BlockThreat - Week 47, 2020

Pickle | 88mph | Origin | GoDaddy | NiceHash | Liquid

Four separate DeFi projects were exploited last week with $30M worth of crypto stolen, GoDaddy had its own Twitter moment with multiple cryptocurrency-related projects attacked, scammers are getting creative with DEX, and more in this week’s edition of Blockchain Threat Intelligence.

Crime

Hacks

Research

Competitions

  • 0xPOLAND is an ongoing competition challenging players to crack open a puzzle in a smart contract.

Stay informed, stay healthy, and see you next week!

-Peter

BlockThreat - Week 46, 2020

Value DeFi | Akropolis | Ethereum | Monero

Not too much calm on the Ethereum network this week. No only did we experience two DeFi project hacks resulting in multi-million losses, the network itself ran into a chain split after someone was playing with a silently patched vulnerability in older Geth clients. Monero reported an attempted Sybil attack, KuCoin got more tokens to fork themselves to return stolen funds, bugs are slowly getting squashed in ETH 2.0 clients, and more news in this week’s edition of Blockchain Threat Intelligence.

Hacks

Vulnerabilities

Malware

  • Fake Uniswap mobile app was listed on Google Play Store. The app asked users for their mnemonic phrase to steal their funds.

Research

Tools

Competitions

Media

That’s all for this week in Blockchain Threat Intelligence. Stay healthy, stay informed and see you next week!

-Peter

BlockThreat - Week 45, 2020

Silk Road | BSV | Grin | Ledger | Huobi | Ethereum

This week marks the largest forfeiture of cryptocurrency assets in history with ~$1B worth of bitcoin stolen from Silk Road voluntarily returned to IRS. Grin network came under 51% attack with hash capacity likely rented on Nicehash, BSV P2PKH multi-sig wallet implementation exploited to steal funds, Ethereum had an ETHash bug, and more of the usual DeFi shenanigans in this week’s edition of Blockchain Threat Intelligence.

Crime

Hacks

Vulnerabilities

Malware

Research

Media

Thanks for joining me this week in blockchain threat intelligence news and see you all next week.

-Peter

BlockThreat - Week 44, 2020

TrickBot | Tron | Cred | Ethercrash | Yearn

Catching up on blockchain security news can be overwhelming. In this week’s edition we cover multiple hacking incidents, vulnerabilities in DeFi and crypto wallet projects. So with out further ado let’s dive in! Oh and don’t mine crypto at work especially if you work at an airport or a nuclear power station.

Crime

Hacks

Vulnerabilities

Phishing

Research

Tools

Media

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter

BlockThreat - Week 43, 2020

Harvest | BurgerSwap | SS7 | Office 365 | Ledger

Phishing scams are on the rise with Office 365 and Ledger customers targeted last week. Old school SS7 exploits are still successfully used to take over email accounts belonging to folks in the industry. Another day, another DeFi project arbitraged for a few million stable coins and more in this week’s edition:

Crime

Hacks

  • On October 25th, 2020 an arbitrage weakness in Harvest Finance was exploited to profit an attacker about $24M worth of USDC and USDT. Following the hack, the attacker has transferred gained to funds to the following bitcoin addresses using REN Protocol:

    1Paykw4s2WX4SaVjDrQkwSiJr16AiANhiM
    1HLG86DDEzAxAGmEzxr1SUfPCWcnWA6bMm
    14stnrgMFNR4LesqQRUdo5n1VUx9xdAMeg
    18w2Bm2cCsbLjWQU9BcnjzK8ErmzozrVa3
    1FS2t2eAjmjaNmADN6SMHYo7G4XGpX1osS
    1NdAJ89k1qpRMpZLwuYGQ7VnM45xD2NJXa
    1CLHhshrusvT4XADWA29R2H4ndsSUamEWn

Vulnerabilities

Research

Thanks for joining me this week, stay healthy, and see you all in another edition next week!

-Peter

Loading more posts…