BlockThreat - Week 39, 2020

KuCoin, Lien, Alien, Teatime, Pool Detective

A tough week for the Singaporean exchange KuCoin which suffered a major $281m hack. On the bright side, Lien Finance’s smart contract was preventively hacked to save $9.6m worth of ETH which also resulted in a fascinating article in the research section on beating front-running bots. This week’s edition features a lot more excellent papers, new tool releases, and two new blockchain security competitions. In other news, folks should really reconsider mining crypto on their employer’s supercomputers.

Hacks

Malware

  • Alien android malware family is targeting Coinbase, Blockchain.com, Luno, other cryptocurrency and banking wallet apps to steal credentials, control and steal SMS messages, and other trojan functionality.

Research

Projects

Competitions

  • DeFi Detectives is another live CTF by folks challenging players to hunt down Uniswap hackers and investigate SushiSwap’s exit scam.

  • Damn Vulnerable Defi wargame by OpenZeppelin’s tincho challenges players to sharpen their defi skills.

That’s all for this week in blockchain threat intelligence! As a reminder, I am participating in the latest round of Gitcoin Grants so would appreciate your support. Stay safe and see you all next week.

-Peter

BlockThreat - Week 38, 2020

Bzx, Eterbase, APT41, Binance

We have some good news this week from Bzx team which was able to recover stolen funds after identifying the attacker. Eterbase revealed additional hack details in the criminal complaint. US DOJ filled multiple indictments against Russian and Chinese nationals participating in variety of crypto-related schemes. At last check out an awesome twitter thread by @tayvano_ on crypto wallet security.

Blockchain Threat Intelligence newsletter is participating in the latest round of Gitcoin Grants. Special thanks to misterigl, Simon Polrot, and Sebastian Bolaños supporting this project!

News

Research

Thanks for joining me this week, stay healthy, and see you all in another edition next week!

-Peter

BlockThreat - Week 37, 2020

Eterbase | bZX | Bitcoin | IRS | KryptoCibule

Not a month has gone by before the next big exchange hack. Another DeFi project list $5M USD worth of crypto due to a money printing bug. Bitcoin core silently patches a critical bug, forgets to share it with other projects. IRS still wants to figure out where all of the Monero goes. Ransomware incidents on the rise and other news in this week’s edition of Blockchain Threat Intelligence newsletter.

Events

  • Crypto Privacy Conference is hosted on September 15-16 with topics on blockchain surveillance, CoinJoin, and other related topics.

News

Hacks

Vulnerabilities

  • A previously patched vulnerability in Bitcoin Core was discovered in forked projects such as Litcoin, Namecoin, Decred. A memory exhaustion vulnerability can crash and/or freeze the vulnerable node. The vulnerability was silently patched in 2018 and was only shared after it was independently discovered by another party.

Malware

Research

Stay informed, stay healthy, and head over to /r/blocksec subreddit for blockchain security news throughout the week.

-Peter

BlockThreat - Week 36, 2020

SYFI | Chainlink | ShapeShift | Wasabi

While you were enjoying your sushi and yam, another DeFi project lost their almost entire liquidity pool, Ethereum oracle node operators got attacked, and Shapeshift caught their employee stealing bitcoin.

Hacks

Vulnerabilities

Malware

Research

Tools

  • ETHOver extension by Martin Ortner from Consensys Dilligence allows analysts to easily pull source code and bytecode from Etherscan for any Ethereum address in the VS Code editor.

Thanks for joining me this week in blockchain threat intelligence news and see you all next week.

-Peter

BlockThreat - Week 35, 2020

ETC | Lazarus | DeFi | OpenEthereum

Never a dull week in blockchain security! ETC got 51% attacked yet again. DoJ filed a complaint targeting 280 Lazarus Group cryptocurrency accounts. Yam, Chicken, YFV, and many other DeFi projects are getting deployed with unintentional and sometimes intentional vulnerabilities.

News

Hacks

  • On August 29, 2020 ETC has suffered another 51% attack with massive 7000+ blocks getting reorged. Looking deeper into the attack, 800K ETC (~$5M USD worth) were double spent in seven transactions. This is the third such attacker in the last month, with the first two covered here and here where additional 1.26M ETC were successfully double spent.

    Indicators:

    Reorg Victims:
    0xf0624560be4f73137C0DA1a2D4905fCF29067A82 0xDBbF2416C3764c91e7F2b04386ae72A1b1a939eA 0xbEc6BDA9C054263638676A7651f11Ea968128E58 0x1405DC84dB1c199C4E64a70976719747aF8580C1 0x7fCb1f635ADe333B6EC859C7Df53168cf132Ff7f 0x23373e0B840b24b241B00915D9962E759B9af287

    Attacker's addresses:
    0xeA8Cb86636eCE0155e69e796e4e1cb0238011289 0x98635d4A1E4143c757E6658A3F0AAEd93797b605 0x09dB3ee9f58d2E0152B9e41a8b91C5bbF8aF3a86 0xb4e4D72039658c3aAcBE7833D50597941e8f6EE7 0xb73f91FD456e96cF4C73632BF8581F93A91542C1

    Orphaned TXs:
    0x241128df91fe0954c569d25fe87b0c984ce2fa6efd63d54eb80449c1b4e887bf 0x9dc9b47fab62bdc1936a22d9d8e884481c2d121092416c83f286a5f741908b89 0x57907961230ecc0e5298d1725e43f2d936b9ed0c9daace61f9e758530f927cd4
    0x6962ee8506bbfd491d504bda0c8e0720fe48770b3789c6cf6e59fcfcf32103f4 0xe83fe7c979c836acef98ed8e6f65fda460d52a42cfb55b8fab567a746f0eb0d1 0x5614fe27bd1191b79e895af14c6111932f540bdcc6a80d7a12b90b52a96b5c08 0xba0aacafe4de6d31de6ea772ff0486443fb937ea30975654b0ce3e69fed749d6

Vulnerabilities

Malware

Research

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter

Loading more posts…