an in-depth smart contract security checklist.

• A DeFi Security Standard: The Scaling Bug Bounty by Immunefi explores DeFi threat space and economics of bug bounties.

Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.

Thanks for joining me in this week’s edition and see you all next week!

- Peter Kacherginsky (iphelix)