Week 25, 2020

Bancor | DeFi Saver | Argent | Good Cycle

What a week in DeFi land! Multiple projects had to resort to hacking their own smart contracts after getting reports about critical flaws. Additional vulnerabilities discovered in the Argent wallet and the Lightning Network all leading to funds theft. This week we have also learned about a shady South Korean exchange behind multi-million gas fee transactions on the Ethereum network. In other news enjoy the upcoming movie about NSA kidnapping Satoshi Nakamoto in an attempt to destroy cryptocurrencies.

Hacks

Scams

Vulnerabilities

Research

Thanks for joining me this week and see you in another edition of Blockchain Threat Intelligence newsletter. In the meantime, head over to /r/blocksec for up to date information on the current threats.

-Peter

Week 24, 2020

FileCoin | Kubernetes | SpaceX | Estonia

There was an uptick of scam reports this week ranging from Estonia’s massive cleaning operation, fake Elon Musks, and a fake Privnotes site. Malicious Monero miners are still hacking everything they can get their hands on from Azure Kubernetes servers to vulnerable SQL and Windows boxes. Also, a big oops on Filecoin’s testnet where miners exploited an inflation bug to mint millions.

In other news, Craig Wright may have just self-incriminated himself into hacking Mt. Gox by claiming ownership of one of the attacker’s BTC addresses.

Hacks

Vulnerabilities

  • Inflation Bug discovered and exploited by 6Block on Filecoin’s Testnet with several accounts now holding a billion each. No additional details are available on the vulnerability; however, it appears that the bug is exploitable by miners.

Scams

Malware

Research

That’s all for this week in Blockchain Threat Intelligence. Check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter

Week 23, 2020

Coincheck | Coinsquare | CipherTrace

The brief lull between exchange hacks is over with yet another incident on Coincheck. This one is by the order of magnitude less than the 2018 hack, but losing control over your DNS could have been much worse than just leaking customer data for 200 users. Speaking of data leaks, Coinsquare hackers share thoughts on what to do with the stolen cache in their interview with Vice. Last but not least check out CipherTrace’s massive cryptocurrency crime and money-laundering report and a few interesting research articles in the Research section.

Hacks

Vulnerabilities

Research

That’s all for this week in Blockchain Threat Intelligence. Stay informed, stay healthy, and head over to /r/blocksec subreddit for blockchain security news through the week.

-Peter

Week 22, 2020

Github, AT&T, ECDSA, DeFi

This week let’s take a breather from the usual survey of hacks, leaks, vulnerabilities and enjoy the much needed break with a number of interesting white papers. You will learn about the current state of privacy coins, ECDSA attacks, model consensus mechanism threats, and think about DeFi risk. For some lighter reading, you can enjoy the play by play of SIM swappers using AT&T as their playground to target cryptocurrency owners.

Hacks

Malware

Research

Thanks for joining me this week and see you in another edition of Blockchain Threat Intelligence newsletter. Head over to /r/blocksec for up to date information on the current threats.

-Peter

Week 21, 2020

BlockFi, Hegic, tBTC, Etheroll

This week’s theme is DeFi! Writing smart contracts is hard enough, but take sufficiently complex systems like DeFi apps and bugs just start popping up. Hegic, tBTC, Etheroll all had interesting vulnerabilities discovered and published this week.

The BlockFi incident begs several questions: Why do they still use SMS as a 2FA option especially for internal employees and why are the internal systems still accessible from the Internet? This could have been much worse.

In other news, looks like some of the addresses in the Tulip Fund are turning against Faketoshi and more drama on the Steem network. Also, check out the hilarious Justin Sun deep fake scam video in the links below.

Hacks

  • BlockFi Incident Report - on May 14th, 2020 BlockFi suffered a breach of its client data including customer names, emails, DoBs, home addresses, and activity history. An employee’s phone number was SIM ported to gain access to his or her corporate email and BlockFi’s internal systems. According to the incident report, an attacker attempted but failed to steal any funds.

  • HegicOptions has shut down again - this one is not a typo, a design flaw in Hegic was exploited to make a quick $3340 profit.

  • Details of the tBTC Deposit Pause on May 18, 2020 - additional details about the tBTC bug causing shutdown due to Bitcoin address parsing. An additional vulnerability was also reported where a malicious redeemer could craft an output script which would result in an invalid Bitcoin transaction to seize signer bonds and net profit in some circumstances.

  • Etheroll exploited - a clever exploit which takes advantage of infrequent chain forks to game the gambling smart contract.

  • Ethereum.org DB dump sold on the black market - reports of 16,000 ETH accounts from the 2016 hack being sold online. Vitalik’s hash is clearly visible in the screenshot and appears to be `$P$BVQJbEipvfH6s.IoLtWZmg3GTdo/ee/`. Does anyone wants to take a stab?

  • Bitcoin stolen in a $72 million hack just started moving - more stolen funds movements on the blockchain. This time related to the 2016 Bitfinex hack.

Scams

Vulnerabilities

Malware

People

Research

Another fun week in blockchain security! I hope you stay healthy and see you all next week. But for now, head over to /r/blocksec subreddit where I share many of the news in this newsletter throughout the week.

Loading more posts…