BlockThreat - Week 30, 2020

Youtube | Lazarus | Attacknets

We are all recovering from last week’s epic Twitter hack so this week’s edition is full of research articles and workshop recordings to help you relax and recharge.

News

  • Woz is suing Youtube to get better at taking down “Bitcoin Giveaway” scams.

Malware

Research

Fun

  • Romantic Hacker. That’s the name of the upcoming South Korean TV series involving hackers, fictional cryptocurrency exchanges, and of course romance.

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter

BlockThreat - Week 29, 2020

Twitter | Cashaa | Ethereum

This week was filled with news, reports, and speculations about the Twitter hack which luckily resulted in a minimum loss of funds relative to other major incidents this year. Additional details are available about the Cashaa exchange hack and Ethereum devs open a bug bounty program for the upcoming 2.0 upgrade.

Hacks

Research

Tools

Thanks for joining me this week and see you in another edition of Blockchain Threat Intelligence newsletter. In the meantime, head over to /r/blocksec for up to date information on the current threats.

BlockThreat - Week 28, 2020

Bitcoin Gold | Cashaa | Ravencoin | Ledger

Continuing with the blockchain exploitation trend from last week, Bitcoin Gold has almost suffered a 51% attack if not for developers learning of a massive mining operation. Check out a thrilling incident report by Ravencoin folks racing against the clock to kick out attackers exploiting an inflation bug. Cashaa exchange had a few million dollars worth of crypto stolen and other news in this edition of BlockThreat.

Hacks

Vulnerabilities

  • Kraken Security Labs published two attacks for the newer Ledger Nano X hardware wallets. Both attacks rely on an insecure supply chain where a malicious party reflashes Ledger’s firmware. In the first scenario, Kraken researchers have reprogrammed Ledger to act as a keyboard to launch Kraken.com before booting into regular firmware. In the second scenario, a malicious firmware could turn off the display to aid in a social engineering attack. In both cases Ledger Live app reported device as genuine.

Research

Tools

Fun

  • What could be better than snakes on a plane? How about a 90s style flick about a billion dollars in crypto on an armored plane circling around the world while hosting an illegal gambling ring. Trailer.

Stay informed, stay healthy, and head over to /r/blocksec subreddit for blockchain security news through the week.

-Peter

BlockThreat - Week 27, 2020

RavenCoin | Tendermint | Ledger | TrustWalletApp

Stand-alone blockchain vulnerabilities are rare but they still happen. Ravencoin was exploited with an inflation bug to mint 31M RVN while Tendermint patched up a DoS vulnerability. Another DeFi project was exploited to steal $900k. On the happier side of the week, our hero Harry hacked a phishing campaign C2 to save $5k worth of crypto for users who downloaded a fake wallet software.

Vulnerability

Research

Crime

Thanks for joining me this week and see you in another edition of Blockchain Threat Intelligence newsletter. Head over to /r/blocksec for up to date information on the current threats.

-Peter

BlockThreat - Week 26, 2020

Balancer | Atomic Loans | CryptoCore | Docker

Another week, another DeFi exploit or two. Unfortunately, this time the bad folks were able to steal $500k worth of tokens. It’s too bad Balancer devs dismissed an earlier bug bounty report. ClearSky released a detailed report on CryptoCore APT which is dedicated to breaking into cryptocurrency exchanges. On a more fun side checkout someone almost getting caught by a honeypot smart contract and submit your blockchain security related talk to Defcon’s Blockchain Village.

Vulnerabilities

  • Two Balancer multi-token pools were exploited resulting in a loss of $500k. The attacker used a flash loan to exploit a vulnerability in the way Balancer deals with deflationary tokens. In the incident report by Balancer, the team revealed that the issue was reported to their bug bounty but dismissed as impractical to exploit.

  • Two vulnerabilities were reported in Atomic Loans smart contracts which could allow a malicious borrower to unlock their BTC collateral without repaying their loan by front-running a loan cancellation transaction. The vulnerability was responsibly disclosed and patched by the developer.

Events

  • Defcon’s Blockchain Village is back this year and its CFP is now open. Last year, the village featured a number of excellent blockchain security related talks and multiple CTF competitions.

Malware

  • Another day, another XMR cryptojacking malware. Palo Alto published a report on two variants of Lucipher malware which use an arsenal of exploits targeting Windows hosts.

  • A more stealth approach to cryptojacking uses malicious Docker images to mine Monero.

Crime

Research

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter

Loading more posts…